This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T03:17:18+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-03-09T02:04:37+00:00 https://thehackernews.com/2022/03/chinese-apt41-hackers-broke-into-at.html www.secnews.physaphae.fr/article.php?IdArticle=4249140 False Vulnerability,Threat,Guideline APT 41 None Mandiant - Blog Sécu de Mandiant UPDATE (Mar. 8): The original post may not have provided full clarity that CVE-2021-44207 (USAHerds) had a patch developed by Acclaim Systems for applicable deployments on or around Nov. 15, 2021. Mandiant cannot speak to the affected builds, deployment, adoption, or other technical factors of this vulnerability patch beyond its availability. In May 2021 Mandiant responded to an APT41 intrusion targeting a United States state government computer network. This was just the beginning of Mandiant\'s insight into a persistent months-long campaign conducted by APT41 using vulnerable Internet]]> 2022-03-08T15:00:00+00:00 https://www.mandiant.com/resources/blog/apt41-us-state-governments www.secnews.physaphae.fr/article.php?IdArticle=8377495 False Vulnerability APT 41,APT 41 4.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 43,APT 36,APT-C-17 None knowbe4 - cybersecurity services [Heads Up] FBI Warns Against New Criminal QR Code Scams   Email not displaying? | CyberheistNews Vol 12 #07  |   Feb. 15th., 2022 [Heads Up] FBI Warns Against New Criminal QR Code Scams QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more. However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things. QRime Codes As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals. The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog: https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime ]]> 2022-02-15T14:24:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-07-heads-up-fbi-warns-against-new-criminal-qr-code-scams www.secnews.physaphae.fr/article.php?IdArticle=4133418 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline APT 15,APT 43 None Bleeping Computer - Magazine Américain 2022-02-08T15:35:47+00:00 https://www.bleepingcomputer.com/news/security/kimsuki-hackers-use-commodity-rats-with-custom-gold-dragon-malware/ www.secnews.physaphae.fr/article.php?IdArticle=4095821 False Malware APT 43 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence FBI Warns Of Malicious QR Codes Used To Steal Your Money (published: January 23, 2022) The Federal Bureau of Investigation (FBI) recently released a notice that malicious QR codes have been found in the wild. These codes, when scanned, will redirect the victim to a site where they are prompted to enter personal and payment details. The site will then harvest these credentials for cybercriminals to commit fraud and empty bank accounts. This threat vector has been seen in Germany as of December 2021. Analyst Comment: Always be sure to check that emails have been sent from a legitimate source, and that any financial details or method of payment is done through the website. While QR codes are useful and being used by businesses more often, it is easy for cybercriminals to perform this kind of scam. If scanning a physical QR code, ensure the code has not been replaced with a sticker placed on top of the original code. Check the final URL to make sure it is the intended site and looks authentic. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 Tags: EU & UK, Banking and Finance MoonBounce: The Dark Side Of UEFI Firmware (published: January 20, 2022) Kaspersky has reported that in September 2021, a bootloader malware infection had been discovered that embeds itself into UEFI firmware. The malware patches existing UEFI drivers and resides in the SPI flash memory located on the motherboard. This means that it will persist even if the hard drive is replaced. Code snippets and IP addresses link the activity to APT41, a group that is operated by a group of Chinese-speaking individuals. MoonBounce is highly sophisticated and very difficult to detect. Analyst Comment: Systems should be configured to take advantage of Trusted Platform Module (TPM) hardware security chips to secure their systems' boot image and firmware, where available. Secure boot is also a viable option to mitigate against attacks that would patch, reconfigure, or flash existing UEFI firmware to implant malicious code. MITRE ATT&CK: [MITRE ATT&CK] Pre-OS Boot - T1542 | [MITRE ATT&CK] Data Obfuscation - T1001 | [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Exploitation of Remote Services - T1210 | [MITRE ATT&CK] Remote Services - T1021 | [MITRE ATT&CK] Shared Modules - T1129 | [MITRE ATT&CK] Hijack Execution Flow - T1574 | ]]> 2022-01-25T16:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-moonbounce-accesspress-qr-code-scams-and-more www.secnews.physaphae.fr/article.php?IdArticle=4030711 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline APT 41,APT 28 None Security Affairs - Blog Secu 2022-01-21T11:59:14+00:00 https://securityaffairs.co/wordpress/126998/apt/moonbounce-uefi-implant-apt41.html?utm_source=rss&utm_medium=rss&utm_campaign=moonbounce-uefi-implant-apt41 www.secnews.physaphae.fr/article.php?IdArticle=4008740 False Threat,Guideline APT 41 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-01-21T03:40:40+00:00 https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html www.secnews.physaphae.fr/article.php?IdArticle=4008833 False Malware,Threat,Guideline APT 41,APT 41 None Kaspersky - Kaspersky Research blog 2022-01-20T10:00:11+00:00 https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ www.secnews.physaphae.fr/article.php?IdArticle=4002396 False Guideline APT 41 None Bleeping Computer - Magazine Américain 2022-01-20T07:55:29+00:00 https://www.bleepingcomputer.com/news/security/new-moonbounce-uefi-malware-used-by-apt41-in-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=4002987 False Malware,Guideline APT 41 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques (published: January 17, 2022) The Earth Lusca threat group is part of the Winnti cluster. It is one of different Chinese groups that share aspects of their tactics, techniques, and procedures (TTPs) including the use of Winnti malware. Earth Lusca were active throughout 2021 committing both cyberespionage operations against government-connected organizations and financially-motivated intrusions targeting gambling and cryptocurrency-related sectors. For intrusion, the group tries different ways in including: spearphishing, watering hole attacks, and exploiting publicly facing servers. Cobalt Strike is one of the group’s preferred post-exploitation tools. It is followed by the use of the BioPass RAT, the Doraemon backdoor, the FunnySwitch backdoor, ShadowPad, and Winnti. The group employs two separate infrastructure clusters, first one is rented Vultr VPS servers used for command-and-control (C2), second one is compromised web servers used to scan for vulnerabilities, tunnel traffic, and Cobalt Strike C2. Analyst Comment: Earth Lusca often relies on tried-and-true techniques that can be stopped by security best practices, such as avoiding clicking on suspicious email/website links and or reacting on random banners urging to update important public-facing applications. Don’t be tricked to download Adobe Flash update, it was discontinued at the end of December 2020. Administrators should keep their important public-facing applications (such as Microsoft Exchange and Oracle GlassFish Server) updated. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] System Services - T1569 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] BITS Jobs - T1197 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Create or Modify System Process - T1543 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hijack Execution Flow]]> 2022-01-19T22:45:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-russia-sponsored-cyber-threats-china-based-earth-lusca-active-in-cyberespionage-and-cybertheft-bluenoroff-hunts-cryptocurrency-related-businesses-and-more www.secnews.physaphae.fr/article.php?IdArticle=3999162 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Guideline APT 41,APT 38,APT 29,APT 28,APT 28 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence NSW Government Casual Recruiter Suffers Ransomware Hit (published: December 17, 2021) Finite Recruitment suffered a ransomware attack during the month of October 2021, resulting in the exfiltration of some data. Their incident responders (IR) identified the ransomware as Conti, a fast encrypting ransomware commonly attributed to the cybercriminal group Wizard Spider. The exfiltrated data was published on the dark web, however the firm remains fully operational, and affected customers are being informed. Analyst Comment: Always check to see if there is a decryptor available for the ransomware before considering payment. Enforce a strong backup policy to ensure that data is recoverable in the event of encryption or loss. MITRE ATT&CK: [MITRE ATT&CK] Scheduled Transfer - T1029 Tags: Conti, Wizard Spider, Ransomware, Banking and Finance Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions (published: December 16, 2021) Check Point Research has uncovered a new variant of the Phorpiex botnet named Twizt. Historically, Phorpiex utilized sextortion, ransomware delivery, and cryptocurrency clipping. Twizt however, appears to be primarily focused on stealing cryptocurrency and have stolen half a million dollars since November 2020 in the form of Bitcoin, Ether and ERC20 tokens.The botnet features departure from it’s traditional command and control (C2) infrastructure, opting for peer-to-peer (P2P) communications between infected hosts, eliminating the need for C2 communication as each host can fulfill that role. Analyst Comment: Bots within a P2P network need to communicate regularly with other bots to receive and share commands. If the infected bots are on a private network, private IP addresses will be used. Therefore, careful monitoring of network traffic will reveal suspicious activity, and a spike in network resource usage as opposed to the detection of C2 IP addresses. MITRE ATT&CK: [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Clipboard Data - T1115 Tags: Phorpiex, Twizt, Russia, Banking and Finance, Cryptocurrency, Bitcoin ‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems (published: December 16, 2021) Kaspersky researchers have documented a spyware that has targeted 195 countries as of December 2021. The spyware, named PseudoManuscrypt, was developed and deployed by Lazarus Group ]]> 2021-12-21T16:57:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-pseudomanuscrypt-mass-spyware-campaign-targets-35k-systems-apt31-intrusion-set-campaign-description-countermeasures-and-code-state-sponsored-hackers-abuse-slack-api-to-steal www.secnews.physaphae.fr/article.php?IdArticle=3841167 False Ransomware,Malware,Vulnerability,Threat,Guideline,Medical APT 41,APT 38,APT 28,APT 31 None InfoSecurity Mag - InfoSecurity Magazine 2021-11-18T13:00:00+00:00 https://www.infosecurity-magazine.com/news/chinas-apt41-manages-library/ www.secnews.physaphae.fr/article.php?IdArticle=3674310 False None APT 41,APT 41 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report (published: October 7, 2021) Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%). Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions. MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110 Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran Ransomware in the CIS (published: October 7, 2021) Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto]]> 2021-10-12T17:41:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-aerospace-and-telecoms-targeted-by-iranian-malkamak-group-cozy-bear-refocuses-on-cyberespionage-wicked-panda-is-traced-by-malleable-c2-profiles-and-more www.secnews.physaphae.fr/article.php?IdArticle=3505382 False Ransomware,Malware,Tool,Threat,Guideline,Prediction APT 41,APT 41,APT 39,APT 29,APT 29,APT 28 None Kaspersky - Kaspersky Research blog 2021-10-12T16:00:34+00:00 https://securelist.com/sas-2021-learning-to-chacha-with-apt41/104536/ www.secnews.physaphae.fr/article.php?IdArticle=3505410 False Malware,Threat,Guideline APT 41 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-10-05T06:16:08+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/wFMqRw3SpeE/new-study-links-seemingly-disparate.html www.secnews.physaphae.fr/article.php?IdArticle=3471174 False Malware,Guideline APT 41 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Current Anomali ThreatStream users can query these indicators under the “anomali cyber watch” tag. Trending Cyber News and Threat Intelligence S.O.V.A. – A New Android Banking Trojan with Fowl Intentions (published: September 10, 2021) ThreatFabric researchers have discovered a new Android banking trojan called S.O.V.A. The malware is still in the development and testing phase and the threat actor is publicly-advertising S.O.V.A. for trial runs targeting banks to improve its functionality. The trojan’s primary objective is to steal personally identifiable information (PII). This is conducted through overlay attacks, keylogging, man-in-the-middle attacks, and session cookies theft, among others. The malware author is also working on other features such as distributed denial-of-service (DDoS) and ransomware on S.O.V.A.’s project roadmap. Analyst Comment: Always keep your mobile phone fully patched with the latest security updates. Only use official locations such as the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. Furthermore, always review the permissions an app will request upon installation. MITRE ATT&CK: [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Man-in-the-Middle - T1557 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Network Denial of Service - T1498 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Android, Banking trojan, S.O.V.A., Overlay, Keylogging, Cookies, Man-in-the-Middle Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances (published: September 9, 2021) Unit 42 researchers identified and disclosed critical security issues in Microsoft’s Container-as-a-Service (CaaS) offering that is called Azure Container Instances (ACI). A malicious Azure user could have compromised the multitenant Kubernetes clusters hosting ACI, establishing full control over other users' containers. Researchers gave the vulnerability a specific name, Azurescape, highlighting its significance: it the first cross-account container takeover in the public cloud. Analyst Comment: Azurescape vulnerabilities could have allowed an attacker to execute code on other users' containers, steal customer secrets and images deployed to the platform, and abuse ACI's infrastructure processing power. Microsoft patched ACI shortly after the discl]]> 2021-09-14T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-azurescape-cloud-threat-mshtml-0-day-in-the-wild-confluence-cloud-hacked-to-mine-monero-and-more www.secnews.physaphae.fr/article.php?IdArticle=3369753 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 41,APT 15 None Security Affairs - Blog Secu 2021-09-10T15:11:45+00:00 https://securityaffairs.co/wordpress/122069/apt/grayfly-apt-backdoor.html?utm_source=rss&utm_medium=rss&utm_campaign=grayfly-apt-backdoor www.secnews.physaphae.fr/article.php?IdArticle=3360477 False Guideline APT 41 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-09-10T01:18:43+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/mK3ON58t51s/experts-link-sidewalk-malware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=3358606 False Malware,Guideline APT 41 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-09-09T14:30:56+00:00 https://threatpost.com/sidewalk-backdoor-china-espionage-grayfly/169310/ www.secnews.physaphae.fr/article.php?IdArticle=3357166 False Malware,Guideline APT 41 None We Live Security - Editeur Logiciel Antivirus ESET 2021-08-24T17:59:01+00:00 http://feedproxy.google.com/~r/eset/blog/~3/NaxOBbj295E/ www.secnews.physaphae.fr/article.php?IdArticle=3279440 False None APT 41 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Actively Exploited Bug Bypasses Authentication On Millions Of Routers (published: August 7, 2021) The ongoing attacks were discovered by Juniper Threat Labs researchers exploiting recently discovered vulnerability CVE-2021-20090. This is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication. The total number of devices exposed to attacks likely reaches millions of routers. Researchers identified attacks originating from China and are deploying a variant of Mirai botnet on vulnerable routers. Analyst Comment: Attackers have continuous and automated routines to look out for publicly accessible vulnerable routers and exploit them as soon as the exploit is made public. To reduce the attack surface, routers management console should only be accessible from specific public IP addresses. Also default password and other security policies should be changed to make it more secure. Tags: CVE-2021-20090, Mirai, China Computer Hardware Giant GIGABYTE Hit By RansomEXX Ransomware (published: August 7, 2021) The attack occurred late Tuesday night into Wednesday and forced the company to shut down its systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website. Attackers have threatened to publish 112GB of stolen data which they claim to include documents under NDA (Non Disclosure Agreement) from companies including Intel, AMD, American Megatrends unless a ransom is paid. Analyst Comment: At this point no official confirmation from GIGABYTE about the attack. Also no clarity yet on potential vulnerabilities or attack vectors used to carry out this attack. Tags: RansomEXX, Defray, Ransomware, Taiwan Millions of Senior Citizens' Personal Data Exposed By Misconfiguration (published: August 6, 2021) The researchers have discovered a misconfigured Amazon S3 bucket owned by the Senior Advisor website which hosts ratings and reviews for senior care services across the US and Canada. The bucket contained more than one million files and 182 GB of data containing names, emails, phone numbers of senior citizens from North America. This exposed data was not encrypted and did not require a password or login credentials to access. Analyst Comment: Senior citizens are at high risk of online frauds. Their personal information and context regarding appointments getting leaked can lead to targeted phishing scams. Tags: Data Leak, Phishing, North America, AWS ]]> 2021-08-10T17:39:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gigabyte-hit-by-ransomexx-ransomware-seniors-data-exposed-fatalrat-analysis-and-more www.secnews.physaphae.fr/article.php?IdArticle=3205930 False Malware,Vulnerability,Threat,Guideline APT 41,APT 41,APT 30,APT 27,APT 23 None The Security Ledger - Blog Sécurité 2021-07-23T22:03:21+00:00 https://feeds.feedblitz.com/~/659295268/0/thesecurityledger~Episode-Biden-Unmasked-APT-But-Does-It-Matter/ www.secnews.physaphae.fr/article.php?IdArticle=3123305 False Industrial APT 40 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-07-21T17:31:16+00:00 https://threatpost.com/indictments-attribution-chinese-hacking/168005/ www.secnews.physaphae.fr/article.php?IdArticle=3106756 False Industrial APT 40 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers (published: July 19, 2021) On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity. Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210 Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists (published: July 18, 2021) Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho]]> 2021-07-20T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-china-blamed-for-microsoft-exchange-attacks-israeli-cyber-surveillance-companies-help-oppressive-governments-and-more www.secnews.physaphae.fr/article.php?IdArticle=3100256 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Guideline,Industrial APT 41,APT 40,APT 28,APT 31 None Security Affairs - Blog Secu 2021-07-19T20:36:16+00:00 https://securityaffairs.co/wordpress/120316/apt/doj-members-apt40.html?utm_source=rss&utm_medium=rss&utm_campaign=doj-members-apt40 www.secnews.physaphae.fr/article.php?IdArticle=3096450 False Industrial APT 40 None SecurityWeek - Security News 2021-07-19T13:44:03+00:00 http://feedproxy.google.com/~r/securityweek/~3/GQEbQ009wb0/us-allies-officially-accuse-china-microsoft-exchange-attacks www.secnews.physaphae.fr/article.php?IdArticle=3093748 False Industrial APT 40 None Bleeping Computer - Magazine Américain 2021-07-19T10:44:21+00:00 https://www.bleepingcomputer.com/news/security/us-indicts-members-of-chinese-backed-hacking-group-apt40/ www.secnews.physaphae.fr/article.php?IdArticle=3093811 False Industrial APT 40 None SecurityWeek - Security News 2021-06-14T17:49:18+00:00 http://feedproxy.google.com/~r/securityweek/~3/Pb91pUl_ZPw/researchers-attribute-sita-cyberattack-chinese-hackers www.secnews.physaphae.fr/article.php?IdArticle=2924003 False Threat,Guideline APT 41 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-06-13T23:59:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/H9QvjajTV9k/chinese-hackers-believed-to-be-behind.html www.secnews.physaphae.fr/article.php?IdArticle=2921125 False Data Breach,Threat,Guideline APT 41 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-06-11T14:23:57+00:00 https://threatpost.com/supply-chain-attack-airlines-state-actor/166842/ www.secnews.physaphae.fr/article.php?IdArticle=2908933 False Guideline APT 41 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Google: This Spectre proof-of-concept shows how dangerous these attacks can be (published: March 15, 2021) Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser's JavaScript engine to leak information from its memory. Spectre targeted the process in modern CPUs called speculative execution to leak secrets such as passwords from one site to another. While the PoC demonstrates the JavaScript Spectre attack against Chrome 88's V8 JavaScript engine on an Intel Core i7-6500U CPU on Linux, Google notes it can easily be tweaked for other CPUs, browser versions and operating systems. Analyst Comment: As the density of microchip manufacturing continues to increase, side-channel attacks are likely to be found across many architectures and are difficult (and in some cases impossible) to remediate in software. The PoC of the practicality of performing such an attack using javascript emphasises that developers of both software and hardware be aware of these types of attacks and the means by which they can be used to invalidate existing security controls. Tags: CVE-2017-5753 Threat Assessment: DearCry Ransomware (published: March 12, 2021) A new ransomware strain is being used by actors to attack unpatched Microsoft Exchange servers. Microsoft released patches for four vulnerabilities that are being exploited in the wild. The initial round of attacks included installation of web shells onto affected servers that could be used to infect additional computers. While the initial attack appears to have been done by sophisticated actors, the ease and publicity around these vulnerabilities has led to a diverse group of actors all attempting to compromise these servers. Analyst Comment: Patch and asset management are a critical and often under-resourced aspect of defense in depth. As this particular set of vulnerabilities and attacks are against locally hosted Exchange servers, organization may want to assess whether a hosted solution may make sense from a risk standpoint MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted - T1022 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Email Collection - T1114 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] System Service Discovery - T1007 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | ]]> 2021-03-17T18:03:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt-ransomware-vulnerabilities-and-more www.secnews.physaphae.fr/article.php?IdArticle=2496898 False Ransomware,Tool,Vulnerability,Threat,Guideline Wannacry,APT 41,APT 34 None Security Affairs - Blog Secu 2021-03-11T11:26:25+00:00 https://securityaffairs.co/wordpress/115491/apt/redxor-backdoor-winnti-apt.html?utm_source=rss&utm_medium=rss&utm_campaign=redxor-backdoor-winnti-apt www.secnews.physaphae.fr/article.php?IdArticle=2467808 False Malware APT 41 None We Live Security - Editeur Logiciel Antivirus ESET 2021-03-10T13:00:04+00:00 http://feedproxy.google.com/~r/eset/blog/~3/5EcY3jiMivw/ www.secnews.physaphae.fr/article.php?IdArticle=2467707 False None APT 41 None Security Affairs - Blog Secu 2021-03-02T13:01:14+00:00 https://securityaffairs.co/wordpress/115156/apt/china-apt41-india.html?utm_source=rss&utm_medium=rss&utm_campaign=china-apt41-india www.secnews.physaphae.fr/article.php?IdArticle=2422372 True Guideline APT 41 None Security Affairs - Blog Secu 2021-01-15T14:13:30+00:00 https://securityaffairs.co/wordpress/113458/apt/winnti-attacks-russia-hk.html?utm_source=rss&utm_medium=rss&utm_campaign=winnti-attacks-russia-hk www.secnews.physaphae.fr/article.php?IdArticle=2196104 False Threat,Guideline APT 41,APT 41 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-01-15T03:31:43+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/ngop7H1Rsho/researchers-disclose-undocumented.html www.secnews.physaphae.fr/article.php?IdArticle=2195571 False Malware,Threat,Guideline APT 41 5.0000000000000000 IT Security Guru - Blog Sécurité 2020-11-17T11:19:05+00:00 https://www.itsecurityguru.org/2020/11/17/covid-19-vaccine-research-firms-targeted-by-russian-and-north-korean-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=covid-19-vaccine-research-firms-targeted-by-russian-and-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=2039786 False Medical APT 38,APT 28,APT 43 None Security Affairs - Blog Secu 2020-11-13T17:18:12+00:00 https://securityaffairs.co/wordpress/110871/apt/apt-groups-covid-19-vaccine.html?utm_source=rss&utm_medium=rss&utm_campaign=apt-groups-covid-19-vaccine www.secnews.physaphae.fr/article.php?IdArticle=2032995 False Medical APT 38,APT 28,APT 43 None ZD Net - Magazine Info 2020-11-13T14:00:00+00:00 https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2032686 False Medical APT 38,APT 28,APT 43 None Wired Threat Level - Security News 2020-10-07T18:31:39+00:00 https://www.wired.com/story/amazon-wants-to-win-at-games-so-why-hasnt-it www.secnews.physaphae.fr/article.php?IdArticle=1962083 False Industrial APT 40 None Security Affairs - Blog Secu 2020-10-04T09:35:41+00:00 https://securityaffairs.co/wordpress/109069/breaking-news/security-affairs-newsletter-round-284.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-284 www.secnews.physaphae.fr/article.php?IdArticle=1955115 False Industrial APT 40 None Security Affairs - Blog Secu 2020-09-27T09:28:15+00:00 https://securityaffairs.co/wordpress/108798/apt/gadolinium-azure-ad-abuses.html?utm_source=rss&utm_medium=rss&utm_campaign=gadolinium-azure-ad-abuses www.secnews.physaphae.fr/article.php?IdArticle=1941721 False Industrial APT 40 None ZD Net - Magazine Info 2020-09-24T21:09:50+00:00 https://www.zdnet.com/article/microsoft-removed-18-azure-ad-apps-used-by-chinese-state-sponsored-hacker-group/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1937536 False Industrial APT 40 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence US 2020 Presidential Apps Riddled with Tracking and Security Flaws (published: September 17, 2020) The Vote Joe 2020 application has been found to be potentially leaking personal data about voters. The app is used by the Joe Biden campaign to engage with voters and get supporters to send out promotional text messages. Using TargetSmart, an intelligence service, the app receives their predictions via API endpoint which has been found to be returning additional data. Voter preference and voter prediction could be seen, while voter preference is publically accessible, the information for TargetSmart was not meant to be publicly available. The app also let users from outside of the United States download, allowing for non-US citizens to have access to the data, as there was no email verification. Vote Joe isn’t the only campaign app with security issues, as the Donald Trump application exposed hardcoded secret keys in the APK. Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data. Tags: APK, Android, Campaign, Election, Joe Biden, PII German Hospital Attacked, Patient Taken to Another City Dies (published: September 17, 2020) A failure in IT systems at Duesseldorf University Hospital in Germany has led to the death of a woman. In an apparent ransomware attack, the hospital’s systems crashed with staff unable to access data. While there was no apparent ransom note, 30 servers at the hospital had been encrypted last week, with a ransom note left on one server addressed to Heinrich Heine University. Duesseldorf police contacted the perpetrators to inform them they had attacked the hospital instead of the university, with the perpetrators providing decryption keys, however patients had to be rerouted to other hospitals and therefore a long time before being treated by doctors. Recommendation: Educate your employees on the risks of opening attachments from unknown senders. Anti-spam and antivirus applications provided by trusted vendors should also be employed. Emails that are received from unknown senders should be carefully avoided, and attachments from such senders should not be opened. Furthermore, it is important to have a comprehensive and tested backup solution in place, in addition to a business continuity plan for the unfortunate case of ransomware infection. MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Germany, Healthcare, Hospital, Ransomware ]]> 2020-09-22T15:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-android-malware-apt-groups-election-apps-ransomware-and-more www.secnews.physaphae.fr/article.php?IdArticle=2103281 False Ransomware,Malware,Vulnerability,Threat,Patching,Guideline APT 41 5.0000000000000000 Malwarebytes Labs - MalwarebytesLabs A round up of cybersecurity news from September 14 – 20, including the Zerologon exploit, BLURtooth vulnerability, APT41, and phishing scams. Categories: A week in security Tags: apt41blurtoothcharitiesChinesechrome extensionsdanny palmerDDos attackdomain name abusefintechransomwaretax scamus department of the interiorweb-phishingzerologon (Read more...) ]]> 2020-09-21T16:16:34+00:00 https://blog.malwarebytes.com/a-week-in-security/2020/09/a-week-in-security-september-14-20/ www.secnews.physaphae.fr/article.php?IdArticle=1930614 False Guideline APT 41 None InformationSecurityBuzzNews - Site de News Securite Chinese Hacking Group APT41 Attacks 100+ Companies Across The Globe – Expert Source/Comments]]> 2020-09-18T16:08:39+00:00 https://www.informationsecuritybuzz.com/expert-comments/chinese-hacking-group-apt41-attacks-100-companies-across-the-globe-expert-source-comments/ www.secnews.physaphae.fr/article.php?IdArticle=1925448 True Guideline APT 41 None TrendLabs Security - Editeur Antivirus ]]> 2020-09-18T00:00:00+00:00 https://www.trendmicro.com/en_us/research/20/i/u-s--justice-department-charges-apt41-hackers-over-global-cyberattacks.html www.secnews.physaphae.fr/article.php?IdArticle=2148775 False Guideline APT 41 None Zataz - Magazine Francais de secu 2020-09-17T22:54:59+00:00 https://www.zataz.com/pirates-malaisiens-arretes-les-complices-chinois-dans-la-nature/ www.secnews.physaphae.fr/article.php?IdArticle=1923858 False Guideline APT 41 None Krebs on Security - Chercheur Américain 2020-09-17T22:03:21+00:00 https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=1923822 False None APT 41 None 01net. Actualites - Securite - Magazine Francais ]]> 2020-09-17T10:59:00+00:00 https://www.01net.com/actualites/les-etats-unis-veulent-la-peau-des-hackers-chinois-d-apt41-1977462.html www.secnews.physaphae.fr/article.php?IdArticle=1922512 False None APT 41 None Security Affairs - Blog Secu 2020-09-17T09:59:53+00:00 https://securityaffairs.co/wordpress/108381/apt/apt41-doj-indictments.html?utm_source=rss&utm_medium=rss&utm_campaign=apt41-doj-indictments www.secnews.physaphae.fr/article.php?IdArticle=1922609 False Guideline APT 41 None Wired Threat Level - Security News 2020-09-16T18:28:28+00:00 https://www.wired.com/story/barium-winnti-china-hackers-video-game-loot-indictments www.secnews.physaphae.fr/article.php?IdArticle=1920944 False Guideline APT 41 None ZD Net - Magazine Info 2020-09-16T15:03:00+00:00 https://www.zdnet.com/article/us-charges-five-hackers-part-of-chinese-state-sponsored-group-apt41/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1920644 False Guideline APT 41 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-09-16T09:50:50+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/6steMmbPRmE/apt41-hackers-wanted-by-fbi.html www.secnews.physaphae.fr/article.php?IdArticle=1920768 False Guideline APT 41 None DarkTrace - DarkTrace: AI bases detection 2020-04-02T09:00:00+00:00 https://www.darktrace.com/en/blog/catching-apt-41-exploiting-a-zero-day-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=1798859 False Vulnerability,Threat,Guideline APT 41 None InformationSecurityBuzzNews - Site de News Securite Chinese Hacker Group APT41 Uses Recent Exploits To Target Companies Worldwide]]> 2020-03-27T11:28:14+00:00 https://www.informationsecuritybuzz.com/expert-comments/chinese-hacker-group-apt41-uses-recent-exploits-to-target-companies-worldwide/ www.secnews.physaphae.fr/article.php?IdArticle=1622506 False Guideline APT 41 None IT Security Guru - Blog Sécurité 2020-03-26T10:44:25+00:00 https://www.itsecurityguru.org/2020/03/26/cisco-citrix-flaws-exploited-by-chinese-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=cisco-citrix-flaws-exploited-by-chinese-hackers www.secnews.physaphae.fr/article.php?IdArticle=1620554 False Threat,Guideline APT 41 None Security Affairs - Blog Secu 2020-03-25T22:17:01+00:00 https://securityaffairs.co/wordpress/100465/apt/apt41-citrix-cisco-zoho-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=1620117 False Threat,Guideline APT 41 None Bleeping Computer - Magazine Américain 2020-03-25T18:55:29+00:00 https://www.bleepingcomputer.com/news/security/chinese-hackers-use-cisco-citrix-zoho-exploits-in-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1620107 False Guideline APT 41 None Mandiant - Blog Sécu de Mandiant chinoisL'acteur APT41 Effectuer l'une des campagnes les plus larges d'un acteur de cyber-espionnage chinois que nous avons observé ces dernières années.Entre le 20 janvier et le 11 mars, Fireeye a observé apt41 Exploiter les vulnérabilités dans Citrix NetScaler / ADC , les routeurs Cisco, et Zoho ManageEngine Desktop Central dans plus de 75 clients Fireeye.Les pays que nous avons vus ciblés comprennent l'Australie, le Canada, le Danemark, la Finlande, la France, l'Inde, l'Italie, le Japon, la Malaisie, le Mexique, les Philippines, la Pologne, le Qatar, l'Arabie saoudite, Singapour, la Suède, la Suisse, les Émirats arabes unis, le Royaume-Uni et les États-Unis.Le suivant

---

Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers. Countries we\'ve seen targeted include Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA. The following]]> 2020-03-25T07:00:00+00:00 https://www.mandiant.com/resources/blog/apt41-initiates-global-intrusion-campaign-using-multiple-exploits www.secnews.physaphae.fr/article.php?IdArticle=8377653 False Vulnerability APT 41,APT 41,APT-C-17 3.0000000000000000 Security Affairs - Blog Secu 2020-02-10T08:28:13+00:00 https://securityaffairs.co/wordpress/97582/apt/malaysias-mycert-apt40-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=1533226 False Industrial APT 40 None ZD Net - Magazine Info 2020-02-07T01:25:41+00:00 https://www.zdnet.com/article/malaysia-warns-of-chinese-hacking-campaign-targeting-government-projects/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1528965 False Industrial APT 40 None Malwarebytes Labs - MalwarebytesLabs Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more. Categories: A week in security Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo (Read more...) ]]> 2020-01-20T16:32:45+00:00 https://blog.malwarebytes.com/a-week-in-security/2020/01/a-week-in-security-january-13-19/ www.secnews.physaphae.fr/article.php?IdArticle=1502313 False Industrial APT 40 None ZD Net - Magazine Info 2020-01-13T17:01:05+00:00 https://www.zdnet.com/article/report-chinese-hacking-group-apt40-hides-behind-network-of-front-companies/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1501614 False None APT 40 4.0000000000000000 IT Security Guru - Blog Sécurité 2019-11-01T09:44:09+00:00 https://www.itsecurityguru.org/2019/11/01/telco-networks-sms-messages-stolen-by-chinese-cyber-espionage-group/?utm_source=rss&utm_medium=rss&utm_campaign=telco-networks-sms-messages-stolen-by-chinese-cyber-espionage-group www.secnews.physaphae.fr/article.php?IdArticle=1438102 True Malware,Threat,Guideline APT 41 None Dark Reading - Informationweek Branch 2019-10-31T16:20:00+00:00 https://www.darkreading.com/attacks-breaches/chinese-cyber-espionage-group-steals-sms-messages-via-telco-networks/d/d-id/1336235?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1437345 False Threat,Guideline APT 41 None Security Affairs - Blog Secu 2019-10-31T15:48:55+00:00 https://securityaffairs.co/wordpress/93244/apt/apt41-spying-smss.html www.secnews.physaphae.fr/article.php?IdArticle=1436881 False Malware,Guideline APT 41 None Global Security Mag - Site de news francais Investigations ]]> 2019-10-31T14:16:56+00:00 http://www.globalsecuritymag.fr/Qui-lit-vos-messages-Le-Dernier,20191031,92326.html www.secnews.physaphae.fr/article.php?IdArticle=1436948 True Malware,Guideline APT 41 None Global Security Mag - Site de news francais Investigations ]]> 2019-10-31T08:51:31+00:00 http://www.globalsecuritymag.fr/FireEye-vient-de-sortir-un-nouveau,20191031,92310.html www.secnews.physaphae.fr/article.php?IdArticle=1436314 False Malware,Guideline APT 41 None Mandiant - Blog Sécu de Mandiant Août 2019 Blog Post ou ]]> 2019-10-31T08:00:00+00:00 https://www.mandiant.com/resources/blog/messagetap-who-is-reading-your-text-messages www.secnews.physaphae.fr/article.php?IdArticle=8377673 False Malware,Tool APT 41 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Double Dragon » Rapport sur notre nouveau groupe de menaces gradué: APT41.Un groupe à double espionnage en Chine-Nexus et un groupe financièrement axé sur les financières, APT41 cible des industries telles que les jeux, les soins de santé, la haute technologie, l'enseignement supérieur, les télécommunications et les services de voyage. Ce billet de blog concerne la porte dérobée passive sophistiquée que nous suivons en tant que Lowkey, mentionnée dans le rapport APT41 et récemment dévoilée au Fireeye Cyber Defense Summit .Nous avons observé le dispositif de ciel utilisé dans des attaques très ciblées, en utilisant des charges utiles qui fonctionnent uniquement sur des systèmes spécifiques.Famille de logiciels malveillants supplémentaires

---

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog post is about the sophisticated passive backdoor we track as LOWKEY, mentioned in the APT41 report and recently unveiled at the FireEye Cyber Defense Summit. We observed LOWKEY being used in highly targeted attacks, utilizing payloads that run only on specific systems. Additional malware family]]> 2019-10-15T09:15:00+00:00 https://www.mandiant.com/resources/blog/lowkey-hunting-missing-volume-serial-id www.secnews.physaphae.fr/article.php?IdArticle=8377676 False Malware,Threat APT 41,APT-C-17 4.0000000000000000 Security Affairs - Blog Secu 2019-08-21T17:26:00+00:00 https://securityaffairs.co/wordpress/90179/apt/apt41-targets-research-university.html www.secnews.physaphae.fr/article.php?IdArticle=1276695 False Guideline APT 41 None UnderNews - Site de news "pirate" francais APT41 – un acteur œuvrant principalement dans l'espionnage et le cyber crime – il est responsable d'opérations ciblées contre des organisations dans 15 pays différents, dont la France, dans de multiples secteurs d'activités dont la santé, les jeux vidéo, le high tech et les medias.]]> 2019-08-20T14:32:05+00:00 https://www.undernews.fr/hacking-hacktivisme/apt41-identification-dun-nouveau-groupe-de-hackers-chinois-ciblant-la-france.html www.secnews.physaphae.fr/article.php?IdArticle=1273970 False Guideline APT 41 None Mandiant - Blog Sécu de Mandiant a publié le rapport "Double Dragon" Sur notre nouveau groupe de menaces diplômées, APT41.Espionage à double espionnage China-Nexus et groupe financièrement axé sur les financières, APT41 cible des industries telles que les jeux, les soins de santé, la haute technologie, l'enseignement supérieur, les télécommunications et les services de voyage.APT41 est connu pour s'adapter rapidement aux changements et aux détections dans les environnements de victimes, recompilant souvent les logiciels malveillants dans les heures suivant l'activité des répondeurs.Dans plusieurs situations, nous avons également identifié APT41 en utilisant des vulnérabilités récemment divulguées, souvent en armement et en exploitant en quelques jours.

---

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is known to adapt quickly to changes and detections within victim environments, often recompiling malware within hours of incident responder activity. In multiple situations, we also identified APT41 utilizing recently-disclosed vulnerabilities, often weaponzing and exploiting within a matter of days.]]> 2019-08-19T12:30:00+00:00 https://www.mandiant.com/resources/blog/game-over-detecting-and-stopping-an-apt41-operation www.secnews.physaphae.fr/article.php?IdArticle=8377689 False Malware,Threat APT 41,APT 41 4.0000000000000000 Mandiant - Blog Sécu de Mandiant Today, FireEye Intelligence is releasing a comprehensive report detailing APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations. APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage campaigns in what appears to be activity for personal gain. Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests APT41 has conducted simultaneous cyber crime and cyber espionage operations]]> 2019-08-07T07:00:00+00:00 https://www.mandiant.com/resources/blog/apt41-dual-espionage-and-cyber-crime-operation www.secnews.physaphae.fr/article.php?IdArticle=8377686 False Threat APT 41,APT 41 4.0000000000000000 Security Affairs - Blog Secu 2019-03-06T07:59:00+00:00 https://securityaffairs.co/wordpress/82018/apt/apt40-naval-industry.html www.secnews.physaphae.fr/article.php?IdArticle=1055606 False Industrial APT 40 None SecurityWeek - Security News 2019-03-05T13:19:03+00:00 https://www.securityweek.com/state-sponsored-hackers-supporting-china%E2%80%99s-naval-modernization-efforts-report www.secnews.physaphae.fr/article.php?IdArticle=1055437 False Industrial APT 40 None Mandiant - Blog Sécu de Mandiant FireEye is highlighting a cyber espionage operation targeting crucial technologies and traditional intelligence targets from a China-nexus state sponsored actor we call APT40. The actor has conducted operations since at least 2013 in support of China\'s naval modernization effort. The group has specifically targeted engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies. More recently, we have also observed specific targeting of countries strategically important to the Belt and Road Initiative including Cambodia, Belgium, Germany]]> 2019-03-04T13:00:00+00:00 https://www.mandiant.com/resources/blog/apt40-examining-a-china-nexus-espionage-actor www.secnews.physaphae.fr/article.php?IdArticle=8377710 False None APT 40,APT 40 4.0000000000000000 Wired Threat Level - Security News 2018-12-26T15:00:00+00:00 https://www.wired.com/gallery/the-most-read-science-stories-of-2018 www.secnews.physaphae.fr/article.php?IdArticle=965544 False Guideline APT 41 None Security Affairs - Blog Secu 2018-11-15T11:04:02+00:00 https://securityaffairs.co/wordpress/78047/apt/temp-periscope-false-flag.html www.secnews.physaphae.fr/article.php?IdArticle=898007 False Industrial APT 40 None Wired Threat Level - Security News 2018-10-31T13:00:00+00:00 https://www.wired.com/gallery/top-stories-wired-october-2018 www.secnews.physaphae.fr/article.php?IdArticle=872658 False Guideline APT 41 None Wired Threat Level - Security News 2018-10-02T18:53:05+00:00 https://www.wired.com/story/naegleria-fowleri-investigation www.secnews.physaphae.fr/article.php?IdArticle=828854 False Guideline APT 41 None Data Security Breach - Site de news Francais TEMP.Periscope : Des pirates Chinois, amateurs d’éléctions présidentielles ? est apparu en premier sur Data Security Breach. ]]> 2018-07-20T09:33:00+00:00 http://www.datasecuritybreach.fr/temp-periscope-des-pirates-chinois-amateurs-delections-presidentielles/ www.secnews.physaphae.fr/article.php?IdArticle=747691 False Industrial APT 40 None Security Affairs - Blog Secu 2018-07-12T08:22:03+00:00 https://securityaffairs.co/wordpress/74378/intelligence/temp-periscope-cambodia.html www.secnews.physaphae.fr/article.php?IdArticle=741376 False Industrial APT 40 None Mandiant - Blog Sécu de Mandiant Introduction FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia\'s politics, with active compromises of multiple Cambodian entities related to the country\'s electoral system. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures. This campaign occurs in the run up to the country\'s July 29, 2018, general elections. TEMP.Periscope used the same infrastructure for a range of activity against other more traditional targets, including the defense industrial base]]> 2018-07-10T07:00:00+00:00 https://www.mandiant.com/resources/blog/chinese-espionage-group-targets-cambodia-ahead-of-elections www.secnews.physaphae.fr/article.php?IdArticle=8377736 False Industrial APT 40 4.0000000000000000 Adam Shostack - American Security Blog Continue reading "Threat Model Thursdays: Crispin Cowan"]]> 2018-07-05T17:10:01+00:00 https://adam.shostack.org/blog/2018/07/threat-model-thursdays-crispin-cowan/ www.secnews.physaphae.fr/article.php?IdArticle=731749 False Threat,Industrial APT 40 None UnderNews - Site de news "pirate" francais Un groupe de cyber-espionnage chinois (TEMP.Periscope) s'attaque à des entreprises américaines dans les secteurs de l'ingénierie et du maritime.]]> 2018-03-20T09:52:03+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/9d23Df75lZw/un-groupe-de-cyber-espionnage-chinois-sattaque-a-des-entreprises-americaines.html www.secnews.physaphae.fr/article.php?IdArticle=531310 False Industrial APT 40 None Security Affairs - Blog Secu 2018-03-17T16:49:02+00:00 http://securityaffairs.co/wordpress/70355/hacking/temp-periscope-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=522933 False Industrial APT 40 None SecurityWeek - Security News says. ]]> 2018-03-16T20:36:03+00:00 http://feedproxy.google.com/~r/Securityweek/~3/XyHzIV30FB8/china-linked-hackers-target-engineering-and-maritime-industries www.secnews.physaphae.fr/article.php?IdArticle=520362 True Industrial APT 40 None Mandiant - Blog Sécu de Mandiant Leviathan ”par d'autres sociétés de sécurité. La campagne actuelle est une forte escalade de l'activité détectée

---

Intrusions Focus on the Engineering and Maritime Sector Since early 2018, FireEye (including our FireEye as a Service (FaaS), Mandiant Consulting, and iSIGHT Intelligence teams) has been tracking an ongoing wave of intrusions targeting engineering and maritime entities, especially those connected to South China Sea issues. The campaign is linked to a group of suspected Chinese cyber espionage actors we have tracked since 2013, dubbed TEMP.Periscope. The group has also been reported as “Leviathan” by other security firms. The current campaign is a sharp escalation of detected activity]]> 2018-03-15T23:00:00+00:00 https://www.mandiant.com/resources/blog/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries www.secnews.physaphae.fr/article.php?IdArticle=8377750 False None APT 40 4.0000000000000000 IT Security Guru - Blog Sécurité Leviathan, an espionage group active since 2014, is launching cyber attacks against the maritime and defense sectors- focusing specifically on contractors and associated University Research institutions. View Full Story  ORIGINAL SOURCE: ZDNet ]]> 2017-10-19T09:50:25+00:00 http://www.itsecurityguru.org/2017/10/19/group-launches-cyber-attacks-maritime-defense-sectors/ www.secnews.physaphae.fr/article.php?IdArticle=421084 False Industrial APT 40 None CrowdStrike - CTI Society 1970-01-01T00:00:00+00:00 https://www.crowdstrike.com/en-us/blog/modern-security-for-legacy-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8638131 False None APT 4 3.0000000000000000