www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-10T20:19:37+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) APT28 soutenu par le Kremlin cible les institutions polonaises dans une campagne de logiciels malveillants à grande échelle Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient\'s interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the link]]> 2024-05-09T20:50:00+00:00 https://thehackernews.com/2024/05/kremlin-backed-apt28-targets-polish.html www.secnews.physaphae.fr/article.php?IdArticle=8496647 False Malware APT 28 3.0000000000000000 Global Security Mag - Site de news francais Lorsque les cyberattaques menacent la démocratie Wenn Cyberangriffe die Demokratie bedrohen rapports spéciaux / / affiche

Ermittlungen haben ergeben, dass die russische Hackergruppe APT28 (Advanced Persistent Threat) auch Fancy Bear, Forest Blizzard oder Pawn Storm genannt, hinter den Cyberangriffen auf E-Mail-Konten der SPD im Januar 2023 steckt. - Sonderberichte / affiche]]> 2024-05-08T12:53:05+00:00 https://www.globalsecuritymag.fr/wenn-cyberangriffe-die-demokratie-bedrohen.html www.secnews.physaphae.fr/article.php?IdArticle=8495923 False None APT 28 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite 6 mai & # 8211;Rapport de renseignement sur les menaces 6th May – Threat Intelligence Report Pour les dernières découvertes en cyberLes meilleures attaques et violations dans une déclaration conjointe avec l'Allemagne et l'OTAN, la République tchèque a découvert une campagne de cyber-espionnage par l'acteur affilié à l'État russe APT28.Ces cyberattaques ont ciblé les institutions tchèques utilisant une nouvelle vulnérabilité dans Microsoft [& # 8230;]

>For the latest discoveries in cyber research for the week of 29th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES In a joint statement with Germany and NATO, the Czech Republic uncovered a cyber espionage campaign by Russian state affiliated actor APT28. These cyber-attacks targeted Czech institutions using a new vulnerability in Microsoft […] ]]> 2024-05-06T11:21:36+00:00 https://research.checkpoint.com/2024/6th-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8494575 False Vulnerability,Threat APT 28 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les pirates russes de l'APT28 exploitent les perspectives de vue pour cibler les organisations tchèques, allemandes et polonaises Russian APT28 hackers exploit Outlook flaw to target Czech, German, Polish organizations La Tchéche conjointement avec l'Allemagne, la Lituanie, la Pologne, la Slovaquie, la Suède, l'Union européenne, l'OTAN et les partenaires internationaux condamnent le ...

>The Czechia jointly with Germany, Lithuania, Poland, Slovakia, Sweden, the European Union, NATO, and international partners condemns the... ]]> 2024-05-06T11:07:37+00:00 https://industrialcyber.co/critical-infrastructure/russian-apt28-hackers-exploit-outlook-flaw-to-target-czech-german-polish-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8494573 False Threat APT 28 4.0000000000000000 Zataz - Magazine Francais de secu Le retour des cyber ours russes dans les affaires politiques mondiales ? 2024-05-05T13:18:36+00:00 https://www.zataz.com/le-retour-des-cyber-ours-russes-dans-les-affaires-politiques-mondiales/ www.secnews.physaphae.fr/article.php?IdArticle=8494072 False None APT 28 2.0000000000000000 Techworm - News Les cyberattaques de la Russie contre l'Allemagne condamnées par l'UE et l'OTAN Russia’s cyberattacks against Germany condemned by EU and NATO hackers russes ne ralentissent pas dans les cyberattaques. L'attaque présumée s'est produite contre le Parti social-démocrate (SPD).Leurs comptes de messagerie ont été compromis dans l'attaque. Cette saga de piratage a commencé il y a plus de deux ans pendant la guerre russe-Ukraine et elle a progressivement augmenté au cours du temps. comment il a commencé Un groupe appelé APT28, également connu sous le nom de Fancy Bear, qui aurait des liens avec le gouvernement russe, a été accusé d'avoir fait de nombreuses cyberattaques partout dans le monde, y compris en Allemagne et quelques entités tchèques. Russian Cyberattack sur l'Allemagne

Ils ont trouvé un Vulnérabilité Dans Microsoft Outlook et l'utiliser pour entrer dans les e-mails SPD. La vulnérabilité, un CVE-2023-23397 zéro-jour, est un bogue d'escalade de privilège essentiel dans Outlook qui pourrait permettre aux attaquants d'accéder aux hachages net-ntlmv2, puis de les utiliser pour s'authentifier à l'aide d'une attaque de relais. Le gouvernement allemand dit que non seulement le SPD mais aussi les entreprises allemandes en défense et en aérospatiale. Il comprenait également des objectifs de technologie de l'information, ainsi que des choses liées à la guerre en Ukraine. Ces cyberattaques ont commencé vers mars 2022, après que la Russie ait envahi l'Ukraine. Le gouvernement allemand a allégué que le service de renseignement militaire de la Russie, Gru, était derrière ces attaques. Ils ont même convoqué un diplomate russe en réponse à ces accusations. La Russie a nié les allégations La Russie a nié les allégations et appelé les accusations comme & # 8220; non fondée et sans fondement & # 8221;. Le gouvernement dirigé par Poutine a nié des cyber-incidences similaires aux actes parrainés par l'État dans le passé. L'Occident a été rigide dans son récit de l'implication de la Russie dans les cyberattaques depuis des décennies maintenant. pas le premier rodéo Récemment, le ministre australien des Affaires étrangères a rejoint d'autres pays en disant que l'APT28, qui serait lié à la Russie, était derrière certaines cyberattaques. Ce n'est pas la première fois que les pirates russes sont accusés d'espionnage de l'Allemagne. En 2020, Angela Merkel, qui était la chancelière de l'Allemagne à l'époque, a accusé la Russie de l'espionner. Un incident majeur imputé aux pirates russes a été en 2015 lorsqu'ils ont attaqué le Parlement de l'Allemagne, ce qui l'a fait fermer pendant des jours. ]]> 2024-05-04T21:52:07+00:00 https://www.techworm.net/2024/05/russian-cyberattack-germany-czechoslovakia.html www.secnews.physaphae.fr/article.php?IdArticle=8493664 False Hack,Vulnerability,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Outlook Flaw exploité par Russia \\'s APT28 à pirater les entités tchèques, allemandes Microsoft Outlook Flaw Exploited by Russia\\'s APT28 to Hack Czech, German Entities Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic\'s Ministry of Foreign Affairs (MFA), in a statement, said some unnamed]]> 2024-05-04T14:08:00+00:00 https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html www.secnews.physaphae.fr/article.php?IdArticle=8493491 False Hack APT 28 3.0000000000000000 Bleeping Computer - Magazine Américain L'OTAN et l'UE condamnent les cyberattaques de la Russie contre l'Allemagne, la Tchéche NATO and EU condemn Russia\\'s cyberattacks against Germany, Czechia NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...]]]> 2024-05-03T11:47:35+00:00 https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/ www.secnews.physaphae.fr/article.php?IdArticle=8493049 False Threat APT 28 3.0000000000000000 TrendLabs Security - Editeur Antivirus Routeur Roulette: Cybercriminaux et États-nations partageant des réseaux compromis Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm\'s exploitation of EdgeRouters, complementing the FBI\'s advisory from February 27, 2024.]]> 2024-05-01T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/e/router-roulette.html www.secnews.physaphae.fr/article.php?IdArticle=8491686 False None APT 28 3.0000000000000000 HackRead - Chercher Cyber Russian APT28 Exploitation de Windows Vulnérabilité avec outil d'Oeeegg Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool Par waqas Mettez à jour les fenêtres maintenant ou soyez piraté: Microsoft met en garde contre la vulnérabilité activement exploitée! Ceci est un article de HackRead.com Lire le post original: Russian APT28 Exploitation de Windows Vulnérabilité avec l'outil Gooseegg

>By Waqas Update Windows Now or Get Hacked: Microsoft Warns of Actively Exploited Vulnerability! This is a post from HackRead.com Read the original post: Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool]]> 2024-04-24T11:54:21+00:00 https://www.hackread.com/russia-apt28-windows-vulnerability-gooseegg-tool/ www.secnews.physaphae.fr/article.php?IdArticle=8487950 False Tool,Vulnerability APT 28 3.0000000000000000 Techworm - News Les pirates de la Russie ont exploité Windows Flaw pour déployer & # 8216; GooseEgg & # 8217;Malware Russia’s APT28 Hackers Exploited Windows Flaw To Deploy ‘GooseEgg’ Malware son avis . Microsoft a observé APT28 en utilisant GooseEgg dans le cadre des activités post-compromis contre diverses cibles, y compris les organisations gouvernementales, non gouvernementales, de l'éducation et des transports en Ukraine, en Europe occidentale et en Amérique du Nord. Bien que Gooseegg soit une application de lanceur simple, il peut engendrer d'autres applications sur la ligne de commande avec des autorisations élevées. Cela permet aux acteurs de menace de prendre en charge les activités malveillantes telles que l'exécution du code distant, l'installation d'une porte dérobée et le déplacement latéralement à travers des réseaux compromis. Les gouvernements américains et britanniques ont lié Forest Blizzard à l'unité 26165 de la Fédération de Russie \'s Military Intelligence Agency, la principale Direction du renseignement de l'état-major général des Forces armées de la Fédération de Russie (GRU). «Microsoft a observé qu'après avoir obtenu l'accès à un appareil cible, Forest Blizzard utilise GooseEgg pour élever les privilèges dans l'environnement.GooseEgg est généralement déployé avec un script de lot, que nous avons observé en utilisant le nom execute.bat et doit.bat .Ce script de lot écrit le fichier servtask.bat, qui contient des commandes pour enregistrer / compresser les ruches de registre.Le script de lot invoque l'exécutable de GooseEgg apparié et configure la persistance en tant que tâche planifiée conçue pour exécuter servtask.bat », lit le Advisory publié par Microsoft lundi. Les chercheurs de Microsoft ont noté qu'un fichier DLL malveillant intégré généralement, qui comprend l'expression « wayzgoose»; par exemple, wayzgoose23.dll , est une application de lanceur utilisée par la menaceLes acteurs doivent lancer d'autres charges utiles avec des autorisations au niveau du système et installer une porte dérobée, se déplacer latéralement dans le réseau de la victime et exécuter à distance le code sur les systèmes violés. Comme mentionné précédemment, la société a corrigé le défaut de sécurité des spouleurs imprimés en 2022. Il a également corrigé les vulnérabilités imprimées précédemment exploitées en 2021. «Les clients qui n'ont pas encore mis en œuvre ces correctifs sont invités à le faire dès que possible pour la sécurité de leur organisation», a déclaré Microsoft dans son avis. De plus, la société recommande également de dé]]> 2024-04-23T22:47:49+00:00 https://www.techworm.net/2024/04/russia-apt28-hackers-exploit-windows-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8487554 False Malware,Tool,Vulnerability,Threat APT 28 3.0000000000000000 Dark Reading - Informationweek Branch Russie \\'s Fancy Bear Pummels Windows Print Spooler Bogue Russia\\'s Fancy Bear Pummels Windows Print Spooler Bug The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.]]> 2024-04-23T13:21:39+00:00 https://www.darkreading.com/endpoint-security/russia-fancy-bear-pummels-windows-print-spooler-bug www.secnews.physaphae.fr/article.php?IdArticle=8487418 False Tool,Threat APT 28 3.0000000000000000 SecurityWeek - Security News Les cyberespaces russes livrent \\ 'gooseegg \\' malware aux organisations gouvernementales Russian Cyberspies Deliver \\'GooseEgg\\' Malware to Government Organizations Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. ]]> 2024-04-23T12:50:57+00:00 https://www.securityweek.com/russian-cyberspies-deliver-gooseegg-malware-to-government-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8487450 False Malware,Tool APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) La Russie \\'s APT28 exploite Windows Print Spooler Flaw to déploier \\ 'gooseegg \\' malware Russia\\'s APT28 Exploited Windows Print Spooler Flaw to Deploy \\'GooseEgg\\' Malware The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for]]> 2024-04-23T09:53:00+00:00 https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html www.secnews.physaphae.fr/article.php?IdArticle=8487211 False Malware,Tool,Threat APT 28 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Groupe russe APT28 dans la nouvelle campagne de piratage «Gooseegg» Russian APT28 Group in New “GooseEgg” Hacking Campaign Microsoft has warned of a long-running credential stealing campaign from Russia\'s APT28]]> 2024-04-23T08:45:00+00:00 https://www.infosecurity-magazine.com/news/russian-apt28-gooseegg-hacking/ www.secnews.physaphae.fr/article.php?IdArticle=8487291 False None APT 28 3.0000000000000000 The Register - Site journalistique Anglais Old Windows Print Spooler Bug est la dernière cible du gang d'ours sophistiqué de la Russie Old Windows print spooler bug is latest target of Russia\\'s Fancy Bear gang Putin\'s pals use \'GooseEgg\' malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…]]> 2024-04-23T01:15:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/23/russia_fancy_bear_goose_egg/ www.secnews.physaphae.fr/article.php?IdArticle=8487124 False Malware,Tool,Vulnerability,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Groupe de pirates APT28 ciblant l'Europe, les Amériques, l'Asie dans un schéma de phishing généralisé APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated]]> 2024-03-18T11:29:00+00:00 https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html www.secnews.physaphae.fr/article.php?IdArticle=8465853 False Threat APT 28 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI 2024-03-05T19:03:47+00:00 https://community.riskiq.com/article/ed40fbef www.secnews.physaphae.fr/article.php?IdArticle=8459485 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Medical,Technical ChatGPT,APT 28,APT 4 2.0000000000000000 SecurityWeek - Security News Le gouvernement américain exhorte le nettoyage des routeurs infectés par l'APT28 de la Russie US Government Urges Cleanup of Routers Infected by Russia\\'s APT28 The US government says Russia\'s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide. ]]> 2024-02-28T12:36:12+00:00 https://www.securityweek.com/us-government-urges-cleanup-of-routers-infected-by-russias-apt28/ www.secnews.physaphae.fr/article.php?IdArticle=8456413 False None APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les agences de cybersécurité avertissent les utilisateurs d'Ubiquiti Edgerouter de la menace moobot d'APT28 \\ Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28\\'s MooBot Threat In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as]]> 2024-02-28T11:17:00+00:00 https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html www.secnews.physaphae.fr/article.php?IdArticle=8456273 False Threat APT 28 2.0000000000000000 The Register - Site journalistique Anglais Ce botnet de routeur domestique que les fédéraux ont enlevé?Moscou va probablement réessayer That home router botnet the Feds took down? Moscow\\'s probably going to try again Takedown d'un botnet géré par la Russie sur les routeurs OBICiti OS compromis & # 8211;Sous la forme d'un avertissement que la Russie peut réessayer, de sorte que les propriétaires des appareils devraient prendre des précautions.… ]]> 2024-02-28T04:32:14+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/28/ubiquiti_botnet_second_warning/ www.secnews.physaphae.fr/article.php?IdArticle=8456233 False None APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates russes détournent les routeurs Ubiquiti pour lancer des attaques furtives Russian hackers hijack Ubiquiti routers to launch stealthy attacks Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. [...]]]> 2024-02-27T12:25:08+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-hijack-ubiquiti-routers-to-launch-stealthy-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8455988 False None APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Le gouvernement américain perturbe le botnet lié à la russe engagé dans le cyber-espionnage U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S.]]> 2024-02-16T12:19:00+00:00 https://thehackernews.com/2024/02/us-government-disrupts-russian-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8450766 False None APT 28 2.0000000000000000 Dark Reading - Informationweek Branch Le DOJ brise le botnet militaire russe dans le démontage de l'ours fantaisie DoJ Breaks Russian Military Botnet in Fancy Bear Takedown The feds disrupted a Russian intelligence SOHO router botnet notable for being built with Moobot malware rather than custom code.]]> 2024-02-15T20:29:21+00:00 https://www.darkreading.com/cyberattacks-data-breaches/doj-breaks-russian-military-botnet- www.secnews.physaphae.fr/article.php?IdArticle=8450559 False Malware APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers russes APT28 ciblant les orgs de grande valeur avec des attaques de relais NTLM Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with]]> 2024-02-02T20:19:00+00:00 https://thehackernews.com/2024/02/russian-apt28-hackers-targeting-high.html www.secnews.physaphae.fr/article.php?IdArticle=8446026 False None APT 28 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine L'assaut Net-Ntlmv2 furtif de Pawn Storm \\ a révélé Pawn Storm\\'s Stealthy Net-NTLMv2 Assault Revealed Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation]]> 2024-01-31T16:30:00+00:00 https://www.infosecurity-magazine.com/news/pawn-storms-stealthy-net-ntlmv2/ www.secnews.physaphae.fr/article.php?IdArticle=8445246 False Prediction APT 28 3.0000000000000000 TrendLabs Security - Editeur Antivirus Pawn Storm utilise la force brute et la furtivité contre les cibles de grande valeur Pawn Storm Uses Brute Force and Stealth Against High-Value Targets Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.]]> 2024-01-31T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html www.secnews.physaphae.fr/article.php?IdArticle=8445083 False None APT 28 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) APT28: de l'attaque initiale à la création de menaces à un contrôleur de domaine en une heure APT28: From Initial Attack to Creating Threats to a Domain Controller in an Hour #### Description Between December 15-25, 2023, a series of cyberattacks were identified involving the distribution of emails containing links to purported "documents" among government organizations. Clicking on these links resulted in malware infecting computers. Investigation revealed that the links redirected victims to a website where a JavaScript-based download initiated a shortcut file. Opening this file triggered a PowerShell command to download and execute a decoy document, a Python interpreter, and a classified MASEPIE file named Client.py. Subsequently, various tools including OPENSSH, STEELHOOK PowerShell scripts, and the OCEANMAP backdoor were downloaded, with additional tools like IMPACKET and SMBEXEC created for network reconnaissance and lateral movement. The overall tactics, techniques, and tools used pointed to the APT28 group. Notably, the attack strategy indicated a broader plan to compromise the entire organization\'s information and communication system, emphasizing the potential threat to the entire network. Similar attacks were also reported against Polish organizations. #### Reference URL(s) 1. https://cert.gov.ua/article/6276894 #### Publication Date January 3, 2024 #### Author(s) CERT-UA ]]> 2024-01-03T19:16:54+00:00 https://community.riskiq.com/article/3c424c10 www.secnews.physaphae.fr/article.php?IdArticle=8433900 False Malware,Tool,Threat APT 28 4.0000000000000000 Recorded Future - FLux Recorded Future Nouveau malware trouvé dans l'analyse des hacks russes sur l'Ukraine, en Pologne New malware found in analysis of Russian hacks on Ukraine, Poland

Les chercheurs ont découvert une nouvelle opération de cyber contre des organisations ukrainiennes et polonaises, l'attribuant au groupe de pirates russes contrôlé par l'État connu sous le nom de Fancy Bear.Lors des attaques de décembre, des pirates russes ont envoyé des courriels de phishing à leurs victimes avec des pièces jointes malveillantes.Une fois ouverts, ces pièces jointes infectées par les appareils ciblés par le nouveau malware Masepie, selon [un

Researchers have discovered a new cyber operation against Ukrainian and Polish organizations, attributing it to the Russian state-controlled hacker group known as Fancy Bear. During the attacks in December, Russian hackers sent phishing emails to their victims with malicious attachments. Once opened, these attachments infected targeted devices with the novel Masepie malware, according to [a]]> 2023-12-29T13:18:00+00:00 https://therecord.media/fancy-bear-apt28-ukraine-new-malware-masepie www.secnews.physaphae.fr/article.php?IdArticle=8430796 False Malware APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers russes APT28 ciblant 13 nations dans une campagne de cyber-espionnage en cours Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and]]> 2023-12-12T20:22:00+00:00 https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html www.secnews.physaphae.fr/article.php?IdArticle=8421570 False Threat APT 28 3.0000000000000000 Recorded Future - FLux Recorded Future Plus de preuves du renseignement russe exploitant de vieilles perspectives de faille More evidence of Russian intelligence exploiting old Outlook flaw

Les chercheurs en cybersécurité ont découvert une autre campagne dans laquelle les pirates associés aux renseignements militaires de la Russie exploitent une vulnérabilité dans les logiciels Microsoft pour cibler des entités critiques, y compris celles des pays membres de l'OTAN.Selon un Rapport par Palo Alto Networks \\ 'Unit 42, l'acteur de menace russe connue sous le nom de Fancy Bear ou APT28 a violé Microsoft Outlook sur

Cybersecurity researchers have discovered another campaign in which hackers associated with Russia\'s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries. According to a report by Palo Alto Networks\' Unit 42, the Russian threat actor known as Fancy Bear or APT28 breached Microsoft Outlook over]]> 2023-12-08T15:16:00+00:00 https://therecord.media/microsoft-outlook-vulnerability-apt28-hackers-russia-nato www.secnews.physaphae.fr/article.php?IdArticle=8420218 False Vulnerability,Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft met en garde contre APT28 soutenu par le Kremlin exploitabilité de la vulnérabilité des perspectives critiques Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims\' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28,]]> 2023-12-05T12:29:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-kremlin-backed-apt28.html www.secnews.physaphae.fr/article.php?IdArticle=8419205 False Vulnerability,Threat APT 28 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Russian APT28 exploite Outlook Bug pour accéder à l'échange Russian APT28 Exploits Outlook Bug to Access Exchange Notorious Russian APT28 group is actively exploiting CVE-2023-23397 to hijack Exchange email accounts]]> 2023-12-05T10:40:00+00:00 https://www.infosecurity-magazine.com/news/russian-apt28-exploits-outlook-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8419247 False None APT 28 3.0000000000000000 Global Security Mag - Site de news francais Cybersécurité : les dernières activités du groupe de cybercriminels russe TA422 Malwares]]> 2023-12-05T10:24:45+00:00 https://www.globalsecuritymag.fr/Cybersecurite-la-defense-l-aerospatial-la-finance-la-production-et-la.html www.secnews.physaphae.fr/article.php?IdArticle=8419243 False None APT 28 3.0000000000000000 ProofPoint - Cyber Firms TA422 \\ Soule d'exploitation dédiée - la même semaine après semaine TA422\\'s Dedicated Exploitation Loop-the Same Week After Week 2023-12-05T05:00:40+00:00 https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week www.secnews.physaphae.fr/article.php?IdArticle=8419228 False Malware,Vulnerability,Threat APT 28 3.0000000000000000 HackRead - Chercher Cyber Vulnérabilité Microsoft Outlook exploitée par le groupe de blizzard de forêt russe Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group Par waqas Forest Blizzard (AKA Strontium, APT28 et Fancy Bear) aurait des affiliations avec ou le soutien de la Russian Military Intelligence Agency. Ceci est un article de HackRead.com Lire le post original: Vulnérabilité des perspectives de Microsoft exploitées par le groupe de blizzard de forêt russe

>By Waqas Forest Blizzard (aka STRONTIUM, APT28, and Fancy Bear) is thought to have affiliations with or support from the Russian military intelligence agency. This is a post from HackRead.com Read the original post: Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group]]> 2023-12-04T18:58:53+00:00 https://www.hackread.com/microsoft-outlook-vulnerability-russia-forest-blizzard/ www.secnews.physaphae.fr/article.php?IdArticle=8419086 False Vulnerability APT 28 3.0000000000000000 Recorded Future - FLux Recorded Future Des pirates soutenus au Kremlin attaquant les systèmes d'Outlook non corrigées, dit Microsoft Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says

Les pirates associés aux renseignements militaires de la Russie exploitent toujours activement une vulnérabilité dans les logiciels Microsoft pour accéder aux e-mails des victimes, a annoncé lundi la société.L'acteur de menace, suivi par Microsoft sous le nom de Forest Blizzard mais également connu sous le nom de Fancy Bear ou APT28, a tenté d'utiliser le bogue pour obtenir un accès non autorisé à l'e-mail

Hackers associated with Russia\'s military intelligence are still actively exploiting a vulnerability in Microsoft software to gain access to victims\' emails, the company said Monday. The threat actor, tracked by Microsoft as Forest Blizzard but also known as Fancy Bear or APT28, has been attempting to use the bug to gain unauthorized access to email]]> 2023-12-04T15:16:00+00:00 https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear www.secnews.physaphae.fr/article.php?IdArticle=8419047 False Vulnerability,Threat APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates russes utilisent la fonctionnalité Ngrok et l'exploit Winrar pour attaquer les ambassades Russian hackers use Ngrok feature and WinRAR exploit to attack embassies After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. [...]]]> 2023-11-19T11:14:25+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-use-ngrok-feature-and-winrar-exploit-to-attack-embassies/ www.secnews.physaphae.fr/article.php?IdArticle=8414888 False Vulnerability,Threat APT 29,APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Des pirates russes Sandworm provoquent une panne de courant en Ukraine au milieu des frappes de missiles Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google\'s Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems (ICS). "The actor first used OT-level living-off-the-land (LotL) techniques to]]> 2023-11-10T17:52:00+00:00 https://thehackernews.com/2023/11/russian-hackers-sandworm-cause-power.html www.secnews.physaphae.fr/article.php?IdArticle=8409099 False Hack,Industrial APT 28 3.0000000000000000 Recorded Future - FLux Recorded Future Ukraine Energy Facility a pris un coup de sable unique le jour des frappes de missiles, dit le rapport Ukraine energy facility took unique Sandworm hit on day of missile strikes, report says

Les pirates russes parrainés par l'État ont lancé une attaque sophistiquée contre une installation énergétique ukrainienne l'année dernière, provoquant une panne de courant temporaire avant des frappes de missiles généralisées sur les infrastructures critiques dans tout le pays, ont annoncé jeudi des chercheurs.L'attaque en octobre 2022, attribuée au célèbre groupe de sable

Russian state-sponsored hackers launched a sophisticated attack on a Ukrainian energy facility last year, causing a temporary power outage before widespread missile strikes on critical infrastructure throughout the country, researchers said Thursday. The attack in October 2022, attributed to the notorious Russian group Sandworm, is a rare example of a cyber incident disrupting the physical]]> 2023-11-09T16:00:00+00:00 https://therecord.media/sandworm-attack-ukraine-energy-facility-missile-strikes www.secnews.physaphae.fr/article.php?IdArticle=8408571 False None APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Le ver de sable perturbe le pouvoir en Ukraine en utilisant une nouvelle attaque contre la technologie opérationnelle Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control systems (ICS) / operational technology (OT). The actor first used OT-level living off the land (LotL) techniques to likely trip the victim\'s substation circuit breakers, causing an unplanned power outage that coincided with mass missile strikes on critical infrastructure across Ukraine. Sandworm later]]> 2023-11-09T15:00:00+00:00 https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology www.secnews.physaphae.fr/article.php?IdArticle=8408922 False Threat,Industrial APT 28 2.0000000000000000 The Register - Site journalistique Anglais Russie \\'s Sandworm & # 8211;Pas seulement des frappes de missiles & # 8211;blâmer pour les pannes ukrainiennes de puissance Russia\\'s Sandworm – not just missile strikes – to blame for Ukrainian power blackouts Online attack coincided with major military action, Mandiant says Blackouts in Ukraine last year were not just caused by missile strikes on the nation but also by a seemingly coordinated cyberattack on one of its power plants. That\'s according to Mandiant\'s threat intel team, which said Russia\'s Sandworm crew was behind the two-pronged power-outage and data-wiping attack.…]]> 2023-11-09T08:00:09+00:00 https://go.theregister.com/feed/www.theregister.com/2023/11/09/russias_sandworm_power_plant_attack/ www.secnews.physaphae.fr/article.php?IdArticle=8408330 False Threat APT 28 2.0000000000000000 Wired Threat Level - Security News Les pirates de sandworm ont provoqué une autre panne de courant en Ukraine en durcissant une frappe de missile Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike Russia\'s most notorious military hackers successfully sabotaged Ukraine\'s power grid for the third time last year. And in this case, the blackout coincided with a physical attack.]]> 2023-11-09T08:00:00+00:00 https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8408327 False None APT 28 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les pirates russes ont perturbé le réseau électrique ukrainien l'année dernière Russian hackers disrupted Ukrainian electrical grid last year Le célèbre groupe de piratage russe connu sous le nom de Sandworm a abattu une sous-station qui a provoqué une brève panne, selon un nouveau rapport mandiant.

>The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report. ]]> 2023-11-09T08:00:00+00:00 https://cyberscoop.com/sandworm-russia-ukraine-grid/ www.secnews.physaphae.fr/article.php?IdArticle=8408328 False None APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future La France accuse les pirates d'État russes d'avoir ciblé les systèmes gouvernementaux, les universités, les groupes de réflexion France accuses Russian state hackers of targeting government systems, universities, think tanks

Un groupe de piratage associé à l'agence de renseignement militaire de la Russie a espionné les universités françaises, les entreprises, les groupes de réflexion et les agences gouvernementales, selon un nouveau rapport de la principale agence de cybersécurité de France.Les pirates, connus sous le nom de Fancy Bear ou APT28, naviguent furtivement aux réseaux français depuis la seconde moitié de 2021, essayant d'obtenir divers

A hacking group associated with Russia\'s military intelligence agency has been spying on French universities, businesses, think tanks, and government agencies, according to a new report from France\'s top cybersecurity agency. The hackers, known as Fancy Bear or APT28, have been stealthily navigating French networks since the second half of 2021, trying to obtain various]]> 2023-10-27T13:45:00+00:00 https://therecord.media/france-russia-fancybear-apt28-government-universities-think-tanks-espionage www.secnews.physaphae.fr/article.php?IdArticle=8401449 False None APT 28 3.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Juillet 2023 Threat Trend Report on APT Groups – July 2023 juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 35,APT 35,APT 29,APT 29,APT 37,APT 37,APT 31,APT 28,APT 28 2.0000000000000000 Dark Reading - Informationweek Branch Russie \\ 'S \\' Fancy Bear \\ 'APT cible l'installation d'énergie ukrainienne Russia\\'s \\'Fancy Bear\\' APT Targets Ukrainian Energy Facility The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.]]> 2023-09-06T17:50:00+00:00 https://www.darkreading.com/attacks-breaches/russia-fancy-bear-apt-ukrainian-energy-facility www.secnews.physaphae.fr/article.php?IdArticle=8379761 False None APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ukraine \\'s CERT contrer les infrastructures énergétiques critiques APT28 \\ Ukraine\\'s CERT Thwarts APT28\\'s Cyberattack on Critical Energy Infrastructure The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. “Visiting the link will download a ZIP archive containing three JPG images (]]> 2023-09-06T13:32:00+00:00 https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html www.secnews.physaphae.fr/article.php?IdArticle=8379534 False None APT 28 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine APT28 soutenu par la Russie a tenté d'attaquer une installation de puissance critique ukrainienne Russia-Backed APT28 Tried to Attack a Ukrainian Critical Power Facility The attack has been carried out using legitimate services and standard software functions, CERT-UA observed]]> 2023-09-06T11:30:00+00:00 https://www.infosecurity-magazine.com/news/russia-apt28-attack-ukraine-power/ www.secnews.physaphae.fr/article.php?IdArticle=8379605 False None APT 28,APT 28 4.0000000000000000 Recorded Future - FLux Recorded Future L'Ukraine dit qu'une installation énergétique a perturbé une intrusion de l'ours fantaisie Ukraine says an energy facility disrupted a Fancy Bear intrusion

Un tristement célèbre groupe de cyberespionnage russe a été surpris en train d'attaquer une installation énergétique critique en Ukraine, a annoncé mardi une agence gouvernementale.Un expert en cybersécurité travaillant pour l'organisation ciblée a contrecarré l'attaque, selon ]]> 2023-09-05T20:01:00+00:00 https://therecord.media/ukraine-energy-facility-cyberattack-fancy-bear-email www.secnews.physaphae.fr/article.php?IdArticle=8379317 False None APT 28,APT 28 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Juin 2023 Threat Trend Report on APT Groups – June 2023 Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

APT Group Trends – June 2023 1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 35,APT 35,APT 25,APT 32,APT 32,APT 37,APT 37,APT 15,APT 15,APT 28,APT 28 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Construire la cybersécurité dans la chaîne d'approvisionnement est essentiel à mesure que les menaces montent Building Cybersecurity into the supply chain is essential as threats mount account for a huge 62% of all commercial attacks, a clear indication of the scale of the challenge faced by the supply chain and the logistics industry as a whole. There are solutions out there, however, and the most simple of these concerns a simple upskilling of supply chain professionals to be aware of cybersecurity systems and threats. In an industry dominated by the need for trust, this is something that perhaps can come naturally for the supply chain. Building trust and awareness At the heart of a successful supply chain relationship is trust between partners. Building that trust, and securing high quality business partners, relies on a few factors. Cybersecurity experts and responsible officers will see some familiarity - due diligence, scrutiny over figures, and continuous monitoring. In simple terms, an effective framework of checking and rechecking work, monitored for compliance on all sides. These factors are a key part of new federal cybersecurity rules, according to news agency Reuters. Among other measures are a requirement for companies to have rigorous control over system patching, and measures that would require cloud hosted services to identify foreign customers. These are simple but important steps, and give a hint to supply chain businesses as to what they should be doing; putting in measures to monitor, control, and enact compliance on cybersecurity threats. That being said, it can be the case that the software isn’t in place within individual businesses to ensure that level of control. The right tools, and the right personnel, is also essential. The importance of software Back in April, the UK’s National Cyber Security Centre released details of specific threats made by Russian actors against business infrastructure in the USA and UK. Highlighted in this were specific weaknesses in business systems, and that includes in hardware and software used by millions of businesses worldwide. The message is simple - even industry standard software and devices have their problems, and businesses have to keep track of that. There are two arms to ensure this is completed. Firstly, the business should have a cybersecurity officer in place whose role it is to monitor current measures and ensure they are kept up to date. Secondly, budget and time must be allocated at an executive level firstly to promote networking between the business and cybersecurity firms, and between partner businesses to ensure that even cybersecurity measures are implemented across the chain. Utilizing AI There is something of a digital arms race when it comes to artificial intelligence. As ZDNet notes, the lack of clear regulation is providing a lot of leeway for malicious actors to innovate, but for businesses to act, too. While regulations are now coming in, it remains that there is a clear role for AI in prevention. According t]]> 2023-08-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/building-cybersecurity-into-the-supply-chain-is-essential-as-threats-mount www.secnews.physaphae.fr/article.php?IdArticle=8369852 False Threat,Cloud ChatGPT,APT 28 2.0000000000000000 AhnLab - Korean Security Firm Rapport de tendance des menaces sur les groupes APT & # 8211;Mai 2023 Threat Trend Report on APT Groups – May 2023 Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 38,GoldenJackal,GoldenJackal,APT-C-36,APT 29,APT 29,APT 37,APT 37,Guam,Guam,APT 28,APT 28,APT 41,APT 36,APT 36,APT-C-17,APT-C-17 3.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 26 [Eyes Open] La FTC révèle les cinq dernières escroqueries par SMS CyberheistNews Vol 13 #26 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams

CyberheistNews Vol 13 #26 | June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT,APT 15,APT 28,FedEx 2.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: Cadet Blizzard - New Gru Apt, Chamedoh Rat Linux Hard à détecter, Cirypto-monnaie furtive de la crypto-monnaie furtive Anomali Cyber Watch: Cadet Blizzard - New GRU APT, ChamelDoH Hard-to-Detect Linux RAT, Stealthy DoubleFinger Targets Cryptocurrency Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces événement de sécurité mondiale anomali Intel - Progress Software Vulnerabilities & ndash;Moveit & amp;DataDirect Connect (Publié: 16 juin 2023) Après la découverte de CVE-2023-34362 et son exploitation antérieure par un affilié des ransomwares CLOP, plusieurs vulnérabilités supplémentaires ont été découvertes dans Moveit Transfer (CVE-2023-35036 et CVE-2023-35708) et d'autres produits de logiciels de progrès (CVE et CVE-2023-34363 et CVE-2023-34364).Alors que le site de fuite de Darkweb du groupe (> _clop ^ _- les fuites) a commencé à s'adresser aux entités compromises, l'événement d'exploitation original a été évalué comme un événement de sécurité mondial.Ceci est basé sur la liste croissante des organisations violées connues et l'utilisation de Moveit parmi des milliers d'organisations à travers le monde, y compris les secteurs public, privé et gouvernemental. Commentaire des analystes: Les défenseurs du réseau doivent suivre les étapes d'assainissement des logiciels de progrès qui incluent le durcissement, la détection, le nettoyage et l'installation des récentes correctifs de sécurité de transfert Moveit.Les règles YARA et les indicateurs basés sur l'hôte associés à l'exploitation de déplacement observé sont disponibles dans la plate-forme Anomali pour la détection et la référence historique. mitre att & amp; ck: [mitre att & amp; ck] t1190 - exploiter le publicApplication | [mitre att & amp; ck] t1036 - masquée | [mitre att & amp; ck] t1560.001 - Données collectées par les archives: archive via l'utilité Signatures (Sigma Rules): Exploitation potentielle de transfert de déplacement | exploitation movet . (Règles Yara) lemurloot webshell dll charges utiles - yara by mandiant | scénarisation de la webshell lemurloot ASP.net - yara par mandiant | exploitation movet - yara par Florian Roth | moveit_transfer_exploit_webshell_aspx | moveit_transfer_exploit_webshell_dll Tags: Target-Software: Moveit Transfer, Vulnérabilité: CVE-2023-34362, Vulnérabilité: CVE-2023-35036, Vulnérabilité: CVE-2023-35708, Vulnérabilité: CVE-2023-34363, Vulnérabilité:CVE-2023-34364, Target-Country: ÉtatsType: ransomware, malware: Lemurloot, Type de logiciels malveillants: webs]]> 2023-06-21T20:11:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-cadet-blizzard-new-gru-apt-chameldoh-hard-to-detect-linux-rat-stealthy-doublefinger-targets-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=8347828 False Ransomware,Tool,Threat,Cloud APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future Russie \\ 'S \\' Fancy Bear \\ 'Hackers ciblé le gouvernement ukrainien, les orgs militaires Russia\\'s \\'Fancy Bear\\' hackers targeted Ukrainian gov\\'t, military orgs

Les pirates avec un infâme cyber-groupe militaire russe ont ciblé le gouvernement ukrainien et une entreprise impliquée dans l'aviation militaire depuis que l'invasion de Moscou a commencé par son voisin, a déclaré mardi l'agence de la cyber-ukraine.L'équipe d'intervention d'urgence informatique de l'Ukraine \\ (CER-UA) et des chercheurs de Future \\ 's groupe insikt

Hackers with an infamous Russian military cyber group have targeted the Ukrainian government and a company involved in military aviation since Moscow\'s invasion of its neighbor began, Ukraine\'s cyber agency reported Tuesday. Ukraine\'s computer emergency response team (CERT-UA) and researchers from Recorded Future\'s Insikt Group attributed the campaign to APT28 - also known as Fancy]]> 2023-06-20T19:45:00+00:00 https://therecord.media/russia-fancy-bear-hackers-targeted-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8347459 False None APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain Les pirates russes APT28 violer les serveurs de courriels gouvernementaux ukrainiens Russian APT28 hackers breach Ukrainian govt email servers A threat group tracked as APT28 and linked to Russia\'s General Staff Main Intelligence Directorate (GRU) has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. [...]]]> 2023-06-20T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8347329 False Threat APT 28 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users

CyberheistNews Vol 13 #19 | May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, ]]> 2023-05-09T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-19-watch-your-back-new-fake-chrome-update-error-attack-targets-your-users www.secnews.physaphae.fr/article.php?IdArticle=8334782 False Ransomware,Data Breach,Spam,Malware,Tool,Threat,Prediction ChatGPT,ChatGPT,NotPetya,NotPetya,APT 28 2.0000000000000000 The Register - Site journalistique Anglais L'APT28 de la Russie cible le gouvernement ukrain Russia\\'s APT28 targets Ukraine government with bogus Windows updates Nasty emails designed to infect systems with info-stealing malware The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.…]]> 2023-05-02T06:37:07+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/02/russia_apt28_ukraine_phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8332710 False Malware,Threat APT 28,APT 28 2.0000000000000000 Dark Reading - Informationweek Branch APT28 utilise des leurres de mise à jour Windows pour tromper les cibles ukrainiennes APT28 Employs Windows Update Lures to Trick Ukrainian Targets The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.]]> 2023-05-01T20:10:00+00:00 https://www.darkreading.com/attacks-breaches/apt28-employs-windows-update-lures-to-trick-ukrainian-targets www.secnews.physaphae.fr/article.php?IdArticle=8332620 False None APT 28,APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) APT28 cible les entités gouvernementales ukrainiennes avec de fausses e-mails "Windows Update" APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "]]> 2023-05-01T14:22:00+00:00 https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html www.secnews.physaphae.fr/article.php?IdArticle=8332497 False None APT 28,APT 28 3.0000000000000000 TechRepublic - Security News US L'acteur de menace APT28 cible les routeurs Cisco avec une vieille vulnérabilité Threat actor APT28 targets Cisco routers with an old vulnerability Les États-Unis, l'Europe et l'Ukraine seraient des cibles dans cette menace malveillante.Apprenez à protéger les routeurs Cisco affectés.

>The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. ]]> 2023-04-28T16:36:57+00:00 https://www.techrepublic.com/article/apt28-cisco-routers-security-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8331913 False Malware,Vulnerability,Threat APT 28,APT 28 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 17 [Head Start] Méthodes efficaces Comment enseigner l'ingénierie sociale à une IA CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

CyberheistNews Vol 13 #16 | April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with]]> 2023-04-25T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-17-head-start-effective-methods-how-to-teach-social-engineering-to-an-ai www.secnews.physaphae.fr/article.php?IdArticle=8330904 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 Soc Radar - Blog spécialisé SOC APT28 exploite la vulnérabilité Cisco au déploiement de logiciels malveillants dans la campagne d'espionnage APT28 Exploits Cisco Vulnerability to Deploy Malware in Espionage Campaign Les acteurs de l'État-nation russe utilisent une vulnérabilité de code à distance correcée dans les appareils de réseau Cisco pour mener ...

>Russian nation-state actors are using a patched remote code execution vulnerability in Cisco network appliances to conduct... ]]> 2023-04-20T11:23:59+00:00 https://socradar.io/apt28-exploits-cisco-vulnerability-to-deploy-malware-in-espionage-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8329638 False Malware,Vulnerability APT 28 2.0000000000000000 Dark Reading - Informationweek Branch Russian Fancy Bear APT a exploité les routeurs de Cisco non corrigés pour nous pirater, UE Gov \\ 't agences Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov\\'t Agencies The nation-stage threat group deployed custom malware on archaic versions of Cisco\'s router operating system. Experts warn that such attacks targeting network infrastructure are on the rise.]]> 2023-04-19T21:40:00+00:00 https://www.darkreading.com/attacks-breaches/russian-fancy-bear-apt-exploited-unpatched-cisco-routers-to-hack-us-eu-government-agencies www.secnews.physaphae.fr/article.php?IdArticle=8329462 False Malware,Hack,Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google Tag met en garde contre les pirates russes menant des attaques de phishing en Ukraine Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine Elite hackers associated with Russia\'s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google\'s Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group\'s 2022 focus]]> 2023-04-19T21:11:00+00:00 https://thehackernews.com/2023/04/google-tag-warns-of-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329398 False Threat APT 28 2.0000000000000000 SecurityWeek - Security News États-Unis, Royaume-Uni: la Russie exploitant la vieille vulnérabilité pour pirater les routeurs Cisco US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité.

>US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. ]]> 2023-04-19T09:03:31+00:00 https://www.securityweek.com/us-uk-russia-exploiting-old-vulnerability-to-hack-cisco-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8329305 False Hack,Vulnerability APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future CISA, Cisco met en évidence le ciblage militaire russe des vulnérabilités du routeur CISA, Cisco highlight Russian military targeting of router vulnerabilities

Le géant de la Cybersecurity and Infrastructure Security Agency and Technology Cisco a publié mardi des avis mettant en vedette les attaques contre des routeurs qui seraient exploités par des pirates militaires russes.Dans son rapport, la CISA a été rejointe par le FBI, la NSA et le Centre national de cybersécurité du Royaume-Uni (NCSC) pour souligner les actions d'APT28 & # 8211;que les agences croient

The Cybersecurity and Infrastructure Security Agency and technology giant Cisco released advisories on Tuesday spotlighting attacks on routers allegedly being exploited by Russian military hackers. In its report, CISA was joined by the FBI, NSA and the UK National Cyber Security Centre (NCSC) in highlighting the actions of APT28 – which the agencies believe is]]> 2023-04-18T18:50:00+00:00 https://therecord.media/cisa-cisco-russia-military-hackers-routers www.secnews.physaphae.fr/article.php?IdArticle=8328996 False None APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain US, Royaume-Uni avertissant des pirates de gouvernement utilisant des logiciels malveillants personnalisés sur les routeurs Cisco US, UK warn of govt hackers using custom malware on Cisco routers The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named \'Jaguar Tooth\' on Cisco IOS routers, allowing unauthenticated access to the device. [...]]]> 2023-04-18T17:42:45+00:00 https://www.bleepingcomputer.com/news/security/us-uk-warn-of-govt-hackers-using-custom-malware-on-cisco-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8329040 False Malware APT 28 2.0000000000000000 Network World - Magazine Info Cisco met en garde contre les attaques contre les routeurs de réseau, les pare-feu Cisco warns of attacks on network routers, firewalls Le National Cyber Security Center du Royaume-Uni (NCSC), l'Agence américaine de sécurité nationale (NSA), l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) et le Federal Bureau of Investigation (FBI) qui a noté une augmentation des menaces dansen partie utilisant un exploit qui a été révélé pour la première fois en 2017. Cet exploit a ciblé une vulnérabilité SNMP dans les routeurs Cisco qui Le fournisseur patché en 2017 . Pour lire cet article en entier, veuillez cliquer ici

Cisco\'s Talos security intelligence group issued a warning today about an uptick in highly sophisticated attacks on network infrastructure including routers and firewalls.The Cisco warning piggybacks a similar joint warning issued today from The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) that noted an uptick in threats in part utilizing an exploit that first came to light in 2017. That exploit targeted an SNMP vulnerability in Cisco routers that the vendor patched in 2017. To read this article in full, please click here]]> 2023-04-18T16:26:00+00:00 https://www.networkworld.com/article/3693753/cisco-warns-of-attacks-on-network-routers-firewalls.html#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=8329177 False Vulnerability APT 28 2.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 13 # 16 [doigt sur le pouls]: comment les phishers tirent parti de l'IA récent Buzz CyberheistNews Vol 13 #16 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz

CyberheistNews Vol 13 #16 | April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leav]]> 2023-04-18T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-16-finger-on-the-pulse-how-phishers-leverage-recent-ai-buzz www.secnews.physaphae.fr/article.php?IdArticle=8328885 False Spam,Malware,Hack,Threat ChatGPT,ChatGPT,APT 28 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique CVE-2023-23397: Microsoft Outlook Zero-Day exploité par APT28 [CVE-2023-23397: Microsoft Outlook Zero-Day Exploited by APT28] Résumé Une vulnérabilité de privilège (EOP) désormais fixe (EOP) dans Microsoft Outlook (CVE-2023-23397) permet aux attaquants d'envoyer des e-mails artisanaux pour exploiter Outlook.La vulnérabilité ne nécessite pas que l'interaction utilisateur soit exploitée et s'exécute avant même que l'e-mail ne soit visualisé dans le volet d'aperçu d'Outlook, ce qui rend cette vulnérabilité encore plus dangereuse.CVE-2023-2339 [& # 8230;]

>Summary A now fixed zero-day elevation of privilege (EoP) vulnerability in Microsoft Outlook (CVE-2023-23397) allows attackers to send craft emails to exploit Outlook. The vulnerability does not require user interaction to be exploited and runs even before the email is visualized in the preview pane of Outlook, which makes this vulnerability even more dangerous. CVE-2023-2339 […] ]]> 2023-03-21T19:00:00+00:00 https://www.netskope.com/blog/cve-2023-23397-microsoft-outlook-zero-day-exploited-by-apt28 www.secnews.physaphae.fr/article.php?IdArticle=8320287 False Vulnerability APT 28 3.0000000000000000 Global Security Mag - Site de news francais Mettez à jour votre Outlook pour vous protéger contre les cyberattaques Russes attribuées à l\'APT28 par Mandiant Malwares]]> 2023-03-16T10:23:41+00:00 https://www.globalsecuritymag.fr/Mettez-a-jour-votre-Outlook-pour-vous-proteger-contre-les-cyberattaques-Russes.html www.secnews.physaphae.fr/article.php?IdArticle=8319068 False Threat APT 28,APT 28 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber CISA researchers: Russia\'s Fancy Bear infiltrated US satellite network 2022-12-16T13:58:24+00:00 https://www.cyberscoop.com/apt28-fancy-bear-satellite/ www.secnews.physaphae.fr/article.php?IdArticle=8291973 False None APT 28 2.0000000000000000 CSO - CSO Daily Dashboard How to update your Windows driver blocklist to keep malicious drivers away drivers approved and co-designed through the Windows Hardware Compatibility Program in order to gain access to our machines. Ensuring that these malicious drivers are blocked is a key method for protecting systems.Microsoft has long touted a means to update this master listing on our systems and, in theory, the idea was valid: using settings and security hardware on the computer, enabling hypervisor-protected code integrity (HVCI) was supposed to protect systems from malicious drivers. Attackers have used such attacks in the past ranging from RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, to campaigns by the threat actor STRONTIUM. As a Microsoft blog in 2020 pointed out, if a computer had HVCI enabled, it would be able to defend itself against vulnerable and malicious drivers. In the blog post, it was noted that “Microsoft threat research teams continuously monitor the threat ecosystem and update the list of drivers that in the Microsoft-supplied blocklist. This blocklist is pushed down to devices via Windows update.”To read this article in full, please click here]]> 2022-10-26T02:00:00+00:00 https://www.csoonline.com/article/3677856/how-to-update-your-windows-driver-blocklist-to-keep-malicious-drivers-away.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7683787 False Threat APT 28 None Malwarebytes Labs - MalwarebytesLabs APT28 attack uses old PowerPoint trick to download malware Categories: NewsTags: APT28 Tags: Fancy Bear Tags: PowerPoint Tags: PowerShell Tags: One Drive Tags: SyncAppvPublishingServer The Russian APT known as Fancy Bear was caught using an old mouseover technique that doesn't need macros (Read more...) ]]> 2022-09-28T21:15:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/powerpoint-mouseover-triggers-powershell-script-for-malware-delivery www.secnews.physaphae.fr/article.php?IdArticle=7189077 False Malware APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers Using PowerPoint Mouseover Trick to Infect System with Malware 2022-09-28T15:39:00+00:00 https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html www.secnews.physaphae.fr/article.php?IdArticle=7176862 False Malware,Threat APT 28 3.0000000000000000 Security Affairs - Blog Secu APT28 relies on PowerPoint Mouseover to deliver Graphite malware The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. Cluster25 researchers were analyzing a lure PowerPoint document used to deliver a variant of Graphite malware, which is known to be used […] ]]> 2022-09-28T13:47:10+00:00 https://securityaffairs.co/wordpress/136358/apt/apt28-powerpoint-mouseover-technique.html www.secnews.physaphae.fr/article.php?IdArticle=7179609 False Malware APT 28 None Mandiant - Blog Sécu de Mandiant Les hacktivistes collaborent avec APT28 parrainé par GRU Hacktivists Collaborate with GRU-sponsored APT28 Executive Summary Mandiant is tracking multiple self-proclaimed hacktivist groups working in support of Russian interests. These groups have primarily conducted distributed denial-of-service (DDoS) attacks and leaked stolen data from victim organizations. Although some of these actors are almost certainly operating independently of the Russian state, we have identified multiple so-called hacktivist groups whose moderators we suspect are either a front for, or operating in coordination with, the Russian state. We assess with moderate confidence that moderators of the purported hacktivist]]> 2022-09-23T08:15:00+00:00 https://www.mandiant.com/resources/blog/gru-rise-telegram-minions www.secnews.physaphae.fr/article.php?IdArticle=8377437 False None APT 28,APT 28 4.0000000000000000 CISCO Talos - Cisco Research blog Ukraine and the fragility of agriculture security

By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H]]> 2022-08-18T08:00:00+00:00 http://blog.talosintelligence.com/2022/08/ukraine-and-fragility-of-agriculture.html www.secnews.physaphae.fr/article.php?IdArticle=6392803 False Ransomware,Threat,Guideline,Cloud APT 10,APT 32,APT 37,APT 21,NotPetya,Uber,Guam,APT 28 None NoticeBored - Experienced IT Security professional CISO workshop slides glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142):]]> 2022-08-06T10:46:21+00:00 http://blog.noticebored.com/2022/08/a-glossy-nicely-constructed-and.html www.secnews.physaphae.fr/article.php?IdArticle=6150878 False Malware,Vulnerability,Threat,Patching,Guideline,Medical,Cloud APT 38,APT 19,APT 10,APT 37,Uber,APT 15,Guam,APT 28,APT 34 None Anomali - Firm Blog Anomali Cyber Watch: Velvet Chollima Steals Emails from Browsers, Austrian Mercenary Leverages Zero-Days, China-Sponsored Group Uses CosmicStrand UEFI Firmware Rootkit, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT” (published: July 28, 2022) Volexity researchers discovered SharpExt, a new malicious browser app used by the North-Korea sponsored Velvet Chollima (Kimsuky, SharpTongue, Thallium) group. SharpExt inspects and exfiltrates data from a victim's webmail (AOL or Gmail) account as they browse it. Velvet Chollima continues to add new features to the app, the latest known version (3.0) supports three browsers: Microsoft Edge, Google Chrome, and Whale, the latter almost exclusively used in South Korea. Following the initial compromise, Velvet Chollima deploy SharpExt and to avoid warning the victim they manually exfiltrate settings files to change the settings and generate a valid "super_mac" security check value. They also hide the newly opened DevTools window and any other warning windows such as a warning regarding extensions running in developer mode. Analyst Comment: Velvet Chollima is known for its tactic of deploying malicious browser extensions, but in the past it was concentrating on stealing credentials instead of emails. The group continues aggressive cyberespionage campaigns exfiltrating military and industrial technologies from Europe, South Korea, and the US. Network defenders should monitor for suspicious instances of PowerShell execution, as well as for traffic to and from known Velvet Chollima infrastructure (available in Anomali Match). MITRE ATT&CK: [MITRE ATT&CK] Browser Extensions - T1176 | [MITRE ATT&CK] Email Collection - T1114 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Hide Artifacts - T1564 Tags: SharpExt, Velvet Chollima, Kimsuky, SharpTongue, Thallium, APT, North Korea, source-country:KP, South Korea, target-country:KR, USA, target-country:US, target-region:Europe, AOL, Gmail, Edge, Chrome, Whale, PowerShell, VBS, Browser extension Untangling KNOTWEED: European Private-Sector Offensive Actor Using 0-Day Exploits (published: July 27, 2022) Microsoft researchers detail activity of DSIRF, Austrian private-sector offensive actor (PSOA). In 2021, this actor, tracked as Knotweed, used four Windows and Adobe 0-day exploits. In 2022, DSIRF was exploiting another Adobe Reader vulnerability, CVE-2022-22047, which was patched in July 2022. DSIRF attacks rely on their malware toolset called Subzero. The initial downloader shellcode is executed from either the exploit chains or malicious Excel documents. It downloads a JPG image file with extra encrypted data, extracts, decrypts and loads to the memory the Corelump memory-only infostealer. For persistence, Corelump creates trojanized copies of legitimate Windows DLLs that se]]> 2022-08-02T15:17:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-velvet-chollima-steals-emails-from-browsers-austrian-mercenary-leverages-zero-days-china-sponsored-group-uses-cosmicstrand-uefi-firmware-rootkit-and-more www.secnews.physaphae.fr/article.php?IdArticle=6091651 False Malware,Tool,Vulnerability,Threat,Patching,Guideline,Cloud APT 37,APT 28 None Security Affairs - Blog Secu Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […] ]]> 2022-07-24T13:53:53+00:00 https://securityaffairs.co/wordpress/133605/apt/apt37-stiffbizon-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5923023 False Threat,Cloud APT 37,APT 28 None Anomali - Firm Blog Anomali Cyber Watch: API Hammering Confuses Sandboxes, Pirate Panda Wrote in Nim, Magecart Obfuscates Variable Names, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Lockbit Ransomware Disguised as Copyright Claim E-mail Being Distributed (published: June 24, 2022) ASEC researchers have released their analysis of a recent phishing campaign, active since February 2022. The campaign aims to infect users with Lockbit ransomware, using the pretense of a copyright claim as the phishing lure. The phishing email directs the recipient to open the attached zip file which contains a pdf of the infringed material. In reality, the pdf is a disguised NSIS executable which downloads and installs Lockbit. The ransomware is installed onto the desktop for persistence through desktop change or reboot. Prior to data encryption, Lockbit will delete the volume shadow copy to prevent data recovery, in addition to terminating a variety of services and processes to avoid detection. Analyst Comment: Never click on suspicious attachments or run any executables from suspicious emails. Copyright infringement emails are a common phishing lure. Such emails will be straight forward to rectify if legitimate. If a copyright email is attempting to coerce you into opening attachments, such emails should be treated with extreme caution. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562 Tags: malware:Phishing, malware:Lockbit, Lockbit, Copyright, Ransomware There is More Than One Way To Sleep: Deep Dive into the Implementations of API Hammering by Various Malware Families (published: June 24, 2022) Researchers at Palo Alto Networks have released their analysis of new BazarLoader and Zloader samples that utilize API Hammering as a technique to evade sandbox detection. API Hammering makes use of a large volume of Windows API calls to delay the execution of malicious activity to trick sandboxes into thinking the malware is benign. Whilst BazarLoader has utilized the technique in the past, this new variant creates large loops of benign API using a new process. Encoded registry keys within the malware are used for the calls and the large loop count is created from the offset of the first null byte of the first file in System32 directory. Zloader uses a different form of API Hammering to evade sandbox detection. Hardcoded within Zloader are four large functions with many smaller functions within. Each function makes an input/output (I/O) call to mimic the behavior of many legitimate processes. Analyst Comment: Defense in depth is the best defense against sophisticated malware. The Anomali Platform can assist in detection of malware and Match anomalous activity from all telemetry sources to provide the complete picture of adversary activity within your network. MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 Tags: malware:BazarLoad]]> 2022-06-28T19:11:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-api-hammering-confuses-sandboxes-pirate-panda-wrote-in-nim-magecart-obfuscates-variable-names-and-more www.secnews.physaphae.fr/article.php?IdArticle=5436667 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat APT 23,APT 28 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug 2022-06-23T12:21:33+00:00 https://threatpost.com/fancy-bear-nuke-threat-lure/180056/ www.secnews.physaphae.fr/article.php?IdArticle=5341503 False Malware,Threat APT 28 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine 2022-06-22T04:51:03+00:00 https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=5325493 False Vulnerability APT 28 None Malwarebytes Labs - MalwarebytesLabs Russia\'s APT28 uses fear of nuclear war to spread Follina docs in Ukraine 2022-06-21T15:25:09+00:00 https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/ www.secnews.physaphae.fr/article.php?IdArticle=5310140 False Malware APT 28 None Security Affairs - Blog Secu Russian APT28 hacker accused of the NATO think tank hack in Germany The Attorney General has issued an arrest warrant for a hacker who targeted a NATO think tank in Germany for the Russia-linked APT28. The Attorney General has issued an arrest warrant for the Russian hacker Nikolaj Kozachek (aka “blabla1234565” and “kazak”) who is accused to have carried out a cyber espionage attack against the NATO […] ]]> 2022-06-20T21:46:13+00:00 https://securityaffairs.co/wordpress/132452/hacking/apt28-hacked-nato-think-tank.html www.secnews.physaphae.fr/article.php?IdArticle=5302356 False Hack APT 28 None CrowdStrike - CTI Society Naming Adversaries and Why It Matters to Your Security Team 2022-05-31T17:47:21+00:00 https://www.crowdstrike.com/blog/naming-adversaries-and-why-it-matters-to-security-teams/ www.secnews.physaphae.fr/article.php?IdArticle=4907459 False None APT 28 None Anomali - Firm Blog Anomali Cyber Watch: Moshen Dragon Abused Anti-Virus Software, Raspberry Robin Worm Jumps from USB, UNC3524 Uses Internet-of-Things to Steal Emails, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Attackers Are Attempting to Exploit Critical F5 BIG-IP RCE (published: May 9, 2022) CVE-2022-1388, a critical remote code execution vulnerability affecting F5 BIG-IP multi-purpose networking devices/modules, was made public on May 4, 2022. It is of high severity (CVSSv3 score is 9.8). By May 6, 2022, multiple researchers have developed proof-of concept (PoC) exploits for CVE-2022-1388. The first in-the-wild exploitation attempts were reported on May 8, 2022. Analyst Comment: Update your vulnerable F5 BIG-IP versions 13.x and higher. BIG-IP 11.x and 12.x will not be fixed, but temporary mitigations available: block iControl REST access through the self IP address and through the management interface, modify the BIG-IP httpd configuration. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 Tags: CVE-2022-1388, F5, Vulnerability, Remote code execution, Missing authentication Mobile Subscription Trojans and Their Little Tricks (published: May 6, 2022) Kaspersky researchers analyzed five Android trojans that are secretly subscribing users to paid services. Jocker trojan operators add malicious code to legitimate apps and re-upload them to Google Store under different names. To avoid detection, malicious functionality won’t start until the trojan checks that it is available in the store. The malicious payload is split in up to four files. It can block or substitute anti-fraud scripts, and modify X-Requested-With header in an HTTP request. Another Android malware involved in subscription fraud, MobOk trojan, has additional functionality to bypass captcha. MobOk was seen in a malicious app in Google Store, but the most common infection vector is being spread by other Trojans such as Triada. Analyst Comment: Limit your apps to downloads from the official stores (Google Store for Android), avoid new apps with low number of downloads and bad reviews. Pay attention to the terms of use and payment. Avoid granting it too many permissions if those are not crucial to the app alleged function. Monitor your balance and subscription list. MITRE ATT&CK: [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Data Manipulation - T1565 Tags: Android, Jocker, MobOk, Triada, Vesub, GriftHorse, Trojan, Subscription fraud, Subscription Trojan, Russia, target-country:RU, Middle East, Saudi Arabia, target-country:SA, Egypt, target-country:EG, Thailand, target-country:TH Raspberry Robin Gets the Worm Early (published: May 5, 2022) Since September 2021, Red Canary researchers monitor Raspberry Robin, a new worm]]> 2022-05-10T17:08:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-moshen-dragon-abused-anti-virus-software-raspberry-robin-worm-jumps-from-usb-unc3524-uses-internet-of-things-to-steal-emails-and-more www.secnews.physaphae.fr/article.php?IdArticle=4573852 False Ransomware,Malware,Tool,Vulnerability,Threat APT 29,APT 28 3.0000000000000000 Security Affairs - Blog Secu US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT 2022-05-07T10:45:56+00:00 https://securityaffairs.co/wordpress/131015/cyber-crime/us-gov-sanctioned-blender-mixer.html www.secnews.physaphae.fr/article.php?IdArticle=4560160 False None APT 38,APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions 2022-05-06T21:23:05+00:00 https://thehackernews.com/2022/05/us-sanctions-cryptocurrency-mixer.html www.secnews.physaphae.fr/article.php?IdArticle=4559230 False Hack,Medical APT 38,APT 28 3.0000000000000000 Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe VHD Ransomware Linked to North Korea\'s Lazarus Group 2022-05-05T12:20:10+00:00 https://threatpost.com/vhd-ransomware-lazarus-group/179507/ www.secnews.physaphae.fr/article.php?IdArticle=4548365 False Ransomware,Medical APT 38,APT 28 None Anomali - Firm Blog Anomali Cyber Watch: Gamaredon Delivers Four Pterodos At Once, Known-Plaintext Attack on Yanlouwang Encryption, North-Korea Targets Blockchain Industry, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (published: April 25, 2022) Cybereason researchers have compared trending attacks involving SocGholish and Zloader malware. Both infection chains begin with social engineering and malicious downloads masquerading as legitimate software, and both lead to data theft and possible ransomware installation. SocGholish attacks rely on drive-by downloads followed by user execution of purported browser installer or browser update. The SocGholish JavaScript payload is obfuscated using random variable names and string manipulation. The attacker domain names are written in reverse order with the individual string characters being put at the odd index positions. Zloader infection starts by masquerading as a popular application such as TeamViewer. Zloader acts as information stealer, backdoor, and downloader. Active since 2016, Zloader actively evolves and has acquired detection evasion capabilities, such as excluding its processes from Windows Defender and using living-off-the-land (LotL) executables. Analyst Comment: All applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Masquerading - T1036 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 | [MITRE ATT&CK] Steal or Forge Kerberos Tickets - T1558 | [MITRE ATT&CK] Steal Web Session Cookie - T1539 | [MITRE ATT&CK] Unsecured Credentials - T1552 | [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] System Owner/User Discovery - T1033 | ]]> 2022-04-26T16:24:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gamaredon-delivers-four-pterodos-at-once-known-plaintext-attack-on-yanlouwang-encryption-north-korea-targets-blockchain-industry-and-more www.secnews.physaphae.fr/article.php?IdArticle=4508976 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline,Medical APT 38,Uber,APT 28 None InfoSecurity Mag - InfoSecurity Magazine US Government: North Korean Threat Actors Are Targeting Cryptocurrency Organizations 2022-04-20T15:30:00+00:00 https://www.infosecurity-magazine.com/news/us-government-north-korea/ www.secnews.physaphae.fr/article.php?IdArticle=4482351 False Threat APT 38,APT 28 None knowbe4 - cybersecurity services TraderTraitor: When States do Social Engineering

TraderTraitor: When States do Social Engineering

North Korea's Lazarus Group is using social engineering attacks to target users of cryptocurrency, according to a joint advisory from the US FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department.]]> 2022-04-20T12:49:57+00:00 https://blog.knowbe4.com/tradertraitor-when-states-do-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=4481014 False Medical APT 38,APT 28 None InformationSecurityBuzzNews - Site de News Securite Joint Cybersecurity Advisory Warns Of Blockchain Hackers Targeting Developers And DevOps teams 2022-04-20T09:29:58+00:00 https://informationsecuritybuzz.com/expert-comments/joint-cybersecurity-advisory-warns-of-blockchain-hackers-targeting-developers-and-devops-teams/ www.secnews.physaphae.fr/article.php?IdArticle=4480148 False None APT 38,APT 28 3.0000000000000000 Anomali - Firm Blog Anomali Cyber Watch: RaidForums Seized, Sandworm Attacks Ukrainian Power Stations, North Korea Steals Chemical Secrets, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Lazarus Targets Chemical Sector (published: April 14, 2022) In January 2022, Symantec researchers discovered a new wave of Operation Dream Job. This operation, attributed to the North Korea-sponsored group Lazarus, utilizes fake job offers via professional social media and email communications. With the new wave of attacks, Operation Dream Job switched from targeting the defense, government, and engineering sectors to targeting South Korean organizations operating within the chemical sector. A targeted user executes an HTM file sent via a link. The HTM file is copied to a DLL file to be injected into the legitimate system management software. It downloads and executes the final backdoor: a trojanized version of the Tukaani project LZMA Utils library (XZ Utils) with a malicious export added (AppMgmt). After the initial access, the attackers gain persistence via scheduled tasks, move laterally, and collect credentials and sensitive information. Analyst Comment: Organizations should train their users to recognize social engineering attacks including those posing as “dream job” proposals. Organizations facing cyberespionage threats should implement a defense-in-depth approach: layering of security mechanisms, redundancy, fail-safe defense processes. MITRE ATT&CK: [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555 Tags: Lazarus, Operation Dream Job, North Korea, source-country:KP, South Korea, target-country:KR, APT, HTM, CPL, Chemical sector, Espionage, Supply chain, IT sector Old Gremlins, New Methods (published: April 14, 2022) Group-IB researchers have released their analysis of threat actor OldGremlin’s new March 2022 campaign. OldGremlin favored phishing as an initial infection vector, crafting intricate phishing emails that target Russian industries. The threat actors utilized the current war between Russia and Ukraine to add a sense of legitimacy to their emails, with claims that users needed to click a link to register for a new credit card, as current ones would be rendered useless by incoming sanctions. The link leads users to a malicious Microsoft Office document stored within Dropbox. When macros are enabled, the threat actor’s new, custom backdoor, TinyFluff, a new version of their old TinyNode]]> 2022-04-19T15:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-raidforums-seized-sandworm-attacks-ukrainian-power-stations-north-korea-steals-chemical-secrets-and-more www.secnews.physaphae.fr/article.php?IdArticle=4477972 False Ransomware,Spam,Malware,Vulnerability,Threat,Guideline,Medical APT 38,APT 28 None IT Security Guru - Blog Sécurité Blockchain companies warned of North Korean hackers 2022-04-19T10:41:45+00:00 https://www.itsecurityguru.org/2022/04/19/blockchain-companies-warned-of-north-korean-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=blockchain-companies-warned-of-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=4476983 True Threat,Medical APT 38,APT 28 None SecurityWeek - Security News US: Hackers Continue Aiding North Korea Generate Funds via Cryptocurrency Attacks 2022-04-19T10:12:54+00:00 https://www.securityweek.com/us-hackers-continue-aiding-north-korea-generate-funds-cryptocurrency-attacks www.secnews.physaphae.fr/article.php?IdArticle=4476944 False None APT 38,APT 28 None