This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T08:24:56+00:00 www.secnews.physaphae.fr Techworm - News avertir dans un article de blog . «La seiche est en attente, reniflant passivement les paquets, n'agissant que lorsqu'il est déclenché par un ensemble de règles prédéfini.Le renifleur de paquets utilisé par la seiche a été conçu pour acquérir du matériel d'authentification, en mettant l'accent sur les services publics basés sur le cloud. » ]]> 2024-05-01T23:25:26+00:00 https://www.techworm.net/2024/05/malware-target-router-steal-password.html www.secnews.physaphae.fr/article.php?IdArticle=8491968 False Malware,Threat,Cloud,Technical APT 32 4.0000000000000000 Mandiant - Blog Sécu de Mandiant   APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists. Mandiant assesses APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). APT42 was observed posing as journalists and event organizers to build trust with their victims through ongoing correspondence, and to deliver invitations to conferences or legitimate documents. These social engineering schemes enabled APT42 to harvest credentials and use them to gain initial access to cloud environments. Subsequently, the threat actor covertly exfiltrated data of strategic interest to Iran, while relying on built-in features and open-source tools to avoid detection. In addition to cloud operations, we also outline recent malware-based APT42 operations using two custom backdoors: NICECURL and TAMECAT. These backdoors are delivered via spear phishing, providing the attackers with initial access that might be used as a command execution interface or as a jumping point to deploy additional malware. APT42 targeting and missions are consistent with its assessed affiliation with the IRGC-IO, which is a part of the Iranian intelligence apparatus that is responsible for monitoring and preventing foreign threats to the Islamic Republic and domestic unrest. APT42 activities overlap with the publicly reported actors CALANQUE (Google Threat Analysis Group), Charming Kitten (ClearSky and CERTFA), Mint Sandstorm/Phosphorus (Microsoft), TA453 (Proofpoint), Yellow Garuda (PwC), and ITG18 (]]> 2024-05-01T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8500390 False Malware,Tool,Threat,Cloud APT 35,APT 42,Yahoo 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino]]> 2024-04-25T22:17:00+00:00 https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html www.secnews.physaphae.fr/article.php?IdArticle=8488646 False Malware,Threat APT 38 2.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts.  When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure.   Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity.  Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction  The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture.  The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence.  ]]> 2024-04-25T10:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections/ www.secnews.physaphae.fr/article.php?IdArticle=8500393 False Ransomware,Malware,Hack,Tool,Vulnerability,Threat,Legislation,Cloud,Technical APT 43,APT 29,APT 31,APT 42,APT 28,APT 40 3.0000000000000000 Dark Reading - Informationweek Branch Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).]]> 2024-04-24T16:27:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/north-korea-apt-triumvirate-spied-on-south-korean-defense-industry-for-years www.secnews.physaphae.fr/article.php?IdArticle=8488095 False None APT 38 2.0000000000000000 AhnLab - Korean Security Firm Pupy est une souche malveillante de rat qui offre un soutien à la plate-forme croisée.Parce qu'il s'agit d'un programme open-source publié sur GitHub, il est continuellement utilisé par divers acteurs de menace, y compris des groupes APT.Par exemple, il est connu pour avoir été utilisé par APT35 (qui aurait des liens avec l'Iran) [1] et a également été utilisé dans l'opération Earth Berberoka [2] qui ciblait les sites de jeux en ligne.Récemment, une souche de logiciels malveillante nommée Disy Dog a été découverte, qui est une version mise à jour de Pupy Rat ....

---

Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT groups. For example, it is known to have been used by APT35 (said to have ties to Iran) [1] and was also used in Operation Earth Berberoka [2] which targeted online gambling websites. Recently, a malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT.... ]]> 2024-04-18T07:46:32+00:00 https://asec.ahnlab.com/en/64258/ www.secnews.physaphae.fr/article.php?IdArticle=8484600 False Malware,Threat APT 35 2.0000000000000000 ProofPoint - Cyber Firms 2024-04-16T06:00:54+00:00 https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering www.secnews.physaphae.fr/article.php?IdArticle=8483299 False Malware,Tool,Threat,Conference APT 43,APT 37 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 1er avril, veuillez télécharger notre bulletin Threat_Intelligence.Les meilleures attaques et violations que les gouvernements américains et britanniques ont annoncé un acte d'accusation criminel et des sanctions contre l'APT31, un groupe de pirates chinois, pour leur rôle dans les attaques prétendument contre des entreprises aux États-Unis, ainsi que [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 1st April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The US and UK governments have announced a criminal indictment and sanctions against APT31, a group of Chinese hackers, for their role in allegedly conducting attacks against companies in the US, as well […] ]]> 2024-04-01T08:18:43+00:00 https://research.checkpoint.com/2024/1st-april-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8473934 False Threat APT 31 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country\'s Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a "]]> 2024-03-28T22:20:00+00:00 https://thehackernews.com/2024/03/finland-blames-chinese-hacking-group.html www.secnews.physaphae.fr/article.php?IdArticle=8472126 False Legislation APT 31 3.0000000000000000 Bleeping Computer - Magazine Américain The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country\'s parliament disclosed in March 2021. [...]]]> 2024-03-26T17:23:54+00:00 https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8471001 False Legislation APT 31 3.0000000000000000 Checkpoint - Fabricant Materiel Securite lundi, l'administration Biden a annoncé un acte d'accusation criminel et des sanctions contre un groupe de pirates chinois pour leur rôle dans la conduite prétendument des hacks contre les entreprises aux États-Unis, ainsi que des représentants du gouvernement.Le gouvernement américain a inculpé sept pirates, du groupe connu sous le nom d'APT31;Dans une décision connexe, le gouvernement britannique a annoncé des sanctions contre une entreprise de front, ainsi que deux personnes en lien avec une violation à la Commission électorale du Royaume-Uni.Le gouvernement américain a noté que le groupe avait passé environ 14 ans à cibler les entreprises américaines et étrangères et les responsables politiques.«Aujourd'hui, les gouvernements du Royaume-Uni et des États-Unis [& # 8230;]

---

>On Monday, the Biden administration announced a criminal indictment and sanctions against a group of Chinese hackers for their role in allegedly conducting hacks against companies in the US, as well as government officials. The US government charged seven hackers, from the group known as APT31; in a related move, the British government announced sanctions on a front company, as well as two individuals in connection with a breach at the UK\'s Electoral Commission. The US government noted that the group spent about 14 years targeting US and foreign businesses and political officials. “Today both the UK and US governments […] ]]> 2024-03-26T14:57:51+00:00 https://blog.checkpoint.com/security/us-and-uk-governments-take-stand-against-apt31-state-affiliated-hacking-group/ www.secnews.physaphae.fr/article.php?IdArticle=8470789 False None APT 31 3.0000000000000000 Dark Reading - Informationweek Branch The US and the UK charge seven Chinese nationals for operating as part of threat group APT31.]]> 2024-03-25T21:20:40+00:00 https://www.darkreading.com/cyber-risk/chinese-state-hackers-slapped-with-us-charges-sanctions www.secnews.physaphae.fr/article.php?IdArticle=8470383 False Threat APT 31 3.0000000000000000 SecurityWeek - Security News Le Département du Trésor américain sanctionne une paire de pirates chinois liés à des «cyber-opérations malveillantes ciblant les secteurs des infrastructures critiques».

---

>The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.” ]]> 2024-03-25T18:50:17+00:00 https://www.securityweek.com/us-treasury-slaps-sanctions-on-china-linked-apt31-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8470303 False None APT 31 2.0000000000000000 Recorded Future - FLux Recorded Future Les États-Unis ont sanctionné une société basée à Wuhan qui serait un front pour le ministère d'État de la Sécurité de la Chine lundi à la suite de dizaines d'attaques contre des infrastructures critiques. & NBSP;Les départements de la justice et du trésor ont accusé Wuhan Xiaoruizhi Science and Technology Company d'être une couverture pour APT31 - un groupe de piratage basé en Chine connu pour son ciblage précédemment

---

The U.S. sanctioned a Wuhan-based company believed to be a front for China\'s Ministry of State Security on Monday following dozens of attacks on critical infrastructure.  The Justice and Treasury Departments accused Wuhan Xiaoruizhi Science and Technology Company of being a cover for APT31 - a notorious China-based hacking group known for previously targeting]]> 2024-03-25T17:50:21+00:00 https://therecord.media/us-sanctions-chinese-hackers-infrastructure-attacks www.secnews.physaphae.fr/article.php?IdArticle=8470278 False None APT 31 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s NCSC assesses that China-backed APT31 was “almost certainly” responsible for hacking the email accounts of UK parliamentarians]]> 2024-03-25T15:50:00+00:00 https://www.infosecurity-magazine.com/news/uk-blames-china-for-2021-electoral/ www.secnews.physaphae.fr/article.php?IdArticle=8470233 False Hack APT 31 2.0000000000000000 Zataz - Magazine Francais de secu 2024-03-19T14:01:20+00:00 https://www.zataz.com/lazarus-group-htx-heco/ www.secnews.physaphae.fr/article.php?IdArticle=8466703 False Hack APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Le groupe de piratage de Lazarus de la Corée du Nord aurait repris un ancien service afin de laver 23 millions de dollars volés lors d'une attaque en novembre. & NBSP;Les enquêteurs de la société de recherche Blockchain, Elliptic, ont déclaré vendredi qu'au dernier jour où ils avaient & nbsp;vu les fonds - une partie des 112,5 millions de dollars volés au HTX

---

North Korea\'s Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.  Investigators at blockchain research company Elliptic said on Friday that in the last day they had  seen the funds - part of the $112.5 million stolen from the HTX]]> 2024-03-15T18:33:59+00:00 https://therecord.media/lazarus-group-north-korea-tornado-cash-money-laundering www.secnews.physaphae.fr/article.php?IdArticle=8464489 False None APT 38 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-03-14T14:20:00+00:00 https://blog.knowbe4.com/despite-prepared-for-image-based-attacks-most-organizations-have-been-compromised www.secnews.physaphae.fr/article.php?IdArticle=8463827 False None APT 3 3.0000000000000000 AhnLab - Korean Security Firm aperçu du 13 février 2024, Microsoft a annoncé une élévation du noyau Windows des privilèges Vulnérabilité CVE-2012-21338correctif.La vulnérabilité se produit à certains ioctl de & # 8220; appid.sys & # 8221;Connu sous le nom de pilote AppLocker, l'une des fonctionnalités Windows.L'acteur de menace peut lire et écrire sur une mémoire de noyau aléatoire en exploitant la vulnérabilité, et peut soit désactiver les produits de sécurité ou gagner le privilège du système.Avast a rapporté que le groupe de menaces Lazarus a récemment utilisé la vulnérabilité CVE-2024-21338 à désactiver les produits de sécurité.Ainsi, les utilisateurs de Windows OS sont ...

---

Overview On February 13th, 2024, Microsoft announced a Windows Kernel Elevation of Privilege Vulnerability CVE-2024-21338 patch. The vulnerability occurs at certain IOCTL of “appid.sys” known as AppLocker‘s driver, one of the Windows feature. The threat actor can read and write on a random kernel memory by exploiting the vulnerability, and can either disable security products or gain system privilege. AVAST reported that the Lazarus threat group has recently used CVE-2024-21338 vulnerability to disable security products. Thus, Windows OS users are... ]]> 2024-03-06T08:56:56+00:00 https://asec.ahnlab.com/en/62668/ www.secnews.physaphae.fr/article.php?IdArticle=8459725 False Vulnerability,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch North Korean state actors Lazarus Group used a Windows AppLocker zero day, along with a new and improved rootkit, in a recent cyberattack, researchers report.]]> 2024-03-01T00:17:13+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-zero-day-used-by-lazarus-in-rootkit-attack www.secnews.physaphae.fr/article.php?IdArticle=8457255 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part]]> 2024-02-29T16:49:00+00:00 https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8456930 False Vulnerability,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most]]> 2024-02-29T13:47:00+00:00 https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8456854 False Malware APT 38 4.0000000000000000 SecurityWeek - Security News Le groupe nord-coréen Lazarus a exploité le conducteur Applocker Zero-Day CVE-2024-21338 pour l'escalade des privilèges dans les attaques impliquant Fudmodule Rootkit.

---

>North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. ]]> 2024-02-29T10:28:36+00:00 https://www.securityweek.com/windows-zero-day-exploited-by-north-korean-hackers-in-rootkit-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8456926 False Vulnerability,Threat APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain Japan\'s Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. [...]]]> 2024-02-28T10:04:50+00:00 https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8456467 False Malware APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The latest ploy by the APT also known as Charming Cypress targets policy experts in the Middle East, Europe, and the US.]]> 2024-02-22T14:09:46+00:00 https://www.darkreading.com/vulnerabilities-threats/iran-backed-charming-kitten-stages-fake-webinar-platform-to-ensnare-targets www.secnews.physaphae.fr/article.php?IdArticle=8453731 False None APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a]]> 2024-02-19T10:09:00+00:00 https://thehackernews.com/2024/02/iranian-hackers-target-middle-east.html www.secnews.physaphae.fr/article.php?IdArticle=8452155 False Threat APT 35 2.0000000000000000 Volexity - Cyber Firms Grâce à ses offres de services de sécurité gérées, la volexité identifie régulièrement des campagnes de phisseur de lance ciblant ses clients.Un acteur de menace persistant, dont la volexité des campagnes observe fréquemment, est l'acteur de menace d'origine iranienne CharmingCypress (alias Charming Kitten, Apt42, TA453).La volexité évalue que CharmingCypress est chargé de collecter des renseignements politiques contre les cibles étrangères, en particulier en se concentrant sur les groupes de réflexion, les ONG et les journalistes.Dans leurs campagnes de phishing, CharmingCypress utilise souvent des tactiques inhabituelles d'ingénierie sociale, comme engager des cibles dans des conversations prolongées par e-mail avant d'envoyer des liens vers un contenu malveillant.Dans une campagne de lance de lance particulièrement notable observée par volexité, CharmingCypress est allé jusqu'à créer une plate-forme de webinaire entièrement fausse à utiliser dans le cadre de l'attrait.CharmingCypress contrôlé un accès à cette plate-forme, nécessitant des cibles pour installer des applications VPN chargées de logiciels malveillants avant d'accorder l'accès.Remarque: Un contenu dans ce blog a récemment été discuté dans le rapport de Microsoft \\, de nouveaux TTP observés dans la campagne de Sandstorm de Mint ciblant des individus de haut niveau dans les universités et [& # 8230;]

---

>Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observes, is the Iranian-origin threat actor CharmingCypress (aka Charming Kitten, APT42, TA453). Volexity assesses that CharmingCypress is tasked with collecting political intelligence against foreign targets, particularly focusing on think tanks, NGOs, and journalists. In their phishing campaigns, CharmingCypress often employs unusual social-engineering tactics, such as engaging targets in prolonged conversations over email before sending links to malicious content. In a particularly notable spear-phishing campaign observed by Volexity, CharmingCypress went so far as to craft an entirely fake webinar platform to use as part of the lure. CharmingCypress controlled access to this platform, requiring targets to install malware-laden VPN applications prior to granting access. Note: Some content in this blog was recently discussed in Microsoft\'s report, New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and […] ]]> 2024-02-13T14:47:15+00:00 https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/ www.secnews.physaphae.fr/article.php?IdArticle=8449587 False Threat APT 35,APT 42 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates d'État nord-coréens visent des organisations de médias et des universitaires de haut niveau dans une nouvelle campagne d'espionnage, selon un nouveau Rapport publié cette semaine.L'objectif de ces attaques, attribué par des chercheurs de Sentinelabs à un groupe de pirates connu sous le nom de Scarcruft ou APT37, est de «recueillir des renseignements stratégiques» qui peuvent «contribuer à la prise de décision de la Corée du Nord \\

---

North Korean state hackers are targeting media organizations and high-profile academics in a new espionage campaign, according to a new report released this week. The goal of these attacks, attributed by researchers at SentinelLabs to a hacker group known as ScarCruft or APT37, is to “gather strategic intelligence” that can “contribute to North Korea\'s decision-making]]> 2024-01-24T14:00:00+00:00 https://therecord.media/scarcruft-apt37-north-korea-espionage-south-korea-media-academia www.secnews.physaphae.fr/article.php?IdArticle=8442554 False None APT 37 3.0000000000000000 AhnLab - Korean Security Firm à travers le groupe & # 8220; Lazarus utilise la technique de chargement latéral DLL & # 8221;[1] Article de blog, Ahnlab Security Intelligence Center (ASEC) a précédemment couvert comment le groupe Lazare a utilisé la technique d'attaque de chargement de chargement DLL en utilisant des applications légitimes au stade d'accès initial pour atteindre la prochaine étape de leur processus d'attaque.Ce billet de blog couvrira les variantes de DLL ajoutées et leur routine de vérification pour les cibles.Le groupe Lazare est un groupe approprié qui cible les entreprises sud-coréennes, les institutions, les groupes de réflexion et autres.Sur ...

---

Through the “Lazarus Group Uses the DLL Side-Loading Technique” [1] blog post, AhnLab SEcurity intelligence Center(ASEC) has previously covered how the Lazarus group used the DLL side-loading attack technique using legitimate applications in the initial access stage to achieve the next stage of their attack process. This blog post will cover the added DLL variants and their verification routine for the targets. The Lazarus group is an APT group that targets South Korean companies, institutions, think tanks, and others. On... ]]> 2024-01-23T00:40:00+00:00 https://asec.ahnlab.com/en/60792/ www.secnews.physaphae.fr/article.php?IdArticle=8441897 False None APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Based on fresh infection routines the APT is testing, it\'s looking to harvest threat intelligence in order to improve operational security and stealth.]]> 2024-01-22T20:30:00+00:00 https://www.darkreading.com/threat-intelligence/north-koreasc-arcruft-attackers-target-cybersecurity-pros www.secnews.physaphae.fr/article.php?IdArticle=8441819 False Threat APT 37 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

A glimpse into future ScarCruft campaigns - Attackers gather strategic intelligence and target cybersecurity professionals. In collaboration with NK News, SentinelLabs has been tracking campaigns targeting experts in North Korean affairs from South Korea\'s academic sector and a news organisation focused on North Korea. SentinelLabs has observed persistent targeting of the same individuals over a span of two months. - Malware Update]]> 2024-01-22T14:45:41+00:00 https://www.globalsecuritymag.fr/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic.html www.secnews.physaphae.fr/article.php?IdArticle=8441691 False None APT 37 3.0000000000000000 SentinelOne (APT) - Cyber Firms New ScarCruft activity suggests the adversary is planning to target cybersecurity professionals and businesses.]]> 2024-01-22T13:55:47+00:00 https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/ www.secnews.physaphae.fr/article.php?IdArticle=8441698 False None APT 37 3.0000000000000000 Dark Reading - Informationweek Branch The FalseFont backdoor allows operators to remotely access an infected system and launch additional files.]]> 2023-12-22T16:45:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/iran-peach-sandstorm-cyberattackers-global-defense www.secnews.physaphae.fr/article.php?IdArticle=8427467 False None APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "]]> 2023-12-22T11:04:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html www.secnews.physaphae.fr/article.php?IdArticle=8427216 False Threat,Industrial APT33,APT 33 3.0000000000000000 HackRead - Chercher Cyber waqas PEACH SANDSTORM, également reconnu comme l'Holmium, s'est récemment concentré sur les cibles de la base industrielle de la défense mondiale (DIB). Ceci est un article de HackRead.com Lire le post original: L'Iran & # 8217; s Peach Sandstorm Deploy Deploy Falsefont Backdoor dans le secteur de la défense

---

By Waqas Peach Sandstorm, also recognized as HOLMIUM, has recently focused on global Defense Industrial Base (DIB) targets. This is a post from HackRead.com Read the original post: Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector]]> 2023-12-21T20:46:58+00:00 https://www.hackread.com/iran-peach-sandstorm-falsefont-backdoor-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8426987 False Industrial APT 33 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [...]]]> 2023-12-21T15:28:06+00:00 https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8426986 False Malware APT33,APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader]]> 2023-12-14T18:00:00+00:00 https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html www.secnews.physaphae.fr/article.php?IdArticle=8422615 False Malware,Threat APT 34 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de cyber-espionnage lié au gouvernement iranien a développé plusieurs nouveaux téléchargeurs de logiciels malveillants au cours des deux dernières années et les a récemment utilisés pour cibler des organisations en Israël.Des chercheurs de la société Slovaquie ESET attribué Les téléchargeurs nouvellement découverts au groupe iranien de menace persistant avancé Oilrig, également connu sous le nom d'APT34.Selon les rapports précédents

---

A cyber-espionage group linked to the Iranian government developed several new malware downloaders over the past two years and has recently been using them to target organizations in Israel. Researchers at the Slovakia-based company ESET attributed the newly discovered downloaders to the Iranian advanced persistent threat group OilRig, also known as APT34. Previous reports said]]> 2023-12-14T16:30:00+00:00 https://therecord.media/oilrig-apt34-iran-linked-hackers-new-downloaders-israel www.secnews.physaphae.fr/article.php?IdArticle=8422737 False Malware,Threat APT 34 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications]]> 2023-12-14T10:30:00+00:00 https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ www.secnews.physaphae.fr/article.php?IdArticle=8422763 False Cloud APT 34 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Cisco Talos has discovered a new campaign conducted by the Lazarus Group, called "Operation Blacksmith," which employs at least three new DLang-based malware families, two of which are remote access trojans (RATs), where one of these uses Telegram bots and channels as a medium of command and control (C2) communications. The RATs are named "NineRAT" and "DLRAT," and the downloader is called "BottomLoader." The campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228 (Log4j). Lazarus has targeted manufacturing, agricultural, and physical security companies. The malware is written in DLang, indicating a definitive shift in TTPs from APT groups falling under the Lazarus umbrella with the increased adoption of malware being authored using non-traditional frameworks such as the Qt framework, including MagicRAT and QuiteRAT. #### Reference URL(s) 1. https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ #### Publication Date December 11, 2023 #### Author(s) Jungsoo An ]]> 2023-12-13T19:34:57+00:00 https://community.riskiq.com/article/04580784 www.secnews.physaphae.fr/article.php?IdArticle=8422247 False Malware,Vulnerability APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le phosphore a appelé les organisations avec des systèmes cyber-physiques (CPS) pour résoudre les problèmes de mauvaise configuration clés qui les rendent vulnérables ...

---

>Phosphorus has called upon organizations with cyber-physical systems (CPS) to address key misconfiguration issues that leave them vulnerable... ]]> 2023-12-13T10:21:31+00:00 https://industrialcyber.co/news/phosphorus-cps-protection-platform-is-said-to-match-cisa-mitigation-guidance-for-top-misconfiguration-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8422006 False None APT 35 3.0000000000000000 The Register - Site journalistique Anglais Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel\'s NSO should be considered cyber mercenaries – and become the subject of a concerted international response – according to a Monday report from Delhi-based think tank Observer Research Foundation (ORF).…]]> 2023-12-13T06:05:28+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/13/cyber_mercenary_orf_report/ www.secnews.physaphae.fr/article.php?IdArticle=8421881 False None APT 38 2.0000000000000000 Silicon - Site de News Francais 2023-12-12T10:21:10+00:00 https://www.silicon.fr/log4j-menace-persiste-474135.html www.secnews.physaphae.fr/article.php?IdArticle=8421459 False None APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cisco Talos discovered a new campaign conducted by the Lazarus Group that it has codenamed \'Operation Blacksmith,\' employing... ]]> 2023-12-12T09:32:48+00:00 https://industrialcyber.co/threats-attacks/cisco-reveals-operation-blacksmith-as-lazarus-targets-organizations-with-new-telegram-based-malware-in-dlang/ www.secnews.physaphae.fr/article.php?IdArticle=8421437 False Malware APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés à Groupe de Lazarus de la Corée du Nord ont exploité le Vulnérabilité LOG4J Dans une campagne d'attaques ciblant les entreprises dans les secteurs de la fabrication, de l'agriculture et de la sécurité physique.Connu sous le nom de «Faire du forgeron de l'opération», la campagne a vu les pirates de Lazarus utiliser au moins trois nouvelles familles de logiciels malveillants, selon des chercheurs de Cisco Talos qui ont nommé l'un des

---

Hackers connected to North Korea\'s Lazarus Group have been exploiting the Log4j vulnerability in a campaign of attacks targeting companies in the manufacturing, agriculture and physical security sectors. Known as “Operation Blacksmith,” the campaign saw Lazarus hackers use at least three new malware families, according to researchers at Cisco Talos who named one of the]]> 2023-12-11T20:30:00+00:00 https://therecord.media/north-korean-hackers-using-log www.secnews.physaphae.fr/article.php?IdArticle=8421198 False Malware,Vulnerability APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based]]> 2023-12-11T18:30:00+00:00 https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html www.secnews.physaphae.fr/article.php?IdArticle=8421079 False Threat APT 38 3.0000000000000000 The Register - Site journalistique Anglais 2023-12-11T18:08:15+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/11/lazarus_group_edang/ www.secnews.physaphae.fr/article.php?IdArticle=8421157 False Malware APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco Talos said Operation Blacksmith leveraged the flaw in publicly facing VMWare Horizon servers]]> 2023-12-11T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-log4shell-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8421119 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [...]]]> 2023-12-11T16:25:32+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-new-rat-malware-using-2-year-old-log4j-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8421215 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The infamous vulnerability may be on the older side at this point, but North Korea\'s primo APT Lazarus is creating new, unique malware around it at a remarkable clip.]]> 2023-12-11T16:15:00+00:00 https://www.darkreading.com/threat-intelligence/lazarus-group-still-juicing-log4shell-rats-written-d www.secnews.physaphae.fr/article.php?IdArticle=8421118 False Malware,Vulnerability APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future La police métropolitaine de Séoul a accusé mardi un groupe de piratage nord-coréen de cibler des sociétés sud-coréennes liées à l'industrie de la défense et de voler des informations sensibles sur les systèmes d'armes anti-aériens.Dans un communiqué de presse, faire connaître l'enquête sur le groupe de piratage d'Andariel - qui a des liens vers le célèbre groupe de Lazare - la police a déclaré qu'ils

---

The Seoul Metropolitan Police on Tuesday accused a North Korean hacking group of targeting South Korean companies connected to the defense industry and stealing sensitive information about anti-aircraft weapon systems. In a press release publicizing the investigation into the Andariel hacking group - which has links to the notorious Lazarus Group - police said they]]> 2023-12-06T21:30:00+00:00 https://therecord.media/north-korea-hackers-stole-anti-aircraft-system-data www.secnews.physaphae.fr/article.php?IdArticle=8419690 False None APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.]]> 2023-11-30T17:35:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/feds-seize-sinbad-crypto-mixer-used-by-north-korea-s-lazarus www.secnews.physaphae.fr/article.php?IdArticle=8418122 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors from the Democratic People\'s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime\'s]]> 2023-11-30T17:25:00+00:00 https://thehackernews.com/2023/11/north-koreas-lazarus-group-rakes-in-3.html www.secnews.physaphae.fr/article.php?IdArticle=8418053 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars\' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said. "Sinbad is also used by]]> 2023-11-30T11:39:00+00:00 https://thehackernews.com/2023/11/us-treasury-sanctions-sinbad.html www.secnews.physaphae.fr/article.php?IdArticle=8417988 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Le département du Trésor américain le mercredi sanctionné Un mélangeur de crypto-monnaie populaire utilisé pour blanchir les fonds volés par des pirates liés au gouvernement nord-coréen.Le Contrôle des actifs étrangers (OFAC) du Département du Trésor a annoncé de nouvelles sanctions sur Sinbad.io, qui, selon les responsables

---

The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department\'s Office of Foreign Assets Control (OFAC) announced new sanctions on Sinbad.io, which officials said has been used by North Korea\'s Lazarus Group to process millions of dollars\' worth]]> 2023-11-29T21:45:00+00:00 https://therecord.media/us-treasury-sanctions-sinbad-crypto-mixer www.secnews.physaphae.fr/article.php?IdArticle=8417908 False None APT 38,APT 38 2.0000000000000000 HackRead - Chercher Cyber Par waqas US Treasury sanctions Sinbad.io pour blanchir des millions de fonds volés liés au groupe de Lazarus de la Corée du Nord. Ceci est un article de HackRead.com Lire le message original: US saisit le mélangeur Bitcoin Sinbad.io utilisé par Lazarus Group

---

>By Waqas US Treasury Sanctions Sinbad.io for Laundering Millions in Stolen Funds Linked to North Korea\'s Lazarus Group. This is a post from HackRead.com Read the original post: US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group]]> 2023-11-29T19:37:23+00:00 https://www.hackread.com/us-seizes-bitcoin-mixer-sinbad-io-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8417881 False None APT 38,APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers.]]> 2023-11-28T17:30:00+00:00 https://www.darkreading.com/threat-intelligence/north-korean-apts-mix-and-match-malware-components-to-evade-detection www.secnews.physaphae.fr/article.php?IdArticle=8417572 False Malware APT 38,APT 38 2.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 17,APT 39,APT 39 3.0000000000000000 Wired Threat Level - Security News Whether you have sore muscles, tired eyes, or dull skin, there\'s a Therabody massager on sale that could help.]]> 2023-11-27T13:17:33+00:00 https://www.wired.com/story/therabody-theragun-cyber-monday-deals-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8417208 False None APT 37 1.00000000000000000000 AhnLab - Korean Security Firm tout en surveillant les attaques récentes du groupe de menace Andariel, le centre d'intervention d'urgence de sécurité Ahnlab (ASEC) a découvert que le Centre d'AndarieAttaquer le cas dans lequel le groupe est supposé exploiter la vulnérabilité de l'exécution du code distant Apache ActiveMQ (CVE-2023-46604) pour installer des logiciels malveillants.Le groupe Andariel Threat cible généralement les entreprises et les institutions sud-coréennes, et le groupe est connu pour être soit dans une relation coopérative du groupe de menaces de Lazare, soit dans un groupe subsidiaire de Lazarus.Leurs attaques contre la Corée du Sud ont été les premières ...

---

While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions, and the group is known to be either in a cooperative relationship of the Lazarus threat group, or a subsidiary group of Lazarus. Their attacks against South Korea were first... ]]> 2023-11-27T01:16:58+00:00 https://asec.ahnlab.com/en/59318/ www.secnews.physaphae.fr/article.php?IdArticle=8417067 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain A joint advisory by the National Cyber Security Centre (NCSC) and Korea\'s National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea\'s National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou [...]]]> 2023-11-24T12:28:14+00:00 https://www.bleepingcomputer.com/news/security/uk-and-south-korea-hackers-use-zero-day-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8416630 False None APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...]]]> 2023-11-22T13:06:25+00:00 https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-breach-cyberlink-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8416021 False Malware APT 38,APT 38 3.0000000000000000 AhnLab - Korean Security Firm L'équipe d'analyse ASEC a identifié les circonstances du groupe Andariel distribuant des logiciels malveillants via une attaque en utilisant une certaine gestion des actifsprogramme.Le groupe Andariel est connu pour être dans une relation coopérative avec ou une organisation filiale du groupe Lazare.Le groupe Andariel lance généralement des attaques de phishing de lance, d'arrosage ou de chaîne d'approvisionnement pour la pénétration initiale.Il existe également un cas où le groupe a exploité une solution de gestion centrale pendant le processus d'installation de logiciels malveillants.Récemment, le groupe Andariel ...

---

The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering hole, or supply chain attacks for initial penetration. There is also a case where the group exploited a central management solution during the malware installation process. Recently, the Andariel group... ]]> 2023-11-20T06:31:18+00:00 https://asec.ahnlab.com/en/59073/ www.secnews.physaphae.fr/article.php?IdArticle=8414705 False Malware,Technical APT 38,APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor\\\'s tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a]]> 2023-11-11T19:03:00+00:00 https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html www.secnews.physaphae.fr/article.php?IdArticle=8409670 False Threat APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage iranien a ciblé les organisations dans les secteurs du transport, de la logistique et de la technologie d'Israël le mois dernier au milieu d'une augmentation de la cyber-activité iranienne depuis le début de la guerre d'Israël avec le Hamas.Des chercheurs de la société de cybersécurité Crowdstrike \'s Counter Adversary Operations ont attribué l'activité à Charming Kitten, un Group iranien avancé de menace persistante (APT) , dans un [rapport

---

An Iranian hacking group targeted organizations in Israel\'s transportation, logistics and technology sectors last month amid an uptick in Iranian cyber activity since the start of Israel\'s war with Hamas. Researchers at the cybersecurity company CrowdStrike\'s Counter Adversary Operations attributed the activity to Charming Kitten, an Iranian advanced persistent threat (APT) group, in a [report]]> 2023-11-09T18:00:00+00:00 https://therecord.media/charming-kitten-targeted-israel-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8408636 False Threat APT 35 2.0000000000000000 HackRead - Chercher Cyber Par waqas Bluenoroff est un sous-groupe du plus grand groupe soutenu par l'État nord-coréen appelé Lazarus. Ceci est un article de HackRead.com Lire le post original: Bluenoroff APT lié à Lazare ciblant les macOS avec des logiciels malveillants objcshellz

---

>By Waqas BlueNoroff is a subgroup of the larger North Korean state-backed group called Lazarus. This is a post from HackRead.com Read the original post: Lazarus-Linked BlueNoroff APT Targeting macOS with ObjCShellz Malware]]> 2023-11-08T10:34:54+00:00 https://www.hackread.com/lazarus-bluenoroff-apt-macos-objcshellz-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8407874 False Malware APT 38,APT 38 2.0000000000000000 CyberWarzone - Cyber News [plus ...]

---

Ever found yourself musing over the future of combat at sea? I mean, it’s not your everyday chatter, but imagine the ocean teeming with these [more...]]]> 2023-11-05T17:35:51+00:00 https://cyberwarzone.com/are-maritime-drones-the-future-of-naval-warfare/ www.secnews.physaphae.fr/article.php?IdArticle=8406328 False None APT 32 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Un autre jour, une autre opération de logiciels malveillants par le tristement célèbre groupe de Lazare ciblant les ingénieurs de la blockchain et les utilisateurs de crypto. Ceci est un article de HackRead.com Lire le post original: Lazarus groupe LazarusUtilise des logiciels malveillants de Kandykorn MacOS pour le vol cryptographique

---

>By Deeba Ahmed Another day, another malware operation by the infamous Lazarus group targeting blockchain engineers and crypto users. This is a post from HackRead.com Read the original post: Lazarus Group uses KandyKorn macOS malware for crypto theft]]> 2023-11-03T20:01:17+00:00 https://www.hackread.com/lazarus-kandykorn-macos-malware-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8405492 False Malware APT 38,APT 38 3.0000000000000000 Dark Reading - Informationweek Branch Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.]]> 2023-11-03T18:55:00+00:00 https://www.darkreading.com/endpoint/kandykorn-macos-malware-lures-crypto-engineers www.secnews.physaphae.fr/article.php?IdArticle=8405460 False Malware APT 38,APT 38 2.0000000000000000 SecurityWeek - Security News Security researchers uncover new macOS and Windows malware associated with the North Korea-linked Lazarus Group. ]]> 2023-11-03T14:10:49+00:00 https://www.securityweek.com/north-korean-hackers-use-new-kandykorn-macos-malware-in-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8405892 False Malware APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain A new macOS malware dubbed \'KandyKorn\' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. [...]]]> 2023-11-02T15:22:01+00:00 https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-targets-cryptocurrency-engineers/ www.secnews.physaphae.fr/article.php?IdArticle=8404890 False Malware APT 38,APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The government-backed APT\'s new malware framework represents a step up in Iran\'s cyber sophistication.]]> 2023-11-02T14:46:00+00:00 https://www.darkreading.com/dr-global/-scarred-manticore-unleashes-most-advanced-iranian-espionage www.secnews.physaphae.fr/article.php?IdArticle=8404734 False Malware APT 34 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à la Corée du Nord ciblent les ingénieurs de blockchain \\ 'Apple avec de nouveaux logiciels malveillants avancés, ont révélé des chercheurs.Les tactiques et les techniques utilisées dans la campagne chevauchent l'activité du groupe de pirates nord-coréen parrainé par l'État Lazarus, comme l'a rapporté la société de cybersécurité Elastic Security Labs.L'objectif probable des pirates est de voler la crypto-monnaie comme

---

Hackers linked to North Korea are targeting blockchain engineers\' Apple devices with new, advanced malware, researchers have found. The tactics and techniques used in the campaign overlap with the activity of the North Korean state-sponsored hacker group Lazarus, as reported by cybersecurity firm Elastic Security Labs. The hackers\' likely goal is to steal cryptocurrency as]]> 2023-11-02T12:47:00+00:00 https://therecord.media/blockchain-engineers-crypto-exchange-macos-malware-north-korea www.secnews.physaphae.fr/article.php?IdArticle=8404681 False Malware APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) State-sponsored threat actors from the Democratic People\'s Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023, exhibits overlaps with the infamous adversarial collective Lazarus Group, citing an analysis of the]]> 2023-11-01T14:32:00+00:00 https://thehackernews.com/2023/11/north-korean-hackers-tageting-crypto.html www.secnews.physaphae.fr/article.php?IdArticle=8403987 False Malware,Threat APT 38,APT 38 2.0000000000000000 HackRead - Chercher Cyber deeba ahmed Les chercheurs pensent que l'objectif principal derrière cette campagne est l'espionnage. Ceci est un article de HackRead.com Lire le post original: L'Iran Manticore cicatriciel des Targets du Moyen-Orient avec des logiciels malveillants liontail

---

By Deeba Ahmed Researchers believe that the primary goal behind this campaign is espionage. This is a post from HackRead.com Read the original post: Iran’s Scarred Manticore Targets Middle East with LIONTAIL Malware]]> 2023-11-01T08:20:47+00:00 https://www.hackread.com/iran-scarred-manticore-middle-east-liontail-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8403968 False Malware APT 34,APT 34 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Check Point Research (CPR) is monitoring an ongoing Iranian espionage campaign by Scarred Manticore, an actor affiliated with the Ministry of Intelligence and Security (MOIS). The attacks rely on LIONTAIL, an advanced passive malware framework installed on Windows servers. For stealth purposes, LIONTIAL implants utilize direct calls to Windows HTTP stack driver HTTP.sys to load memory-residents payloads. The current campaign peaked in mid-2023, going under the radar for at least a year. The campaign targets high-profile organizations in the Middle East with a focus on government, military, and telecommunications sectors, in addition to IT service providers, financial organizations and NGOs. Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety of custom web shells, custom DLL backdoors, and driver-based implants. While the main motivation behind Scarred Manticore\'s operation is espionage, some of the tools described in this report have been associated with the MOIS-sponsored destructive attack against Albanian government infrastructure (referred to as DEV-0861). #### Reference URL(s) 1. https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/ #### Publication Date October 31, 2023 #### Author(s) Check Point Research ]]> 2023-10-31T19:45:32+00:00 https://community.riskiq.com/article/b37061cc www.secnews.physaphae.fr/article.php?IdArticle=8403717 False Malware,Tool APT 34,APT 34 2.0000000000000000 Recorded Future - FLux Recorded Future Un acteur iranien de la menace nationale cible des organisations de haut niveau au Moyen-Orient dans une campagne d'espionnage en cours, selon un nouveau rapport.Suivi en tant que Manticore marqué, le groupe cible principalement les secteurs du gouvernement, des militaires et des télécommunications en Arabie saoudite, aux Émirats arabes unis, en Jordanie, au Koweït, à Oman, en Irak et en Israël.Ces dernières années, Manticore marqué a

---

An Iranian nation-state threat actor is targeting high-profile organizations in the Middle East in an ongoing espionage campaign, according to a new report. Tracked as Scarred Manticore, the group primarily targets government, military, and telecom sectors in Saudi Arabia, the United Arab Emirates, Jordan, Kuwait, Oman, Iraq, and Israel. In recent years, Scarred Manticore has]]> 2023-10-31T19:30:00+00:00 https://therecord.media/iranian-hackers-spy-on-governments-military-middle-east www.secnews.physaphae.fr/article.php?IdArticle=8403704 False Threat APT 34 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Discovered by Check Point Research (CPR) and Sygnia, the campaign peaked in mid-2023]]> 2023-10-31T16:30:00+00:00 https://www.infosecurity-magazine.com/news/scarred-manticore-targets-middle/ www.secnews.physaphae.fr/article.php?IdArticle=8403582 False Malware APT 34 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: 1. Intrudeurs silencieux: Manticore marqué, un groupe de cyber-menaces iranien lié à Mois (Ministère des renseignements & # 38; Security), gère tranquillement une opération d'espionnage sophistiquée furtive au Moyen-Orient.En utilisant leur dernier cadre d'outils de logiciels malveillants, Liontail, ils volent sous le radar depuis plus d'un an.2. Secteurs ciblés: La campagne se concentre sur les grands joueurs-gouvernement, militaire, télécommunications, informatique, finance et ONG au Moyen-Orient.Manticore marqué est une question de données systématiquement en train de saisir des données, montrant leur engagement envers les cibles de grande valeur.3. Évolution des tactiques: le livre de jeu de Manticore Scarre est passé des attaques de base de shell sur les serveurs Windows à [& # 8230;]

---

>Highlights: 1. Silent Intruders: Scarred Manticore, an Iranian cyber threat group linked to MOIS (Ministry of Intelligence & Security), is quietly running a stealthy sophisticated spying operation in the Middle East. Using their latest malware tools framework, LIONTAIL, they have been flying under the radar for over a year. 2. Targeted Sectors: The campaign focuses on big players-government, military, telecom, IT, finance, and NGOs in the Middle East. Scarred Manticore is all about systematically nabbing data, showing their commitment to high-value targets. 3. Evolution of Tactics: Scarred Manticore’s playbook has evolved from basic web shell attacks on Windows Servers to […] ]]> 2023-10-31T10:56:45+00:00 https://blog.checkpoint.com/security/unraveling-the-scarred-manticore-saga-a-riveting-epic-of-high-stakes-espionage-unfolding-in-the-heart-of-the-middle-east/ www.secnews.physaphae.fr/article.php?IdArticle=8403439 False Malware,Tool,Threat APT 34 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Résultats clés Introduction Les recherches sur les points de contrôle, en collaboration avec l'équipe de réponse aux incidents de Sygnia \\, ont suivi et répondu aux activités de & # 160; marqué Manticore, un acteur iranien de la menace nationale qui cible principalement le gouvernement etsecteurs de télécommunications au Moyen-Orient.Manticore marqué, lié au prolifique acteur iranien Oilrig (alias APT34, Europium, Hazel Sandstorm), a constamment poursuivi [& # 8230;]

---

>Key Findings Introduction Check Point Research, in collaboration with Sygnia\'s Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunication sectors in the Middle East. Scarred Manticore, linked to the prolific Iranian actor OilRig (a.k.a APT34, EUROPIUM, Hazel Sandstorm), has persistently pursued […] ]]> 2023-10-31T10:56:34+00:00 https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/ www.secnews.physaphae.fr/article.php?IdArticle=8403445 False Threat APT 34,APT 34 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky unveiled the cyber campaign at the Security Analyst Summit]]> 2023-10-30T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-targets-legitimate/ www.secnews.physaphae.fr/article.php?IdArticle=8403072 False Malware APT 38 2.0000000000000000 CyberWarzone - Cyber News [Plus ...]

---

The recent unveiling of a sinister alliance between an IT company and North Korean hackers, it’s evident that the cyber threat landscape has taken a [more...]]]> 2023-10-30T11:51:07+00:00 https://cyberwarzone.com/north-korean-lazarus-hackers-and-it-companys-billion-won-ransomware-heist/ www.secnews.physaphae.fr/article.php?IdArticle=8402774 False Ransomware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for]]> 2023-10-27T20:27:00+00:00 https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html www.secnews.physaphae.fr/article.php?IdArticle=8401494 False Malware,Tool,Threat APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés au gouvernement nord-coréen ont exploité une vulnérabilité dans un fournisseur de logiciels «haut de gamme» pour cibler ses clients, selon un récent Rapport .À la mi-juillet, les chercheurs de la société de cybersécurité Kaspersky ont détecté une série d'attaques contre plusieurs victimes ciblées via un logiciel de sécurité non identifié conçu pour crypter les communications Web à l'aide du numérique

---

Hackers connected to the North Korean government have exploited a vulnerability in a “high-profile” software vendor to target its customers, according to a recent report. In mid-July, researchers from the cybersecurity firm Kaspersky detected a series of attacks on several victims who were targeted through unidentified security software designed to encrypt web communications using digital]]> 2023-10-27T16:30:00+00:00 https://therecord.media/north-korean-hackers-exploit-software-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8401515 False Vulnerability,Threat APT 38 4.0000000000000000 Bleeping Computer - Magazine Américain The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [...]]]> 2023-10-27T12:15:29+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8401514 False Malware APT 38,APT 38 3.0000000000000000 Kaspersky - Kaspersky Research blog We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns]]> 2023-10-27T06:00:12+00:00 https://securelist.com/unveiling-lazarus-new-campaign/110888/ www.secnews.physaphae.fr/article.php?IdArticle=8401253 False None APT 38,APT 38 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Darktrace helps security operations centre (SOC) teams become more efficient by drastically cutting down the time needed to investigate incidents.]]> 2023-10-26T13:08:32+00:00 https://darktrace.com/blog/expediting-the-investigation-of-widespread-trojan-infections-with-darktrace www.secnews.physaphae.fr/article.php?IdArticle=8400834 False None APT 39 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé En octobre 2023, Netskope a analysé un document de mots malveillant et le malware qu'il contenait, surnommé «Menorah».Le malware a été attribué à un groupe de menaces persistant avancé APT34 et aurait été distribué par phisse de lance.Le fichier de bureau malveillant utilise le code VBA dispersé et obscurci pour échapper à la détection.Le groupe avancé des menaces persistantes cible [& # 8230;]

---

>Summary In October 2023, Netskope analyzed a malicious Word document and the  malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection.  The advanced persistent threat group targets […] ]]> 2023-10-25T19:00:00+00:00 https://www.netskope.com/blog/netskope-threat-coverage-menorah www.secnews.physaphae.fr/article.php?IdArticle=8400546 False Malware,Threat APT 34 2.0000000000000000 AhnLab - Korean Security Firm août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT

---

August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups ]]> 2023-10-23T02:22:16+00:00 https://asec.ahnlab.com/en/57930/ www.secnews.physaphae.fr/article.php?IdArticle=8399124 False Threat,Prediction APT 38,APT 38,APT 29,APT 37,APT 31 3.0000000000000000 SecurityWeek - Security News Le groupe de piratage lié à l'Iran, Crambus, a passé huit mois dans un réseau compromis d'un gouvernement du Moyen-Orient, les rapports de l'unité de cybersécurité de Broadcom \\ de Broadcom.

---

>Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government, Broadcom\'s Symantec cybersecurity unit reports. ]]> 2023-10-20T12:29:53+00:00 https://www.securityweek.com/iranian-hackers-lurked-for-8-months-in-government-network/ www.secnews.physaphae.fr/article.php?IdArticle=8398261 False None APT 34 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés au gouvernement d'Iran \\ ont passé huit mois à l'intérieur des systèmes d'un gouvernement du Moyen-Orient non spécifié, volant des fichiers et des e-mails, selon des chercheurs.La société de cybersécurité Symantec a attribué la campagne à un groupe qu'il appelle CambusMais d'autres appellent APT34, Oilrig ou Muddywater.L'intrusion a duré de février à septembre et tandis que le

---

Hackers connected to Iran\'s government spent eight months inside the systems of an unspecified Middle East government, stealing files and emails, according to researchers. Cybersecurity firm Symantec attributed the campaign to a group it calls Crambus but others refer to as APT34, OilRig or MuddyWater. The intrusion lasted from February to September, and while the]]> 2023-10-19T20:23:00+00:00 https://therecord.media/iran-linked-hackers-8-months-middle-east-government www.secnews.physaphae.fr/article.php?IdArticle=8397883 False Threat APT 34 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called PowerExchange, the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News]]> 2023-10-19T15:45:00+00:00 https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html www.secnews.physaphae.fr/article.php?IdArticle=8397652 False Threat APT 34 3.0000000000000000 Dark Reading - Informationweek Branch The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.]]> 2023-10-19T14:22:00+00:00 https://www.darkreading.com/dr-global/iran-linked-muddywater-spies-middle-east-govt-eight-months www.secnews.physaphae.fr/article.php?IdArticle=8397738 False Threat APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 (CVSS score: 9.8), have been attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It\'s worth noting that both the]]> 2023-10-19T12:41:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8397598 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group (aka Hidden Cobra or TEMP.Hermit) has been observed using trojanized versions of Virtual Network Computing (VNC) apps as lures to target the defense industry and nuclear engineers as part of a long-running campaign known as Operation Dream Job. "The threat actor tricks job seekers on social media into opening malicious apps for fake job interviews," Kaspersky]]> 2023-10-18T20:21:00+00:00 https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html www.secnews.physaphae.fr/article.php?IdArticle=8397305 False Threat APT 38,APT 38,APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont ciblé plus d'une douzaine d'entreprises de pétrole, de gaz et de défense en Europe de l'Est avec une version mise à jour du cadre de la porte dérobée MATA, selon récent Research .La porte dérobée MATA était auparavant attribué au groupe de pirates nord-coréen Lazarus.Les chercheurs de la société de cybersécurité Kaspersky, qui ont découvert cette campagne, ne se sont pas directement liés

---

Hackers have targeted more than a dozen oil, gas and defense firms in Eastern Europe with an updated version of the MATA backdoor framework, according to recent research. The MATA backdoor was previously attributed to the North Korean hacker group Lazarus. Researchers at the cybersecurity firm Kaspersky, who uncovered this campaign, did not directly link]]> 2023-10-18T20:15:00+00:00 https://therecord.media/eastern-europe-energy-and-defense-targeted-mata www.secnews.physaphae.fr/article.php?IdArticle=8397422 False Threat,Industrial APT 38 4.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. [...]]]> 2023-10-18T18:33:02+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8397455 False Vulnerability APT 38 3.0000000000000000 AhnLab - Korean Security Firm Le groupe Lazare est un groupe de piratage connu pour être parrainé par l'État et mène activement des activités de piratageDans le monde entier pour le gain financier, le vol de données et d'autres fins.Un aperçu simplifié de l'attaque du trou d'arrosage du groupe Lazare qui a abusé de la vulnérabilité inisafée est la suivante: un lien malveillant a été inséré dans un article spécifique sur un site Web d'actualités.Par conséquent, les entreprises et les institutions qui ont cliqué sur cet article étaient ciblées pour le piratage.Les pirates ont exploité des sites Web coréens vulnérables avec C2 ...

---

The Lazarus group is a hacking group that is known to be state-sponsored and is actively conducting hacking activities worldwide for financial gain, data theft, and other purposes. A simplified overview of the Lazarus group’s watering hole attack that abused the INISAFE vulnerability is as follows: a malicious link was inserted within a specific article on a news website. Consequently, companies and institutions that clicked on this article were targeted for hacking. The hackers exploited vulnerable Korean websites with C2... ]]> 2023-10-17T00:55:09+00:00 https://asec.ahnlab.com/en/57736/ www.secnews.physaphae.fr/article.php?IdArticle=8396477 False Vulnerability APT 38 2.0000000000000000 AhnLab - Korean Security Firm aperçu1.Analyse de la porte dérobée de Volgmer….1.1.Version précoce de Volgmer …… .. 1.1.1.Analyse des compte-gouttes Volgmer …… .. 1.1.2.Analyse de la porte dérobée de Volgmer….1.2.Version ultérieure de Volgmer …… .. 1.2.1.Analyse de Volgmer Backdoor2.Analyse du téléchargeur Scout….2.1.DIGNES (Volgmer, Scout)….2.2.Analyse du téléchargeur Scout …… .. 2.2.1.Scout Downloader v1 …… .. 2.2.2.Scout Downloader V23.Conclusion Table des matières Le groupe de menaces de Lazarus parrainé par l'État a des dossiers d'activité qui remontent à 2009. Au début, leurs activités étaient principalement axées sur ...

---

Overview1. Analysis of Volgmer Backdoor…. 1.1. Early Version of Volgmer…….. 1.1.1. Analysis of Volgmer Dropper…….. 1.1.2. Analysis of Volgmer Backdoor…. 1.2. Later Version of Volgmer…….. 1.2.1. Analysis of Volgmer Backdoor2. Analysis of Scout Downloader…. 2.1. Droppers (Volgmer, Scout)…. 2.2. Analysis of Scout Downloader…….. 2.2.1. Scout Downloader v1…….. 2.2.2. Scout Downloader v23. Conclusion Table of Contents The seemingly state-sponsored Lazarus threat group has records of activity that date back to 2009. In the early days, their activities were mostly focused on... ]]> 2023-10-13T08:21:01+00:00 https://asec.ahnlab.com/en/57685/ www.secnews.physaphae.fr/article.php?IdArticle=8395055 False Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions scrutiny, the crypto crime displacement to chain- or asset-hopping]]> 2023-10-06T20:26:00+00:00 https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html www.secnews.physaphae.fr/article.php?IdArticle=8392275 False None APT 38 2.0000000000000000