www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T02:24:21+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine Le groupe de menaces iranien atteint des milliers avec une campagne de pulvérisation de mot de passe Iranian Threat Group Hits Thousands With Password Spray Campaign APT33 activity resulted in data theft from small number of victims]]> 2023-09-15T09:00:00+00:00 https://www.infosecurity-magazine.com/news/iranian-threat-group-thousands/ www.secnews.physaphae.fr/article.php?IdArticle=8383622 False Threat APT33,APT33,APT 33,APT 33 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le groupe Lazare a été blâmé pour 53 millions de dollars à Coinex Lazarus Group Blamed For $53m Heist at CoinEx North Korean actors have become prolific crypto-thieves]]> 2023-09-14T09:30:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-blamed-53m-heist-at/ www.secnews.physaphae.fr/article.php?IdArticle=8382592 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Nouvel outil de porte dérobée repéré par des cibles au Brésil, en Israël, aux Émirats arabes unis New backdoor tool spotted in use against targets in Brazil, Israel, UAE

Des pirates présumés de l'État national iranien ont attaqué des organisations au Brésil, en Israël et aux Émirats arabes unis à l'aide de logiciels de porte dérobée non identifiés auparavant, ont découvert des chercheurs.Le groupe de pirates a étiqueté bobcat balistique, également connu sous le nom de Charming Kitten, a déployé la porte dérobée entre mars 2021 et juin 2022 contre au moins 34 victimes, principalement en Israël, selon la société de cybersécurité ESET.

Suspected Iranian nation-state hackers attacked organizations in Brazil, Israel and the United Arab Emirates using previously unidentified backdoor malware, researchers have discovered. The hacker group labeled Ballistic Bobcat, also known as Charming Kitten, deployed the backdoor between March 2021 and June 2022 against at least 34 victims, mostly in Israel, according to cybersecurity company ESET.]]> 2023-09-12T19:53:00+00:00 https://therecord.media/sponsor-backdoor-charming-kitten-brazil-israel-uae www.secnews.physaphae.fr/article.php?IdArticle=8382001 False Tool APT 35 3.0000000000000000 Dark Reading - Informationweek Branch Les charmants chaton de l'Iran \\ sont sur les serveurs d'échange israélien Iran\\'s Charming Kitten Pounces on Israeli Exchange Servers Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.]]> 2023-09-11T20:30:00+00:00 https://www.darkreading.com/dr-global/irans-charming-kitten-israeli-exchange-servers www.secnews.physaphae.fr/article.php?IdArticle=8381491 False None APT 35,APT 35 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le groupe Lazare cible les macOS dans l'assaut de la chaîne d'approvisionnement Lazarus Group Targets macOS in Supply Chain Assault ESET explained the impact of the supply chain attack translated to a 16.8% increase in Trojan detections]]> 2023-09-11T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-targets-macos-supply/ www.secnews.physaphae.fr/article.php?IdArticle=8381404 False None APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Iranian Hackers Backdoor 34 Orgs avec un nouveau sponsor malware Iranian hackers backdoor 34 orgs with new Sponsor malware A nation-state threat actor known as \'Charming Kitten\' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named \'Sponsor\' against 34 companies around the globe. [...]]]> 2023-09-11T12:19:26+00:00 https://www.bleepingcomputer.com/news/security/iranian-hackers-backdoor-34-orgs-with-new-sponsor-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8381418 False Malware,Threat APT 35 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Juillet 2023 Threat Trend Report on APT Groups – July 2023 juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 29,APT 29,APT 28,APT 28,APT 31 2.0000000000000000 AhnLab - Korean Security Firm Redeyes (scarcruft) \\'s chm malware en utilisant le sujet de la version des eaux usées de Fukushima RedEyes (ScarCruft)\\'s CHM Malware Using the Topic of Fukushima Wastewater Release L'équipe d'analyse du centre d'intervention d'urgence (ASEC) AHNLAB a récemment découvert que le MAC MALW, qui est le CHM, qui estsupposé avoir été créé par le groupe de menaces Redeyes, est à nouveau distribué.La distribution de logiciels malveillants CHM fonctionne de la même manière que le logiciel malveillant & # 8220; CHM déguisé en e-mail de sécurité d'une société financière coréenne & # 8221; [1] couverte en mars de cette année et utilise également les mêmes commandes utilisées dans le & #.8220; 2.3.Persistance & # 8221; [2] Étape dans le processus d'attaque des redeyes ...

The AhnLab Security Emergency response Center (ASEC) analysis team has recently discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group, is being distributed again. The CHM malware in distribution operates in a similar way to the “CHM Malware Disguised as Security Email from a Korean Financial Company”[1] covered in March of this year and also uses the same commands used in the “2.3. Persistence”[2] stage in the attack process of the RedEyes... ]]> 2023-09-08T00:55:10+00:00 https://asec.ahnlab.com/en/56857/ www.secnews.physaphae.fr/article.php?IdArticle=8380255 False Malware,Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Alerte: les campagnes de phishing offrent une nouvelle porte arrière et agent Tesla Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. “APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,” NSFOCUS Security Labs said in a report published last week. APT34, also known by]]> 2023-09-06T19:20:00+00:00 https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html www.secnews.physaphae.fr/article.php?IdArticle=8379668 False Threat APT 34 2.0000000000000000 AhnLab - Korean Security Firm Distribution de la porte dérobée via un LNK malveillant: redeyes (Scarcruft) Distribution of Backdoor via Malicious LNK: RedEyes (ScarCruft) Ahnlab Security Emergency Response Center (ASEC) a confirmé que le malware [1], qui était auparavant distribué dansLe format CHM, est maintenant distribué au format LNK.Ce logiciel malveillant exécute des scripts supplémentaires situés à une URL spécifique via le processus MSHTA.Il reçoit ensuite des commandes du serveur de la menace pour effectuer des comportements malveillants supplémentaires.L'acteur de menace a distribué le fichier LNK confirmé sur un site Web ordinaire en le téléchargeant aux côtés de logiciels malveillants dans un fichier compressé.Le LNK malveillant ...

AhnLab Security Emergency response Center (ASEC) has confirmed that malware [1], which was previously distributed in CHM format, is now being distributed in LNK format. This malware executes additional scripts located at a specific URL through the mshta process. It then receives commands from the threat actor’s server to carry out additional malicious behaviors. The threat actor has been distributing the confirmed LNK file on a regular website by uploading it alongside malware within a compressed file. The malicious LNK... ]]> 2023-09-06T01:29:24+00:00 https://asec.ahnlab.com/en/56756/ www.secnews.physaphae.fr/article.php?IdArticle=8379404 False Malware,Threat APT 37 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les chercheurs mettent en garde contre les cyber-armes utilisées par le groupe Andariel du groupe Lazarus \\ Researchers Warn of Cyber Weapons Used by Lazarus Group\\'s Andariel Cluster The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there are numerous malware strains developed in the Go language,” the AhnLab Security Emergency Response Center (ASEC) said in a deep dive]]> 2023-09-05T15:45:00+00:00 https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html www.secnews.physaphae.fr/article.php?IdArticle=8379144 False Malware,Tool,Threat APT 38 2.0000000000000000 Kaspersky - Kaspersky Research blog Évolution des menaces informatiques au deuxième trimestre 2023 IT threat evolution in Q2 2023 Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.]]> 2023-08-30T10:00:05+00:00 https://securelist.com/it-threat-evolution-q2-2023/110355/ www.secnews.physaphae.fr/article.php?IdArticle=8376639 False Threat APT 38 3.0000000000000000 TechRepublic - Security News US Cisco Talos Research : Une nouvelle campagne d'attaque contre les logiciels malveillants du groupe Lazarus frappe les entreprises britanniques et américaines Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S.]]> 2023-08-25T22:04:17+00:00 https://www.techrepublic.com/article/cisco-talos-lazarus-group-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8374666 False Malware APT 38,APT 38 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Blogs sur le calmar du vendredi : l'interdiction de la pêche au calmar en Chine est inefficace Friday Squid Blogging: China\\'s Squid Fishing Ban Ineffective imposé un « programme pilote interdisant la pêche dans certaines parties du sud-ouest de l’océan Atlantique de juillet à octobre et dans certaines parties de l’est de l’océan Pacifique de septembre à décembre ».Cependant, le groupe de conservation Oceana a analysé les données et a découvert que les Chinois ne pêchaient pas dans ces zones au cours de ces mois-là, de toute façon. < blockquote>Dans la zone du moratoire du sud-ouest de l'Atlantique, Oceana a constaté qu'aucune pêche n'avait été menée par les flottes chinoises au cours de la même période en 2019. Entre 1 800 et 8 500 heures de pêche ont été détectées dans la zone dans chacune descinq ans jusqu'en 2019. Dans la zone du Pacifique oriental, la flotte de pêche chinoise semblait ne pêcher que 38 heures au cours de l'année précédant l'introduction de l'interdiction...

China imposed a “pilot program banning fishing in parts of the south-west Atlantic Ocean from July to October, and parts of the eastern Pacific Ocean from September to December.” However, the conservation group Oceana analyzed the data and figured out that the Chinese weren’t fishing in those areas in those months, anyway. < blockquote>In the south-west Atlantic moratorium area, Oceana found there had been no fishing conducted by Chinese fleets in the same time period in 2019. Between 1,800 and 8,500 fishing hours were detected in the zone in each of the five years to 2019. In the eastern Pacific zone, China’s fishing fleet appeared to fish only 38 hours in the year before the ban’s introduction...]]> 2023-08-25T21:06:48+00:00 https://www.schneier.com/blog/archives/2023/08/friday-squid-blogging-chinas-squid-fishing-ban-ineffective.html www.secnews.physaphae.fr/article.php?IdArticle=8374653 False None APT 32 1.00000000000000000000 Recorded Future - FLux Recorded Future Un nouveau malware du nord-coréen Lazarus utilisé contre le secteur de la santé New malware from North Korea\\'s Lazarus used against healthcare industry

Un groupe de hackers notoire travaillant pour le compte du gouvernement nord-coréen utilise une nouvelle souche de malware pour attaquer les établissements de santé et l'infrastructure de base Internet en Europe et aux États-Unis.Des chercheurs en sécurité de Cisco Talos publié deux rapports décrivant une série d'incidents impliquant le groupe de piratage informatique Lazarus de longue date, qui ont fait la une des journaux.

A notorious hacking group working on behalf of the North Korean government is using a new strain of malware to attack healthcare entities and internet backbone infrastructure in Europe and the United States. Security researchers from Cisco Talos published two reports outlining a string of incidents involving the long-running Lazarus hacking group, which garnered headlines]]> 2023-08-25T13:32:00+00:00 https://therecord.media/lazarus-new-malware-manageengine-open-source www.secnews.physaphae.fr/article.php?IdArticle=8374521 False Malware APT 38,APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le groupe Lazarus cible l'infrastructure Internet et les soins de santé avec le logiciel malveillant \\'QuiteRAT\\' Lazarus Group Targets Internet Infrastructure and Healthcare with \\'QuiteRAT\\' Malware QuiteRAT, the North-Korea-Backed group\'s new malware, exploits a 2022 ManageEngine ServiceDesk vulnerability]]> 2023-08-25T07:30:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-internet-healthcare/ www.secnews.physaphae.fr/article.php?IdArticle=8374396 False Malware,Vulnerability APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le groupe Lazarus exploite la faille critique Zoho Manage en train de déployer des logiciels malveillants furtifs Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis]]> 2023-08-24T20:46:00+00:00 https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html www.secnews.physaphae.fr/article.php?IdArticle=8374129 False Malware,Threat APT 38,APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Le groupe de Lazarus de la Corée du Nord a utilisé le cadre d'interface graphique pour construire un rat furtif North Korea\\'s Lazarus Group Used GUI Framework to Build Stealthy RAT The world\'s most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.]]> 2023-08-24T12:05:00+00:00 https://www.darkreading.com/attacks-breaches/north-koreas-lazarus-group-used-gui-framework-to-build-stealthy-rat www.secnews.physaphae.fr/article.php?IdArticle=8374035 False Threat APT 38,APT 38 2.0000000000000000 The State of Security - Magazine Américain La Corée du Nord est prête à encaisser plus de 40 millions de dollars en Bitcoin après l'été des attaques, prévient le FBI North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI After a series of high-profile cryptocurrency heists, a state-sponsored North Korean malicious hacking group is poised to cash out millions of dollars. That\'s the opinion of the FBI, which this week has warned cryptocurrency companies about recent blockchain activity it has observed connected to the theft of hundreds of millions of cryptocurrency in recent months. The FBI says that the notorious North Korean-backed Lazarus Group is behind a series of recent attacks, including: June 22 2023 - The theft of $60 million worth of virtual currency from Alphapo. June 22 2023 - The theft of $37...]]> 2023-08-24T09:05:13+00:00 https://www.tripwire.com/state-of-security/north-korea-ready-cash-out-more-40-million-bitcoin-after-summer-hacks-warns-fbi www.secnews.physaphae.fr/article.php?IdArticle=8374079 False None APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates utilisent l'exploitation de gestion publique pour violation de l'organisation Internet Hackers use public ManageEngine exploit to breach internet org The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho\'s ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [...]]]> 2023-08-24T08:31:20+00:00 https://www.bleepingcomputer.com/news/security/hackers-use-public-manageengine-exploit-to-breach-internet-org/ www.secnews.physaphae.fr/article.php?IdArticle=8374056 False Vulnerability APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Le FBI met en garde contre les caves de crypto-monnaie par le groupe de Lazarus de la Corée du Nord FBI Warns of Cryptocurrency Heists by North Korea\\'s Lazarus Group The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.]]> 2023-08-23T19:00:00+00:00 https://www.darkreading.com/threat-intelligence/fbi-warns-of-cryptocurrency-heists-by-north-koreas-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=8373773 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Les hackers de Lazarus de la Corée du Nord derrière les récentes cris de crypto: FBI North Korea\\'s Lazarus hackers behind recent crypto heists: FBI

Le FBI a attribué trois cyberattaques récentes sur les plateformes de crypto-monnaie au groupe de piratage APT38 du gouvernement nord-coréen - connu par de nombreux chercheurs sous le nom de Lazarus ouTRADERTRAITOR .Juin a vu trois incidents à la tête de titre impliquant des sociétés de crypto-monnaie: un 100 millions de dollars de pirate de portefeuille atomique le 2 juin , ainsi que deux attaques du 22 juin dans lesquelles les cybercriminels

The FBI has attributed three recent cyberattacks on cryptocurrency platforms to the North Korean government\'s APT38 hacking group - known by many researchers as Lazarus or TraderTraitor. June saw three headline-grabbing incidents involving cryptocurrency companies: a $100 million hack of Atomic Wallet on June 2, as well as two June 22 attacks in which cybercriminals]]> 2023-08-23T14:49:00+00:00 https://therecord.media/north-korea-lazarus-behind-crypto-heists www.secnews.physaphae.fr/article.php?IdArticle=8373688 False Hack APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Le grand système hospitalier du Mississippi met les services hors ligne après la cyberattaque Major Mississippi hospital system takes services offline after cyberattack

L'un des plus grands systèmes hospitaliers du Mississippi a été contraint de retirer plusieurs services internes hors ligne après avoir connu une cyberattaque qui a commencé la semaine dernière.Singing River Health System & # 8211;qui gère l'hôpital Pascagoula, l'Ocean Springs Hospital et l'hôpital Gulfport ainsi que des dizaines de cliniques et de centres le long de la côte du Golfe & # 8211;est à propos d'un

One of the largest hospital systems in Mississippi was forced to take several internal services offline after experiencing a cyberattack that began last week. Singing River Health System – which runs Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital as well as dozens of clinics and centers along the Gulf Coast – is about an]]> 2023-08-22T18:02:00+00:00 https://therecord.media/mississippi-hospital-system-takes-services-offline-after-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8373195 False None APT 32 3.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-40341 A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.]]> 2023-08-16T15:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40341 www.secnews.physaphae.fr/article.php?IdArticle=8370819 False Vulnerability APT 32 None AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Juin 2023 Threat Trend Report on APT Groups – June 2023 Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

APT Group Trends – June 2023 1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 32,APT 32,APT 28,APT 28,APT 15,APT 15,APT 25 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chichette charmante cible les dissidents iraniens avec des cyberattaques avancées Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks Germany\'s Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory. The]]> 2023-08-14T16:30:00+00:00 https://thehackernews.com/2023/08/charming-kitten-targets-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=8369892 False None APT 35,APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les chercheurs mettent en lumière les déposées avancées et les tactiques d'exfiltration des données d'APT31 \\ Researchers Shed Light on APT31\\'s Advanced Backdoors and Data Exfiltration Tactics The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe]]> 2023-08-11T15:42:00+00:00 https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html www.secnews.physaphae.fr/article.php?IdArticle=8368885 False Malware,Threat,Industrial APT 31,APT 31 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine APT31 lié aux récentes attaques industrielles en Europe de l'Est APT31 Linked to Recent Industrial Attacks in Eastern Europe Kaspersky published the third installment of their investigation on this campaign earlier today]]> 2023-08-10T16:00:00+00:00 https://www.infosecurity-magazine.com/news/apt31-linked-attacks-eastern-europe/ www.secnews.physaphae.fr/article.php?IdArticle=8368430 False Industrial APT 31,APT 31 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Les systèmes Mac se sont transformés en nœuds de sortie proxy par adcharge Mac systems turned into proxy exit nodes by AdLoad SentinelOne in 2021 and Microsoft in 2022. As stated in Microsoft’s report on UpdateAgent, a malware delivering AdLoad through drive-by compromise, AdLoad redirected users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results with a Person-in-The-Middle (PiTM) attack. These two previous campaigns, together with the campaign described in this blog, support the theory that AdLoad could be running a pay-per-Install campaign in the infected systems. The main purpose of the malware has always been to act as a downloader for subsequent payloads. It has been identified delivering a wide range of payloads (adware, bundleware, PiTM, backdoors, proxy applications, etc.) every few months to a year, sometimes conveying different payloads depending on the system settings such as geolocation, device make and model, operating system version, or language settings, as reported by SentinelOne. In all observed samples, regardless of payload, they report an Adload server during execution on the victim’s system. This beacon (analyzed later in Figure 3 & 4) includes system information in the user agent and the body, without any relevant response aside from a 200 HTTP response code. This activity probably represents AdLoad\'s method of keeping count of the number of infected systems, supporting the pay-per-Install scheme. AT&T Alien Labs™ has observed similar activity in our threat analysis systems throughout the last year, with the AdLoad malware being installed in the infected systems. However, Alien Labs is now observing a previously unreported payload being delivered to the victims. The payload corresponds to a proxy application, converting its targets into proxy exit nodes after infection. As seen in Figure 1, the threat actors behind this campaign have been very active since the beginning of 2022. bar chart of AdLoad samples

Figure 1. Histogram of AdLoad samples identified by Alien Labs. The vast numb]]> 2023-08-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload www.secnews.physaphae.fr/article.php?IdArticle=8368296 False Spam,Malware,Threat,Cloud APT 32 2.0000000000000000 Dark Reading - Informationweek Branch L'APT34 iran Iran\\'s APT34 Hits UAE With Supply Chain Attack The prolific APT, also known as OilRig and MuddyWater, was caught targeting an IT company\'s government clients in the region, with the aim of carrying out cyber espionage.]]> 2023-08-02T18:10:11+00:00 https://www.darkreading.com/dr-global/iran-apt34-uae-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=8364879 False None APT 34,APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) L'APT31 de la Chine soupçonnée dans les attaques contre des systèmes à air en Europe de l'Est China\\'s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,]]> 2023-08-01T14:31:00+00:00 https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html www.secnews.physaphae.fr/article.php?IdArticle=8364217 False Industrial APT 31 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates patchwork ciblent les organisations de recherche chinoises à l'aide de la porte dérobée de la cachette Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that]]> 2023-07-31T18:00:00+00:00 https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html www.secnews.physaphae.fr/article.php?IdArticle=8363854 False Threat APT 38,APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les implants APT31 ciblent les organisations industrielles APT31 Implants Target Industrial Organizations The attackers established a channel for data exfiltration, including from air-gapped systems]]> 2023-07-31T17:30:00+00:00 https://www.infosecurity-magazine.com/news/apt31-target-industrial-firms/ www.secnews.physaphae.fr/article.php?IdArticle=8363967 False Industrial APT 31 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les pirates nord-coréens mettent un autre 100 millions de dollars de crampons de crypto North Korean Hackers Bag Another $100m in Crypto Heists Two new breaches traced back to prolific Lazarus group]]> 2023-07-28T09:00:00+00:00 https://www.infosecurity-magazine.com/news/north-korean-hackers-100m-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8362628 False None APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Coinspaid blâme les pirates de Lazarus pour un vol de 37 300 000 $ en crypto CoinsPaid blames Lazarus hackers for theft of $37,300,000 in crypto Estonian crypto-payments service provider CoinsPaid has announced that it experienced a cyber attack on July 22nd, 2023, that resulted in the theft of $37,200,000 worth of cryptocurrency. [...]]]> 2023-07-27T17:58:48+00:00 https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8362435 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates de Lazarus liés à 60 millions de dollars de braquage de crypto-monnaie Alphapo Lazarus hackers linked to $60 million Alphapo cryptocurrency heist Blockchain analysts blame the North Korean Lazarus hacking group for a recent attack on payment processing platform Alphapo where the attackers stole almost $60 million in crypto. [...]]]> 2023-07-26T16:19:34+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/ www.secnews.physaphae.fr/article.php?IdArticle=8361882 False None APT 38 3.0000000000000000 Global Security Mag - Site de news francais Le groupe APT Lazarus détourne les serveurs IIS Microsoft pour diffuser des logiciels malveillants Malwares]]> 2023-07-26T07:49:46+00:00 https://www.globalsecuritymag.fr/Le-groupe-APT-Lazarus-detourne-les-serveurs-IIS-Microsoft-pour-diffuser-des.html www.secnews.physaphae.fr/article.php?IdArticle=8361605 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain Lazarus Hackers Hijack Microsoft IIS serveurs pour répandre les logiciels malveillants Lazarus hackers hijack Microsoft IIS servers to spread malware The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service (IIS) web servers to hijack them for malware distribution. [...]]]> 2023-07-24T16:34:23+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-hijack-microsoft-iis-servers-to-spread-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8360915 False Malware APT 38 2.0000000000000000 AhnLab - Korean Security Firm Groupe de menace de Lazarus attaquant les serveurs Windows à utiliser comme points de distribution de logiciels malveillants Lazarus Threat Group Attacking Windows Servers to Use as Malware Distribution Points Ahnlab Security Emergency Response Center (ASEC) a découvert que Lazarus, un groupe de menaces considéré comme des points de distribution à l'échelle nationale, attaque leurs logiciels de Windows Internet (IIS) Services Web et les utilise comme points de distribution pour leurs logiciels malveillants.Le groupe est connu pour utiliser la technique du trou d'arrosage pour l'accès initial. & # 160; [1] Le groupe pirate d'abord les sites Web coréens et modifie le contenu fourni à partir du site.Lorsqu'un système utilisant une version vulnérable d'Inisafe Crossweb Ex V6 visite ce site via un ...

AhnLab Security Emergency response Center (ASEC) has discovered that Lazarus, a threat group deemed to be nationally funded, is attacking Windows Internet Information Service (IIS) web servers and using them as distribution points for their malware. The group is known to use the watering hole technique for initial access. [1] The group first hacks Korean websites and modifies the content provided from the site. When a system using a vulnerable version of INISAFE CrossWeb EX V6 visits this website via a... ]]> 2023-07-24T01:00:00+00:00 https://asec.ahnlab.com/en/55369/ www.secnews.physaphae.fr/article.php?IdArticle=8360671 False Malware,Threat APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Des pirates nord-coréens liés à une tentative d'attaque de chaîne d'approvisionnement sur les clients de JumpCloud North Korean hackers linked to attempted supply-chain attack on JumpCloud customers

Les pirates nord-coréens étaient à l'origine d'une violation de l'entreprise logicielle JumpCloud qui faisait partie d'une tentative d'attaque de chaîne d'approvisionnement ciblant les sociétés de crypto-monnaie, a-t-il été rapporté jeudi.JumpCloud - qui fournit des outils de gestion de l'identité et de l'accès aux appareils d'entreprise - a annoncé plus tôt ce mois-ci qu'une «nation sophistiquée-Acteur de menace parrainé par l'État »avait réussi

North Korean hackers were behind a breach of the software business JumpCloud that formed part of an attempted supply-chain attack targeting cryptocurrency companies, it was reported on Thursday. JumpCloud - which provides identity and access management tools for enterprise devices - announced earlier this month that a “sophisticated nation-state sponsored threat actor” had managed in]]> 2023-07-20T12:50:00+00:00 https://therecord.media/north-korea-jumpcloud-attempted-supply-chain-attack-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=8359229 False Tool,Threat APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain La violation de Jumpcloud remonte aux pirates d'État nord-coréens JumpCloud breach traced back to North Korean state hackers US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike. [...]]]> 2023-07-20T08:25:44+00:00 https://www.bleepingcomputer.com/news/security/jumpcloud-breach-traced-back-to-north-korean-state-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8359230 False None APT 38,APT 38 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Mémo sur les menaces de cloud: un autre acteur parrainé par l'État exploitant Dropbox Cloud Threats Memo: Another State-Sponsored Actor Exploiting Dropbox Soyez le premier à recevoir la note de menaces de cloud directement dans votre boîte de réception en vous abonnant ici.Charming Kitten (également connu sous le nom d'APT35, TA453, Mint Sandstorm, Yellow Garuda) est un acteur de menace prolifique parrainé par l'État iranien bien connu, en particulier actif par le biais de campagnes complexes d'ingénierie sociale, contre le gouvernement européen, américain et du Moyen-Orient et le personnel militaire,Les universitaires, les journalistes et les organisations [& # 8230;]

>Be the first to receive the Cloud Threats Memo directly in your inbox by subscribing here. Charming Kitten (also known as APT35, TA453, Mint Sandstorm, Yellow Garuda) is a well-known prolific Iranian state-sponsored threat actor, particularly active through complex social engineering campaigns, against European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations […] ]]> 2023-07-17T14:19:59+00:00 https://www.netskope.com/blog/cloud-threats-memo-another-state-sponsored-actor-exploiting-dropbox www.secnews.physaphae.fr/article.php?IdArticle=8357762 False Threat,Cloud APT 35,APT 35 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2020-36760 The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate extension bundles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-07-12T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36760 www.secnews.physaphae.fr/article.php?IdArticle=8355103 False None APT 32 None AhnLab - Korean Security Firm Analyse de la porte dérobée Rekoobe utilisée dans les attaques contre les systèmes Linux en Corée Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea Rekoobe est une porte dérobée connue pour être utilisée par APT31, un groupe de menaces basé en Chine.Ahnlab Security Emergency Response Center (ASEC) reçoit des rapports sur les logiciels malveillants Rekoobe des locataires en Corée depuis plusieurs années et partagera par la présente sa brève analyse.De plus, les variantes de Rekoobe seront classées avec un résumé de celles utilisées pour cibler les entreprises coréennes.1. La vue d'ensemble Rekoobe est une porte dérobée qui cible les environnements Linux.Il a été découvert pour la première fois en 2015, [1] ...

Rekoobe is a backdoor known to be used by APT31, a threat group based in China. AhnLab Security Emergency Response Center (ASEC) has been receiving reports of the Rekoobe malware from tenants in Korea for several years, and will hereby share its brief analysis. Additionally, the Rekoobe variants will be categorized along with a summary of the ones used to target Korean companies. 1. Overview Rekoobe is a backdoor that targets Linux environments. It was first discovered in 2015, [1]... ]]> 2023-07-10T23:30:00+00:00 https://asec.ahnlab.com/en/55229/ www.secnews.physaphae.fr/article.php?IdArticle=8354290 False Malware,Threat APT 31 2.0000000000000000 Dark Reading - Informationweek Branch Apt35 développe des logiciels malveillants sur mesure mac APT35 Develops Mac Bespoke Malware Iran-linked APT35 group crafted specific Mac malware when targeting a member of the media with new tools to add backdoors.]]> 2023-07-10T17:58:00+00:00 https://www.darkreading.com/dr-global/apt35-mac-bespoke-malware www.secnews.physaphae.fr/article.php?IdArticle=8354062 False Malware APT 35,APT 35 4.0000000000000000 ProofPoint - Firm Security APT35 Develops Mac Bespoke Malware 2023-07-10T11:27:38+00:00 https://www.proofpoint.com/us/newsroom/news/apt35-develops-mac-bespoke-malware www.secnews.physaphae.fr/article.php?IdArticle=8356799 False Malware APT 35,APT 35 2.0000000000000000 ProofPoint - Firm Security Charming Kitten hackers use new \'NokNok\' malware for macOS 2023-07-09T11:34:17+00:00 https://www.proofpoint.com/us/newsroom/news/charming-kitten-hackers-use-new-noknok-malware-macos www.secnews.physaphae.fr/article.php?IdArticle=8356800 False Malware APT 35,APT 35 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates de chaton charmants utilisent de nouveaux \\ 'noknok \\' malware pour macOS Charming Kitten hackers use new \\'NokNok\\' malware for macOS Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. [...]]]> 2023-07-09T10:13:16+00:00 https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-use-new-noknok-malware-for-macos/ www.secnews.physaphae.fr/article.php?IdArticle=8353811 False Malware APT 35,APT 35 2.0000000000000000 SecurityWeek - Security News Les cyberspies iraniennes ciblent le groupe de réflexion américain avec de nouveaux logiciels malveillants macOS Iranian Cyberspies Target US-Based Think Tank With New macOS Malware En mai 2023, le groupe de cyberespionnage lié à l'Iran Charming Kitten a ciblé un groupe de réflexion basé aux États-Unis avec un nouveau malware macOS.

>In May 2023, Iran-linked cyberespionage group Charming Kitten targeted a US-based think tank with new macOS malware. ]]> 2023-07-07T13:42:29+00:00 https://www.securityweek.com/iranian-cyberspies-target-us-based-think-tank-with-new-macos-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8353399 False Malware APT 35,APT 35 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Mai 2023 Threat Trend Report on APT Groups – May 2023 Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 41,APT 38,APT 37,APT 37,APT 29,APT 29,APT 28,APT 28,APT 36,APT 36,Guam,Guam,APT-C-17,APT-C-17,GoldenJackal,GoldenJackal,APT-C-36 3.0000000000000000 Recorded Future - FLux Recorded Future Des pirates basés en Iran ciblant les experts en sécurité nucléaire via Mac, Windows Malware Iran-based hackers targeting nuclear security experts through Mac, Windows malware

Les pirates soutenant le gouvernement de l'Iran ciblent des experts des affaires du Moyen-Orient et de la sécurité nucléaire dans une nouvelle campagne qui, selon les chercheurs, impliquait des logiciels malveillants pour les produits Apple et Microsoft.Les experts en cybersécurité de Proofpoint ont attribué la campagne à un groupe qu'ils appellent TA453 mais est également connu sous le nom de Charming Kitten, Mint Sandstorm ou APT42,

Hackers supporting the government of Iran are targeting experts in Middle Eastern affairs and nuclear security in a new campaign that researchers said involved malware for both Apple and Microsoft products. Cybersecurity experts from Proofpoint attributed the campaign to a group they call TA453 but also is known as Charming Kitten, Mint Sandstorm or APT42,]]> 2023-07-06T17:42:00+00:00 https://therecord.media/iran-ta453-apt42-charming-kitten-espionage-nuclear-security-think-tanks www.secnews.physaphae.fr/article.php?IdArticle=8353083 False Malware APT 35,APT 42 3.0000000000000000 Global Security Mag - Site de news francais Proofpoint : Charming Kitten cible les experts en sécurité nucléaire Malwares]]> 2023-07-06T12:21:23+00:00 https://www.globalsecuritymag.fr/Proofpoint-Charming-Kitten-cible-les-experts-en-securite-nucleaire.html www.secnews.physaphae.fr/article.php?IdArticle=8352896 False None APT 35,APT 35 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le piratage d'équipage ciblant les États sur les interdictions de transition affirme que la cyberattaque a frappé les systèmes de satellite mondial Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems Un groupe qui a précédemment piraté Fort Worth, Texas, a revendiqué une cyberattaque qui a affecté Halliburton, Shell, Helix Energy et Oceaneering.

>A group that previously hacked Fort Worth, Texas, claimed a cyberattack that affected Halliburton, Shell, Helix Energy and Oceaneering. ]]> 2023-07-03T18:35:12+00:00 https://cyberscoop.com/siegedsec-hack-transition-bans-satellite-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8351882 False None APT 32 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers iraniens charmant chaton utilisent la porte dérobée Powerstar dans les attaques d'espionnage ciblées Iranian Hackers Charming Kitten Utilize POWERSTAR Backdoor in Targeted Espionage Attacks Charming Kitten, the nation-state actor affiliated with Iran\'s Islamic Revolutionary Guard Corps (IRGC), has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security measures placed in the malware to make it more difficult to analyze and collect intelligence,"]]> 2023-06-30T19:24:00+00:00 https://thehackernews.com/2023/06/iranian-hackers-charming-kitten-utilize.html www.secnews.physaphae.fr/article.php?IdArticle=8351031 False Malware APT 35 2.0000000000000000 Dark Reading - Informationweek Branch L'APT35 lié à l'Iran cible les médias israéliens avec des outils de phishing améliorés Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools The APT35 group (aka Charming Kitten), have added backdoor capabilities to their spear-phishing payloads - and targeted an Israeli reporter with it.]]> 2023-06-30T17:53:00+00:00 https://www.darkreading.com/dr-global/iran-linked-apt35-israeli-media-upgraded-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8351073 False None APT 35,APT 35 2.0000000000000000 knowbe4 - cybersecurity services Acteur de menace iranienne Chichette Chichette à l'aide de la campagne de phishing de lance pour distribuer des logiciels malveillants Iranian Threat Actor Charming Kitten Using Spear Phishing Campaign To Distribute Malware 2023-06-29T17:18:11+00:00 https://blog.knowbe4.com/charming-kitten-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8350708 False Malware,Threat APT 35 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le logiciel malveillant Powerstar de Charming Kitten \\ évolue avec des techniques avancées Charming Kitten\\'s PowerStar Malware Evolves with Advanced Techniques Volexity said the updated malware uses IPFS, public cloud hosting for decryption and configuration]]> 2023-06-29T15:30:00+00:00 https://www.infosecurity-magazine.com/news/charming-kittens-powerstar-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8350670 False Malware,Cloud APT 35 3.0000000000000000 Bleeping Computer - Magazine Américain NOUVEAU LA MALWORD EARDRAT LINÉS AU NORTHORAN ANDARIEL PATIRY GROUP New EarlyRAT malware linked to North Korean Andariel hacking group Security analysts have discovered a previously undocumented remote access trojan (RAT) named \'EarlyRAT,\' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. [...]]]> 2023-06-29T13:39:41+00:00 https://www.bleepingcomputer.com/news/security/new-earlyrat-malware-linked-to-north-korean-andariel-hacking-group/ www.secnews.physaphae.fr/article.php?IdArticle=8350710 False Malware APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les erreurs d'Andariel \\ découvrent de nouveaux logiciels malveillants dans la campagne du groupe Lazare Andariel\\'s Mistakes Uncover New Malware in Lazarus Group Campaign Kaspersky analyzes the group\'s tactics and reveals the emergence of a new threat called EarlyRat]]> 2023-06-28T15:30:00+00:00 https://www.infosecurity-magazine.com/news/andariels-mistakes-uncover-new/ www.secnews.physaphae.fr/article.php?IdArticle=8350192 False Malware,Threat APT 38 3.0000000000000000 Volexity - Cyber Firms Charmant Kitten met à jour Powerstar avec une touche interplanétaire Charming Kitten Updates POWERSTAR with an InterPlanetary Twist La volexité travaille avec de nombreuses personnes et organisations souvent soumises à des campagnes sophistiquées et hautement ciblées de phistes de lance de divers acteurs de menaces au niveau de l'État-nation.Au cours des dernières années, la volexité a observé que les acteurs de la menace augmentent considérablement le niveau d'effort qu'ils ont consacré à compromettre les références ou les systèmes de cibles individuelles.Les campagnes de phisces de lance impliquent désormais souvent des messages individuels et sur mesure qui engagent un dialogue avec chaque cible, parfois sur une période de plusieurs jours, avant qu'un lien malveillant ou une pièce jointe de fichier ne soit envoyé.Un acteur de menace volexité voit fréquemment utiliser ces techniques est le charmant chaton, qui opérerait à partir de l'Iran.Charming Kitten semble principalement soucieux de collecter des renseignements en compromettant les informations d'identification des comptes et, par la suite, l'e-mail des personnes qu'ils lancent avec succès Phish.Le groupe extrait souvent toutes les autres informations d'identification ou accès qu'ils peuvent, puis tenteront de pivoter d'autres systèmes, tels que ceux accessibles [& # 8230;]

>Volexity works with many individuals and organizations often subjected to sophisticated and highly targeted spear-phishing campaigns from a variety of nation-state-level threat actors. In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets. Spear-phishing campaigns now often involve individual, tailored messages that engage in dialogue with each target, sometimes over a period of several days, before a malicious link or file attachment is ever sent. One threat actor Volexity frequently sees employing these techniques is Charming Kitten, who is believed to be operating out of Iran. Charming Kitten appears to be primarily concerned with collecting intelligence by compromising account credentials and, subsequently, the email of individuals they successfully spear phish. The group will often extract any other credentials or access they can, and then attempt to pivot to other systems, such as those accessible […] ]]> 2023-06-28T13:07:56+00:00 https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/ www.secnews.physaphae.fr/article.php?IdArticle=8388307 False Threat APT 35,APT 35 3.0000000000000000 UnderNews - Site de news "pirate" francais Kaspersky découvre une nouvelle famille de logiciels malveillants utilisés par Andariel, le sous-groupe de Lazarus Kaspersky a mené une enquête approfondie sur les activités d’Andariel, un sous-groupe notoire du groupe Lazarus. Au cours de cette enquête, les chercheurs de Kaspersky ont découvert une nouvelle famille de logiciels malveillants appelée EarlyRat, qui est utilisée par Andariel en plus de leur utilisation connue du malware DTrack et du ransomware Maui. L’analyse des […] The post Kaspersky découvre une nouvelle famille de logiciels malveillants utilisés par Andariel, le sous-groupe de Lazarus first appeared on UnderNews.]]> 2023-06-28T12:39:49+00:00 https://www.undernews.fr/malwares-virus-antivirus/kaspersky-decouvre-une-nouvelle-famille-de-logiciels-malveillants-utilises-par-andariel-le-sous-groupe-de-lazarus.html www.secnews.physaphae.fr/article.php?IdArticle=8350132 False Ransomware,Malware APT 38 4.0000000000000000 Global Security Mag - Site de news francais FadeStealer : un nouveau logiciel malveillant d\'écoute du groupe de pirates nord-coréens APT37 Malwares]]> 2023-06-23T13:09:19+00:00 https://www.globalsecuritymag.fr/FadeStealer-un-nouveau-logiciel-malveillant-d-ecoute-du-groupe-de-pirates-nord.html www.secnews.physaphae.fr/article.php?IdArticle=8348513 False None APT 37 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates de scarcruft exploitent un service habilement pour des attaques d'écoute furtive ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. "The threat actor sent their commands through the Golang backdoor that is using the Ably service," the AhnLab Security Emergency response Center (]]> 2023-06-21T21:46:00+00:00 https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html www.secnews.physaphae.fr/article.php?IdArticle=8347758 False Malware,Threat APT 37 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates APT37 déploient de nouveaux logiciels malveillants FadesESEaler APT37 hackers deploy new FadeStealer eavesdropping malware The North Korean APT37 hacking group uses a new \'FadeStealer\' information-stealing malware containing a \'wiretapping\' feature, allowing the threat actor to snoop and record from victims\' microphones. [...]]]> 2023-06-21T16:16:11+00:00 https://www.bleepingcomputer.com/news/security/apt37-hackers-deploy-new-fadestealer-eavesdropping-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8347834 False Malware,Threat APT 37,APT 37 2.0000000000000000 AhnLab - Korean Security Firm Redeyes Les individus d'écoute électronique du groupe (APT37) RedEyes Group Wiretapping Individuals (APT37) 1.Aperçu redeyes (également connu sous le nom d'APT37, Scarcruft et Reaper) est un groupe APT parrainé par l'État qui mène principalement des attaques contre des individus tels que les transfuges nord-coréens, les militants des droits de l'homme et les professeurs d'université.Leur tâche est connue pour surveiller la vie d'individus spécifiques.En mai 2023, Ahnlab Security Emergency Response Center (ASEC) a découvert le groupe Redeyes Distribution et à l'aide d'un infostecteur avec des fonctionnalités d'écoute qui était auparavant inconnue avec une porte dérobée développée à l'aide de Golang qui exploite le ...

1. Overview RedEyes (also known as APT37, ScarCruft, and Reaper) is a state-sponsored APT group that mainly carries out attacks against individuals such as North Korean defectors, human rights activists, and university professors. Their task is known to be monitoring the lives of specific individuals. In May 2023, AhnLab Security Emergency response Center (ASEC) discovered the RedEyes group distributing and using an Infostealer with wiretapping features that was previously unknown along with a backdoor developed using GoLang that exploits the... ]]> 2023-06-21T02:00:00+00:00 https://asec.ahnlab.com/en/54349/ www.secnews.physaphae.fr/article.php?IdArticle=8347574 False None APT 37 2.0000000000000000 CVE Liste - Common Vulnerability Exposure CVE-2023-35840 _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.]]> 2023-06-19T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35840 www.secnews.physaphae.fr/article.php?IdArticle=8346829 False None APT 33 None AhnLab - Korean Security Firm Lezare Menace Group exploitant la vulnérabilité de la solution de sécurité financière coréenne Lazarus Threat Group Exploiting Vulnerability of Korean Finance Security Solution comme couvert précédemment ici sur le blog ASEC, le groupe de menace Lazarus exploite les vulnérabilités d'Inisafe Crossweb Ex etMagicline4nx dans leurs attaques.New Malware of Lazarus Threat Group Actor Group exploitant le processus Initch (26 avril 2022) Un cas d'infection par les logiciels malveillants par le groupe d'attaque de Lazarus désactivant les programmes anti-malware avec la technique BYOVD (31 octobre 2022) tout en surveillant les activités du groupe de menaces de Lazarus, Ahnlab Security Emergency Response Center (ASEC) a récemment découvert que la vulnérabilité zéro-jour de Vestcert ...

As covered before here on the ASEC Blog, the Lazarus threat group exploits the vulnerabilities of INISAFE CrossWeb EX and MagicLine4NX in their attacks. New Malware of Lazarus Threat Actor Group Exploiting INITECH Process (Apr 26, 2022) A Case of Malware Infection by the Lazarus Attack Group Disabling Anti-Malware Programs With the BYOVD Technique (Oct 31, 2022) While monitoring the activities of the Lazarus threat group, AhnLab Security Emergency response Center (ASEC) recently discovered that the zero-day vulnerability of VestCert... ]]> 2023-06-14T23:00:00+00:00 https://asec.ahnlab.com/en/54195/ www.secnews.physaphae.fr/article.php?IdArticle=8345547 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 # 24 [Le biais de l'esprit \\] le prétexage dépasse désormais le phishing dans les attaques d'ingénierie sociale CyberheistNews Vol 13 #24 [The Mind\\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks

CyberheistNews Vol 13 #24 | June 13th, 2023 [The Mind\'s Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches. Let\'s drill down a bit more in the social engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill. "The most convincing social engineers can get into your head and convince you that someone you love is in danger. They use information they have learned about you and your loved ones to trick you into believing the message is truly from someone you know, and they use this invented scenario to play on your emotions and create a sense of urgency. The DBIR Figure 35 shows that Pretexting is now more prevalent than Phishing in Social Engineering incidents. However, when we look at confirmed breaches, Phishing is still on top." A social attack known as BEC, or business email compromise, can be quite intricate. In this type of attack, the perpetrator uses existing email communications and information to deceive the recipient into carrying out a seemingly ordinary task, like changing a vendor\'s bank account details. But what makes this attack dangerous is that the new bank account provided belongs to the attacker. As a result, any payments the recipient makes to that account will simply disappear. BEC Attacks Have Nearly Doubled It can be difficult to spot these attacks as the attackers do a lot of preparation beforehand. They may create a domain doppelganger that looks almost identical to the real one and modify the signature block to show their own number instead of the legitimate vendor. Attackers can make many subtle changes to trick their targets, especially if they are receiving many similar legitimate requests. This could be one reason why BEC attacks have nearly doubled across the DBIR entire incident dataset, as shown in Figure 36, and now make up over 50% of incidents in this category. Financially Motivated External Attackers Double Down on Social Engineering Timely detection and response is crucial when dealing with social engineering attacks, as well as most other attacks. Figure 38 shows a steady increase in the median cost of BECs since 2018, now averaging around $50,000, emphasizing the significance of quick detection. However, unlike the times we live in, this section isn\'t all doom and ]]> 2023-06-13T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-24-the-minds-bias-pretexting-now-tops-phishing-in-social-engineering-attacks www.secnews.physaphae.fr/article.php?IdArticle=8344804 False Spam,Malware,Vulnerability,Threat,Patching Uber,APT 37,ChatGPT,ChatGPT,APT 43 2.0000000000000000 The Register - Site journalistique Anglais Le groupe de Lazarus de la Corée du Nord lié à un cambriolage de portefeuille atomique North Korea\\'s Lazarus Group linked to Atomic Wallet heist Users\' cryptocurrency wallets look unlikely to be refilled The North Korean criminal gang Lazarus Group has been blamed for last weekend\'s attack on Atomic Wallet that drained at least $35 million in cryptocurrency from private accounts.…]]> 2023-06-08T23:04:13+00:00 https://go.theregister.com/feed/www.theregister.com/2023/06/08/lazarus_link_atomic_wallet/ www.secnews.physaphae.fr/article.php?IdArticle=8343424 False None APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le groupe Lazare blâmé pour le braquage du portefeuille atomique Lazarus Group Blamed for Atomic Wallet Heist Notorious North Korean group pegged for recent campaign]]> 2023-06-08T09:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-blamed-for-atomic/ www.secnews.physaphae.fr/article.php?IdArticle=8343266 False None APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Le groupe de piratage nord-coréen Lazarus lié à 35 millions de dollars de crypto-monnaie North Korean hacking group Lazarus linked to $35 million cryptocurrency heist

Les pirates nord-coréens nords du groupe de Lazare pourraient potentiellement être responsables du braquage de crypto-monnaie de 35 millions de dollars de la plate-forme de portefeuille décentralisée Atomic Wallet, selon les analystes.Utilisateurs de portefeuilles atomiques \\ 'portefeuilles ont été compromis Plus tôt la semaine dernière.Selon la société \\ de la société, déclaration , moins de 1% de ses clients actifs mensuels ont été affectés par le hack.

The notorious North Korean hackers of Lazarus Group could potentially be responsible for the $35 million cryptocurrency heist from the decentralized wallet platform Atomic Wallet, according to analysts. Atomic Wallet users\' wallets were compromised earlier last week. According to the company\'s statement, less than 1% of its monthly active customers were affected by the hack.]]> 2023-06-07T20:11:00+00:00 https://therecord.media/lazarus-group-attributed-to-atomic-wallet-heist-elliptic www.secnews.physaphae.fr/article.php?IdArticle=8343141 False None APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les hackers nord-coréens pardoient des sociétés de capital-risque au Japon, au Vietnam et aux États-Unis North Korean hackers spoof venture capital firms in Japan, Vietnam and US

AhnLab Security Emergency response Center (ASEC) has recently confirmed the Lazarus group, a group known to receive support on a national scale, carrying out attacks against Windows IIS web servers. Ordinarily, when threat actors perform a scan and find a web server with a vulnerable version, they use the vulnerability suitable for the version to install a web shell or execute malicious commands. The AhnLab Smart Defense (ASD) log displayed below in Figure 1 shows that Windows server systems are... ]]> 2023-05-23T01:00:00+00:00 https://asec.ahnlab.com/en/53132/ www.secnews.physaphae.fr/article.php?IdArticle=8338601 False Vulnerability,Threat APT 38 2.0000000000000000 The Register - Site journalistique Anglais Capita regardant une facture de & livre; 20m sur les frais de nettoyage de la violation Capita looking at a bill of £20M over breach clean-up costs Analyst says expense \'no small drop in ocean\' but reputational damage could be \'far greater\' Britain\'s leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million ($25.24 million).…]]> 2023-05-10T11:00:50+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/10/capita_breach_costs/ www.secnews.physaphae.fr/article.php?IdArticle=8335135 False None APT 32 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: l'environnement virtuel personnalisé cache Fluorshe Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution (published: May 5, 2023) McAfee researchers have detected a multi-stage attack that starts with a trojanized wextract.exe, Windows executable used to extract files from a cabinet (CAB) file. It was used to deliver the AgentTesla, Amadey botnet, LockBit ransomware, Redline Stealer, and other malicious binaries. To avoid detection, the attackers use obfuscation and disable Windows Defender through the registry thus stopping users from turning it back on through the Defender settings. Analyst Comment: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioral analysis defenses and social engineering training. Users should report suspicious files with double extensions such as .EXE.MUI. Indicators associated with this campaign are available in the Anomali platform and users are advised to block these on their infrastructure. MITRE ATT&CK: [MITRE ATT&CK] T1562.001: Disable or Modify Tools | [MITRE ATT&CK] T1555 - Credentials From Password Stores | [MITRE ATT&CK] T1486: Data Encrypted for Impact | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information Tags: malware:Amadey, malware-type:Botnet, malware:RedLine, malware:AgentTesla, malware-type:Infostealer, malware:LockBit, malware-type:Ransomware, abused:Wextract.exe, file-type:CAB, file-type:EXE, file-type:MUI, target-program:Windows Defender, target-system:Windows Eastern Asian Android Assault – FluHorse (published: May 4, 2023) Active since May 2022, a newly-detected Android stealer dubbed FluHorse spreads mimicking popular apps or as a fake dating application. According to Check Point researchers, FluHorse was targeting East Asia (Taiwan and Vietnam) while remaining undetected for months. This stealthiness is achieved by sticking to minimal functions while also relying on a custom virtual machine that comes with the Flutter user interface software development kit. FluHorse is being distributed via emails that prompt the recipient to install the app and once installed, it asks for the user’s credit card or banking data. If a second factor authentication is needed to commit banking fraud, FluHorse tells the user to wait for 10-15 minutes while intercepting codes by installing a listener for all incoming SMS messages. Analyst Comment: FluHorse\'s ability to remain undetected for months makes it a dangerous threat. Users should avoid installing applications following download links received via email or other messaging. Verify the app authenticity on the official com]]> 2023-05-09T20:02:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-custom-virtual-environment-hides-fluhorse-babyshark-evolved-into-reconshark-fleckpe-infected-apps-add-expensive-subscriptions www.secnews.physaphae.fr/article.php?IdArticle=8334939 False Malware,Tool,Threat APT 37,APT 43 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft met en garde contre les attaques parrainées par l'État exploitant la vulnérabilité critique de papier Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant\'s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint]]> 2023-05-09T14:23:00+00:00 https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html www.secnews.physaphae.fr/article.php?IdArticle=8334732 False Vulnerability,Threat APT 35 2.0000000000000000 AhnLab - Korean Security Firm AHNLAB EDR suit et répond contre le fichier de liaison (* .lnk) Distribution de Rokrat AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT Ahnlab Security Emergency Response Center (ASEC) a partagé des informations concernant le groupe de menaces Redeyes (également connu sous le nom d'APT37, Scarcruft), qui a distribué CHM malware déguisé en e-mail de sécurité d'une société financière coréenne le mois dernier.Le fichier LNK contient une commande PowerShell et effectue un comportement malveillant sans la connaissance de l'individu qui utilise le fichier PDF normal en créant et en exécutant des fichiers de script ainsi que des fichiers normaux dans le chemin d'accès temporaire.Si un fichier LNK malveillant est injecté dans un ...

AhnLab Security Emergency response Center (ASEC) has shared information regarding the RedEyes threat group (also known as APT37, ScarCruft), who distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month. The LNK file contains a PowerShell command and performs malicious behavior without the knowledge of the individual who uses the normal pdf file by creating and executing script files along with normal files in the temp path. If a malicious LNK file is injected into a... ]]> 2023-05-07T23:30:00+00:00 https://asec.ahnlab.com/en/52172/ www.secnews.physaphae.fr/article.php?IdArticle=8334177 False Malware,Threat APT 37 2.0000000000000000 GoogleSec - Firm Security Blog Faire l'authentification plus rapidement que jamais: Passkeys vs mots de passe Making authentication faster than ever: passkeys vs. passwords Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. They are designed to enhance online security for users. Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems. Passkeys can be used in two different ways: on the same device or from a different device. For example, if you need to sign in to a website on an Android device and you have a passkey stored on that same device, then using it only involves unlocking the phone. On the other hand, if you need to sign in to that website on the Chrome browser on your computer, you simply scan a QR code to connect the phone and computer to use the passkey.The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. Google and other FIDO members have been working together on enhancing the underlying technology of passkeys over the last few years to improve their usability and convenience. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. A credential is only registered once on a user\'s personal device, and then the device proves possession of the registered credential to the remote server by asking the user to use their device\'s screen lock. The user\'s biometric, or other screen lock data, is never sent to Google\'s servers - it stays securely stored on the device, and only cryptographic proof that the user has correctly provided it is sent to Google. Passkeys are also created and stored on your devices and are not sent to websites or apps. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.Learn more on how passkey works under the hoo]]> 2023-05-05T12:00:43+00:00 http://security.googleblog.com/2023/05/making-authentication-faster-than-ever.html www.secnews.physaphae.fr/article.php?IdArticle=8333804 False None APT 38,APT 15,APT 10,Guam 2.0000000000000000 Dark Reading - Informationweek Branch L'APT nord-coréen se déplace dans le blocage des macro avec un changement LNK North Korean APT Gets Around Macro-Blocking With LNK Switch-Up APT37 is among a growing list of threat actors that have switched to Windows shortcut files after Microsoft blocked macros last year.]]> 2023-05-02T16:47:00+00:00 https://www.darkreading.com/attacks-breaches/north-korean-apt-gets-around-macro-blocking-with-lnk-switch-up www.secnews.physaphae.fr/article.php?IdArticle=8332893 False Threat APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Scarcruft de la Corée du Nord déploie des logiciels malveillants Rokrat via des chaînes d'infection des fichiers LNK North Korea\\'s ScarCruft Deploys RokRAT Malware via LNK File Infection Chains The North Korean threat actor known as ScarCruft began experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate]]> 2023-05-02T12:24:00+00:00 https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html www.secnews.physaphae.fr/article.php?IdArticle=8332732 False Malware,Threat APT 37 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: APT37 adopte les fichiers LNK, Charming Kitten utilise le bordereau d'implant Bellaciao, le cryptage de remappage d'octet unique Vipersoftx InfostEaler Anomali Cyber Watch: APT37 Adopts LNK Files, Charming Kitten Uses BellaCiao Implant-Dropper, ViperSoftX Infostealer Unique Byte Remapping Encryption Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces Réaction en chaîne: Rokrat & rsquo; s.Lien manquant (Publié: 1er mai 2023) Depuis 2022, le groupe parrainé par le Nord-Korea APT37 (Group123, Ricochet Chollima) a principalement changé ses méthodes de livraison de Maldocs pour cacher des charges utiles à l'intérieur des fichiers LNK surdimensionnés.Vérifier les chercheurs a identifié plusieurs chaînes d'infection utilisées par le groupe de juillet 2022 à avril 2023. Celles-ci ont été utilisées pour livrer l'un des outils personnalisés de l'APT37 (Goldbackdoor et Rokrat), ou le malware de marchandises Amadey.Tous les leurres étudiés semblent cibler des personnes coréennes avec des sujets liés à la Corée du Sud. Commentaire de l'analyste: Le passage aux chaînes d'infection basées sur LNK permet à APT37 de l'interaction utilisateur moins requise car la chaîne peut être déclenchée par un simple double clic.Le groupe continue l'utilisation de Rokrat bien triés qui reste un outil furtif avec ses couches supplémentaires de cryptage, le cloud C2 et l'exécution en mémoire.Les indicateurs associés à cette campagne sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquerleur infrastructure. mitre att & amp; ck: [mitre att & amp; ck] t1059.001: Powershell | [mitre att & amp; ck] t1055 - injection de processus | [mitre att & amp; ck] t1027 - fichiers ou informations obscurcis | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1204.002 - Exécution des utilisateurs: fichier malveillant | [mitre att & amp; ck] t1059.005 - commande et script interprète: visuel basique | [mitre att & amp; ck] t1140 - désobfuscate / décode ou informations | [mitre att & amp; ck] T1218.011 - Exécution par proxy binaire signée: Rundll32 Tags: malware: Rokrat, mitre-software-id: s0240, malware-Type: Rat, acteur: Groupe123, mitre-groupe: APT37, acteur: Ricochet Chollima, Country source: Corée du Nord, Country source: KP, Cible-Country: Corée du Sud, Cible-Country: KR, Type de fichier: Zip, déposer-Type: Doc, Fichier-Type: ISO, Fichier-Type: LNK, File-Type: Bat, File-Type: EXE, Fichier-Type: VBS, malware: Amadey,MALWARE: Goldbackdoor, Type de logiciels malveillants: porte dérobée, abusée: Pcloud, abusé: Cloud Yandex, abusé: OneDrive, abusé: & # 8203; & # 8203; Processeur de mots Hangul, abusé: themida, système cible: Windows ]]> 2023-05-01T23:16:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt37-adopts-lnk-files-charming-kitten-uses-bellaciao-implant-dropper-vipersoftx-infostealer-unique-byte-remapping-encryption www.secnews.physaphae.fr/article.php?IdArticle=8332656 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Cloud APT 37,APT 37,APT 35 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Réaction en chaîne: le lien manquant de Rokrat \\ Chain Reaction: ROKRAT\\'s Missing Link Introduction des principales conclusions des nombreux rapports sur APT37 Au cours des derniers mois, à l'annonce de Mandiant \\ sur & # 160; APT43, beaucoup d'attention est actuellement axée sur les acteurs des menaces nord-coréennes & # 8211;Et pour raison.La Corée du Nord a une longue histoire d'attaque de son voisin du sud, en particulier par la cyber-guerre qui se poursuit aujourd'hui.Dans ce [& # 8230;]

>Key findings Introduction From the many reports on APT37 in recent months, to Mandiant\'s announcement on APT43, a lot of attention is currently focused on North Korean threat actors – and with good reason. North Korea has a long history of attacking its southern neighbor, especially by means of cyber warfare which continues today. In this […] ]]> 2023-05-01T11:32:18+00:00 https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/ www.secnews.physaphae.fr/article.php?IdArticle=8332629 False Threat APT 37,APT 43 2.0000000000000000 Recorded Future - FLux Recorded Future Iran apt utilisant \\ 'Bellaciao \\' malware contre les cibles aux États-Unis, en Europe et en Asie Iran APT using \\'BellaCiao\\' malware against targets in US, Europe and Asia

Un groupe de piratage parrainé par l'État iranien a été accusé d'avoir déployé une nouvelle souche de logiciels malveillants nommé Bellaciao contre plusieurs victimes aux États-Unis, en Europe, en Inde, en Turquie et dans d'autres pays.Des chercheurs de la société de cybersécurité Bitdefender [attribuée] (https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciaooo-a-closer-look-at-irans-latest-malware/) le maline à APT35 / APT42 & #8211;également connu sous le nom de Mint Sandstorm ou Charming Kitten & # 8211;un groupe de menaces persistantes avancé qui

An Iranian state-sponsored hacking group has been accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries. Researchers from cybersecurity firm Bitdefender [attributed](https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/) the malware to APT35/APT42 – also known as Mint Sandstorm or Charming Kitten – an advanced persistent threat group that]]> 2023-04-30T16:51:00+00:00 https://therecord.media/iran-apt-charming-kitten-bellaciao-malware-us-europe-asia www.secnews.physaphae.fr/article.php?IdArticle=8332393 False Malware,Threat APT 35,APT 42 3.0000000000000000 Dark Reading - Informationweek Branch \\ 'Bellaciao \\' présente comment les groupes de menaces d'Iran \\ modernisent leur malware \\'BellaCiao\\' Showcases How Iran\\'s Threat Groups Are Modernizing Their Malware The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.]]> 2023-04-28T20:18:35+00:00 https://www.darkreading.com/cloud/bellaciao-showcases-iran-threat-groups-modernizing-malware www.secnews.physaphae.fr/article.php?IdArticle=8331989 False Malware,Threat APT 35 2.0000000000000000 IT Security Guru - Blog Sécurité Chaton charmant utilisant de nouveaux logiciels malveillants dans des attaques multi-pays Charming Kitten Using New Malware in Multi-Country Attacks Charming Kitten, the infamous Iranian nation-state group, is actively targeting victims across Europe, U.S., India and Middle East with a new malware dubbed BellaCiao. The malware is the latest in their expansive custom tool kit. BellaCiao was discovered by Bitdefender, who describe the malware as a “personalised dropper” that’s capable of delivering malware payloads onto […] ]]> 2023-04-28T01:30:56+00:00 https://www.itsecurityguru.org/2023/04/28/charming-kitten-using-new-malware-in-multi-country-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=charming-kitten-using-new-malware-in-multi-country-attacks www.secnews.physaphae.fr/article.php?IdArticle=8331819 True Malware,Tool APT 35,APT 35 2.0000000000000000 Dark Reading - Informationweek Branch Les noms d'acteurs de menace prolifèrent, ajoutant de la confusion Threat Actor Names Proliferate, Adding Confusion Goodbye, PHOSPHORUS! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?]]> 2023-04-27T19:57:00+00:00 https://www.darkreading.com/threat-intelligence/threat-actor-names-proliferate-adding-confusion www.secnews.physaphae.fr/article.php?IdArticle=8331672 False Threat APT 35 2.0000000000000000 Dark Reading - Informationweek Branch Lazare, Scarcruft nord-coréen Apts Shift Tactics, prospère Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive As threat actors around the world grow and evolve, APTs from the DPRK stand out for their spread and variety of targets.]]> 2023-04-27T19:50:44+00:00 https://www.darkreading.com/endpoint/lazarus-scarcruft-north-korean-apts-shift-tactics-thrive www.secnews.physaphae.fr/article.php?IdArticle=8331690 False Threat APT 38,APT 37 2.0000000000000000 The State of Security - Magazine Américain Chichette charmante cible l'infrastructure critique aux États-Unis et ailleurs avec des logiciels malveillants de Bellaciao Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been operating since at least 2011, making a name for itself by targeting activists and journalists in the Middle East, as well as organisations in the United States, UK, Israel, and elsewhere. Earlier this month, Microsoft announced that the group, which...]]> 2023-04-27T10:17:55+00:00 https://www.tripwire.com/state-of-security/charming-kitten-targets-critical-infrastructure-us-and-elsewhere-bellaciao www.secnews.physaphae.fr/article.php?IdArticle=8331600 False Malware APT 35,APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Charmant Kitten \\'s New Bellaciao Malware découvert dans les attaques multi-pays Charming Kitten\\'s New BellaCiao Malware Discovered in Multi-Country Attacks The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that\'s capable of delivering other malware payloads onto a victim machine based on commands received]]> 2023-04-26T18:46:00+00:00 https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8331253 False Malware APT 35,APT 35 3.0000000000000000 AhnLab - Korean Security Firm ROKRAT Malware distribué via des fichiers LNK (* .lnk): redeyes (Scarcruft) RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft) Ahnlab Security Emergency Response Center (ASEC) a confirmé que le groupe de menaces Redeyes (également connu sous le nom d'APT37, Scarcruft), qui a distribué CHM malware déguisé en e-mail de sécurité d'une société financière coréenne le mois dernier, a également récemment distribué les logiciels malveillants Rokrat via des fichiers LNK.Rokrat est un logiciel malveillant capable de collecter des informations d'identification des utilisateurs et de télécharger des logiciels malveillants supplémentaires.Le malware était autrefois distribué via des fichiers HWP et Word.Les fichiers LNK qui ont été découverts cette fois contiennent des commandes PowerShell qui peuvent effectuer des malveillants ...

AhnLab Security Emergency response Center (ASEC) confirmed that the RedEyes threat group (also known as APT37, ScarCruft), which distributed CHM Malware Disguised as Security Email from a Korean Financial Company last month, has also recently distributed the RokRAT malware through LNK files. RokRAT is malware that is capable of collecting user credentials and downloading additional malware. The malware was once distributed through HWP and Word files. The LNK files that were discovered this time contain PowerShell commands that can perform malicious... ]]> 2023-04-25T23:30:00+00:00 https://asec.ahnlab.com/en/51751/ www.secnews.physaphae.fr/article.php?IdArticle=8331109 False Malware,Threat APT 37 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates iraniens lancent des attaques sophistiquées ciblant Israël avec une porte dérobée impuissante Iranian Hackers Launch Sophisticated Attacks Targeting Israel with Powerless Backdoor An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that\'s designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt]]> 2023-04-25T18:34:00+00:00 https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html www.secnews.physaphae.fr/article.php?IdArticle=8330923 False Threat APT 35 3.0000000000000000