This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-29T14:36:55+00:00 www.secnews.physaphae.fr Techworm - News avertir dans un article de blog . «La seiche est en attente, reniflant passivement les paquets, n'agissant que lorsqu'il est déclenché par un ensemble de règles prédéfini.Le renifleur de paquets utilisé par la seiche a été conçu pour acquérir du matériel d'authentification, en mettant l'accent sur les services publics basés sur le cloud. » ]]> 2024-05-01T23:25:26+00:00 https://www.techworm.net/2024/05/malware-target-router-steal-password.html www.secnews.physaphae.fr/article.php?IdArticle=8491968 False Threat,Malware,Cloud,Technical APT 32 4.0000000000000000 CyberWarzone - Cyber News [plus ...]

---

Ever found yourself musing over the future of combat at sea? I mean, it’s not your everyday chatter, but imagine the ocean teeming with these [more...]]]> 2023-11-05T17:35:51+00:00 https://cyberwarzone.com/are-maritime-drones-the-future-of-naval-warfare/ www.secnews.physaphae.fr/article.php?IdArticle=8406328 False None APT 32 2.0000000000000000 Korben - Bloger francais 2023-10-05T07:00:00+00:00 https://korben.info/tio-des-interpreteurs-de-code-gratuits-pour-les-developpeurs-et-les-enseignants.html www.secnews.physaphae.fr/article.php?IdArticle=8391770 False None APT 32 2.0000000000000000 Detection Engineering - Blog Sécu And the cat complains a lot when things go wrong]]> 2023-09-20T12:01:22+00:00 https://www.detectionengineering.net/p/detection-engineering-weekly-41-oceans www.secnews.physaphae.fr/article.php?IdArticle=8385776 False None APT 32 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain imposé un « programme pilote interdisant la pêche dans certaines parties du sud-ouest de l’océan Atlantique de juillet à octobre et dans certaines parties de l’est de l’océan Pacifique de septembre à décembre ».Cependant, le groupe de conservation Oceana a analysé les données et a découvert que les Chinois ne pêchaient pas dans ces zones au cours de ces mois-là, de toute façon. < blockquote>Dans la zone du moratoire du sud-ouest de l'Atlantique, Oceana a constaté qu'aucune pêche n'avait été menée par les flottes chinoises au cours de la même période en 2019. Entre 1 800 et 8 500 heures de pêche ont été détectées dans la zone dans chacune descinq ans jusqu'en 2019. Dans la zone du Pacifique oriental, la flotte de pêche chinoise semblait ne pêcher que 38 heures au cours de l'année précédant l'introduction de l'interdiction...

---

China imposed a “pilot program banning fishing in parts of the south-west Atlantic Ocean from July to October, and parts of the eastern Pacific Ocean from September to December.” However, the conservation group Oceana analyzed the data and figured out that the Chinese weren’t fishing in those areas in those months, anyway. < blockquote>In the south-west Atlantic moratorium area, Oceana found there had been no fishing conducted by Chinese fleets in the same time period in 2019. Between 1,800 and 8,500 fishing hours were detected in the zone in each of the five years to 2019. In the eastern Pacific zone, China’s fishing fleet appeared to fish only 38 hours in the year before the ban’s introduction...]]> 2023-08-25T21:06:48+00:00 https://www.schneier.com/blog/archives/2023/08/friday-squid-blogging-chinas-squid-fishing-ban-ineffective.html www.secnews.physaphae.fr/article.php?IdArticle=8374653 False None APT 32 1.00000000000000000000 Recorded Future - FLux Recorded Future L'un des plus grands systèmes hospitaliers du Mississippi a été contraint de retirer plusieurs services internes hors ligne après avoir connu une cyberattaque qui a commencé la semaine dernière.Singing River Health System & # 8211;qui gère l'hôpital Pascagoula, l'Ocean Springs Hospital et l'hôpital Gulfport ainsi que des dizaines de cliniques et de centres le long de la côte du Golfe & # 8211;est à propos d'un

---

One of the largest hospital systems in Mississippi was forced to take several internal services offline after experiencing a cyberattack that began last week. Singing River Health System – which runs Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital as well as dozens of clinics and centers along the Gulf Coast – is about an]]> 2023-08-22T18:02:00+00:00 https://therecord.media/mississippi-hospital-system-takes-services-offline-after-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8373195 False None APT 32 3.0000000000000000 CVE Liste - Common Vulnerability Exposure A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.]]> 2023-08-16T15:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40341 www.secnews.physaphae.fr/article.php?IdArticle=8370819 False Vulnerability APT 32 None AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 35,APT 35,APT 25,APT 32,APT 32,APT 37,APT 37,APT 15,APT 15,APT 28,APT 28 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC SentinelOne in 2021 and Microsoft in 2022. As stated in Microsoft’s report on UpdateAgent, a malware delivering AdLoad through drive-by compromise, AdLoad redirected users’ traffic through the adware operators’ servers, injecting advertisements and promotions into webpages and search results with a Person-in-The-Middle (PiTM) attack. These two previous campaigns, together with the campaign described in this blog, support the theory that AdLoad could be running a pay-per-Install campaign in the infected systems. The main purpose of the malware has always been to act as a downloader for subsequent payloads. It has been identified delivering a wide range of payloads (adware, bundleware, PiTM, backdoors, proxy applications, etc.) every few months to a year, sometimes conveying different payloads depending on the system settings such as geolocation, device make and model, operating system version, or language settings, as reported by SentinelOne. In all observed samples, regardless of payload, they report an Adload server during execution on the victim’s system. This beacon (analyzed later in Figure 3 & 4) includes system information in the user agent and the body, without any relevant response aside from a 200 HTTP response code. This activity probably represents AdLoad\'s method of keeping count of the number of infected systems, supporting the pay-per-Install scheme. AT&T Alien Labs™ has observed similar activity in our threat analysis systems throughout the last year, with the AdLoad malware being installed in the infected systems. However, Alien Labs is now observing a previously unreported payload being delivered to the victims. The payload corresponds to a proxy application, converting its targets into proxy exit nodes after infection. As seen in Figure 1, the threat actors behind this campaign have been very active since the beginning of 2022. Figure 1. Histogram of AdLoad samples identified by Alien Labs. The vast numb]]> 2023-08-10T10:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/mac-systems-turned-into-proxy-exit-nodes-by-adload www.secnews.physaphae.fr/article.php?IdArticle=8368296 False Threat,Spam,Malware,Cloud APT 32 2.0000000000000000 CVE Liste - Common Vulnerability Exposure The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate extension bundles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.]]> 2023-07-12T08:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36760 www.secnews.physaphae.fr/article.php?IdArticle=8355103 False None APT 32 None CyberScoop - scoopnewsgroup.com special Cyber Un groupe qui a précédemment piraté Fort Worth, Texas, a revendiqué une cyberattaque qui a affecté Halliburton, Shell, Helix Energy et Oceaneering.

---

>A group that previously hacked Fort Worth, Texas, claimed a cyberattack that affected Halliburton, Shell, Helix Energy and Oceaneering. ]]> 2023-07-03T18:35:12+00:00 https://cyberscoop.com/siegedsec-hack-transition-bans-satellite-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8351882 False None APT 32 2.0000000000000000 The Register - Site journalistique Anglais Analyst says expense \'no small drop in ocean\' but reputational damage could be \'far greater\' Britain\'s leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million ($25.24 million).…]]> 2023-05-10T11:00:50+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/10/capita_breach_costs/ www.secnews.physaphae.fr/article.php?IdArticle=8335135 False None APT 32 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Article Sur le calmar colossal, qui est plus grand que le calmar géant. L'article répond à une question vexante: Alors pourquoi entendons-nous toujours parler du calmar géant et non du calmar colossal? Eh bien, une partie de celui-ci a à voir avec le fait que le calmar géant a été découvert et étudié bien avant le calmar colossal. Les scientifiques étudient le calmar géant depuis les années 1800, tandis que le calmar colossal n'a même pas découvert jusqu'en 1925. Et sa première découverte n'était que la tête et les bras trouvés dans l'estomac de spermatozoïde. . Ce n'était pas jusqu'en 1981 que le premier animal entier a été trouvé par un chalutier près de la côte de l'Antarctique ...

---

Interesting article on the colossal squid, which is larger than the giant squid. The article answers a vexing question: So why do we always hear about the giant squid and not the colossal squid? Well, part of it has to do with the fact that the giant squid was discovered and studied long before the colossal squid. Scientists have been studying giant squid since the 1800s, while the colossal squid wasn’t even discovered until 1925. And its first discovery was just the head and arms found in a sperm whale’s stomach. It wasn’t until 1981 that the first whole animal was found by a trawler near the coast of Antarctica...]]> 2023-04-14T21:14:26+00:00 https://www.schneier.com/blog/archives/2023/04/friday-squid-blogging-colossal-squid.html www.secnews.physaphae.fr/article.php?IdArticle=8327950 False None APT 32 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-04-06T14:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23891 www.secnews.physaphae.fr/article.php?IdArticle=8325504 False Vulnerability APT 32 None Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Les attaquants récapitulatifs qui abusaient auparavant DigitalOcean pour héberger une arnaque de support technologique ont élargi l'opération, abusant désormais de StackPath CDN pour distribuer l'arnaque, et sont susceptibles de commencer à abuser des services cloud supplémentaires pour fournir l'arnaque dans un avenir proche.Du 1er février au 16 mars, NetSkope Threat Labs a vu une augmentation de 10x [& # 8230;]

---

>Summary Attackers who were previously abusing DigitalOcean to host a tech support scam have expanded the operation, now abusing StackPath CDN to distribute the scam, and are likely to start abusing additional cloud services to deliver the scam in the near future. From February 1 to March 16, Netskope Threat Labs has seen a 10x increase […] ]]> 2023-04-06T13:59:23+00:00 https://www.netskope.com/blog/tech-support-scam-pivots-from-digitalocean-to-stackpath-cdn www.secnews.physaphae.fr/article.php?IdArticle=8325454 False Threat,Cloud APT 32 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-03-30T12:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24399 www.secnews.physaphae.fr/article.php?IdArticle=8323479 False Vulnerability APT 32 None CVE Liste - Common Vulnerability Exposure 2023-03-13T17:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0749 www.secnews.physaphae.fr/article.php?IdArticle=8318158 False None APT 32 None Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Summary Netskope Threat Labs is tracking a 17x increase in traffic to malicious web pages hosted on DigitalOcean in the last six months. This increase is attributed to new campaigns of a known tech support scam that mimics Windows Defender and tries to deceive users into believing that their computer is infected. The end goal […] ]]> 2023-03-09T21:46:24+00:00 https://www.netskope.com/blog/attackers-increasingly-abusing-digitalocean-to-host-scams-and-phishing www.secnews.physaphae.fr/article.php?IdArticle=8317048 False Threat APT 32 2.0000000000000000 Security Intelligence - Site de news Américain Attacks on service providers are mounting — and so are downstream victims. Earlier this year, some customers of the cloud service provider DigitalOcean received emails instructing them to reset their passwords. These users hadn’t actually forgotten their passwords — their email addresses had been compromised in a data breach. But the cybersecurity incident didn’t start […] ]]> 2023-02-13T14:00:00+00:00 https://securityintelligence.com/articles/avoid-being-victim-of-service-provider-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8309638 False None APT 32 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-12-04T23:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35730 www.secnews.physaphae.fr/article.php?IdArticle=8287663 False Vulnerability APT 32 None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-17T02:00:00+00:00 https://www.csoonline.com/article/3680154/android-security-which-smartphones-can-enterprises-trust.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8065047 False None APT 32 None CVE Liste - Common Vulnerability Exposure 2022-10-31T16:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3374 www.secnews.physaphae.fr/article.php?IdArticle=7756730 False Guideline APT 32 None Schneier on Security - Chercheur Cryptologue Américain claims that it is “engaging in responsible squid fishing”: Chen Xinjun, dean of the College of Marine Sciences at Shanghai Ocean University, made the remarks in response to recent accusations by foreign reporters and actor Leonardo DiCaprio that China is depleting its own fish stock and that Chinese boats have sailed to other waters to continue deep-sea fishing, particularly near Ecuador, affecting local fish stocks in the South American nation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered...]]> 2022-10-28T20:57:47+00:00 https://www.schneier.com/blog/archives/2022/10/friday-squid-blogging-chinese-squid-fishing.html www.secnews.physaphae.fr/article.php?IdArticle=7718993 False None APT 32 None Global Security Mag - Site de news francais Business]]> 2022-10-27T09:15:45+00:00 http://www.globalsecuritymag.fr/N-able-continue-d-innover-et-d,20221027,131609.html www.secnews.physaphae.fr/article.php?IdArticle=7700412 False None APT 32 None Dark Reading - Informationweek Branch 2022-08-25T18:55:21+00:00 https://www.darkreading.com/remote-workforce/twilio-hackers-okta-credentials-sprawling-supply-chain-attack www.secnews.physaphae.fr/article.php?IdArticle=6525763 False None APT 32 None CISCO Talos - Cisco Research blog By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H]]> 2022-08-18T08:00:00+00:00 http://blog.talosintelligence.com/2022/08/ukraine-and-fragility-of-agriculture.html www.secnews.physaphae.fr/article.php?IdArticle=6392803 False Threat,Ransomware,Guideline,Cloud APT 10,APT 32,APT 37,APT 21,NotPetya,Uber,Guam,APT 28 None Bleeping Computer - Magazine Américain 2022-08-16T12:46:53+00:00 https://www.bleepingcomputer.com/news/security/new-mailchimp-breach-exposed-digitalocean-customer-email-addresses/ www.secnews.physaphae.fr/article.php?IdArticle=6355486 False None APT 32 None The Register - Site journalistique Anglais 2022-08-16T05:31:12+00:00 https://go.theregister.com/feed/www.theregister.com/2022/08/16/digital_ocean_dumps_mailchimp/ www.secnews.physaphae.fr/article.php?IdArticle=6347882 False None APT 32 None CVE Liste - Common Vulnerability Exposure 2022-06-20T11:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25104 www.secnews.physaphae.fr/article.php?IdArticle=5298078 False Guideline APT 32 None Checkpoint - Fabricant Materiel Securite By Omer Shmuelly, Security Researcher, Cloud Security, published June 8, 2022 As more and more organizations are migrating their infrastructure to the cloud, a unified cloud security tool, such as Check Point's CloudGuard becomes essential. In an ocean of standards and regulations, managing your cloud security posture (CSPM) can be a challenging task. While some… ]]> 2022-06-08T11:00:49+00:00 https://blog.checkpoint.com/2022/06/08/privilege-escalation-in-azure-keep-your-enemies-close-and-your-permissions-closer/ www.secnews.physaphae.fr/article.php?IdArticle=5038869 False None APT 32 None CVE Liste - Common Vulnerability Exposure 2022-05-17T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30953 www.secnews.physaphae.fr/article.php?IdArticle=4670393 False Vulnerability APT 32 4.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-17T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30954 www.secnews.physaphae.fr/article.php?IdArticle=4670394 False None APT 32 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-05-17T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30952 www.secnews.physaphae.fr/article.php?IdArticle=4670392 False None APT 32 2.0000000000000000 SecurityWeek - Security News 2022-05-13T13:26:53+00:00 https://www.securityweek.com/devocean-emerges-stealth-cloud-native-security-operations-platform www.secnews.physaphae.fr/article.php?IdArticle=4590972 False None APT 32 None knowbe4 - cybersecurity services Scams follow fashion because money follows fashion. So it's no surprise that non-fungible tokens (NFTs), which have become a hot speculative property, have drawn scam artists for phishing campaigns. They're not so much interested in the NFTs themselves as they are in the speculators' cash. OceanSea, a leading NFT marketplace, has responded to panicky tweets from users to reassure them that it's on top of rumors of “an exploit” connected to the smart contracts traders use.]]> 2022-02-21T19:50:06+00:00 https://blog.knowbe4.com/phishing-campaign-targets-nft-speculators www.secnews.physaphae.fr/article.php?IdArticle=4162600 False Guideline APT 32 None Bleeping Computer - Magazine Américain 2022-01-12T10:20:43+00:00 https://www.bleepingcomputer.com/news/security/oceanlotus-hackers-turn-to-web-archive-files-to-deploy-backdoors/ www.secnews.physaphae.fr/article.php?IdArticle=3952396 False None APT 32 None InfoSecurity Mag - InfoSecurity Magazine 2022-01-06T18:27:00+00:00 https://www.infosecurity-magazine.com/news/investigation-launched-ripta-breach/ www.secnews.physaphae.fr/article.php?IdArticle=3933379 False Data Breach APT 32 None TechRepublic - Security News US 2022-01-04T15:37:00+00:00 https://www.techrepublic.com/article/ocean-battery-spider-go-drone-and-digital-radar-system-stand-out-in-high-tech-ces-2022-awards/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=3923367 False None APT 32 None Ars Technica - Risk Assessment Security Hacktivism 2021-12-14T18:19:08+00:00 https://arstechnica.com/?p=1820516 www.secnews.physaphae.fr/article.php?IdArticle=3795426 False None APT 32 5.0000000000000000 TroyHunt - Blog Security 2021-11-26T13:33:37+00:00 https://arstechnica.com/?p=1815646 www.secnews.physaphae.fr/article.php?IdArticle=3710924 True None APT 32 None CVE Liste - Common Vulnerability Exposure 2021-11-24T16:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41192 www.secnews.physaphae.fr/article.php?IdArticle=3703922 False None APT 32 None Wired Threat Level - Security News 2021-11-23T12:00:00+00:00 https://www.wired.com/story/humans-broken-fundamental-law-ocean www.secnews.physaphae.fr/article.php?IdArticle=3697800 False None APT 32 None Wired Threat Level - Security News 2021-10-26T11:00:00+00:00 https://www.wired.com/story/this-groundbreaking-simulator-generates-a-huge-indoor-ocean www.secnews.physaphae.fr/article.php?IdArticle=3565883 False None APT 32 None Anomali - Firm Blog Figure 1 - Overview of /cmd/ Contained on the server are approximately 50 scripts, most of which are already documented, located in the /cmd/ directory. The objective of the scripts vary and include the following: AWS Credential Stealer Diamorphine Rootkit IP Scanners Mountsploit Scripts to set up utils Scripts to setup miners Scripts to remove previous miners Figure 2 - Snippet of AWS Credential Stealer Script Some notable scripts, for example, is the script that steals AWS EC2 credentials, shown above in Figure 2. The AWS access key, secret key, and token are piped into a text file that is uploaded to the Command and Control (C2) server. Figure 3 - Chimaera_Kubernetes_root_PayLoad_2.sh Another interesting script is shown in Figure 3 above, which checks the architecture of the system, and retrieves the XMRig miner version for that architecture from another open TeamTNT server, 85.214.149[.]236. Binaries (/bin/) Figure 4 - Overview of /bin Within the /bin/ folder, shown in Figure 4 above, there is a collection of malicious binaries and utilities that TeamTNT use in their operations. Among the files are well-known samples that are attributed to TeamTNT, including the Tsunami backdoor and a XMRig cryptominer. Some of the tools have the source code located on the server, such as TeamTNT Bot. The folder /a.t.b contains the source code for the TeamTNT bot, shown in Figures 5 and 6 below. In addition, the same binaries have been found on a TeamTNT Docker, noted in Appendix A. ]]> 2021-10-06T19:06:00+00:00 https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server www.secnews.physaphae.fr/article.php?IdArticle=3479896 False Threat,Malware,Tool APT 32,Uber None Wired Threat Level - Security News 2021-10-06T12:00:00+00:00 https://www.wired.com/story/astronomers-get-ready-to-probe-europas-hidden-ocean-for-life www.secnews.physaphae.fr/article.php?IdArticle=3477254 False None APT 32 None TroyHunt - Blog Security 2021-07-17T14:25:03+00:00 https://arstechnica.com/?p=986461 www.secnews.physaphae.fr/article.php?IdArticle=3085228 False None APT 32 None Wired Threat Level - Security News 2021-07-13T10:00:00+00:00 https://www.wired.com/story/a-son-is-rescued-at-sea-but-what-happened-to-his-mother www.secnews.physaphae.fr/article.php?IdArticle=3056178 False None APT 32 None SANS Institute - SANS est un acteur de defense et formation here. ]]> 2021-07-10T21:56:51+00:00 https://isc.sans.edu/diary/rss/27622 www.secnews.physaphae.fr/article.php?IdArticle=3047698 False None APT 32 None CyberArk - Software Vendor 2021-06-25T13:00:04+00:00 https://www.cyberark.com/blog/cryptomining-cloud-attack-compromise-sensitive-console-access/ www.secnews.physaphae.fr/article.php?IdArticle=4593680 False None APT 32 None TroyHunt - Blog Security 2021-06-19T13:00:57+00:00 https://arstechnica.com/?p=1774420 www.secnews.physaphae.fr/article.php?IdArticle=2952689 False None APT 32 None Wired Threat Level - Security News 2021-06-16T18:00:00+00:00 https://www.wired.com/story/a-clever-robot-spies-on-creatures-in-the-oceans-twilight-zone www.secnews.physaphae.fr/article.php?IdArticle=2937551 False None APT 32 None TroyHunt - Blog Security 2021-06-16T10:15:07+00:00 https://arstechnica.com/?p=1773860 www.secnews.physaphae.fr/article.php?IdArticle=2934453 False None APT 32 None Wired Threat Level - Security News 2021-05-15T11:00:00+00:00 https://www.wired.com/story/subnautica-below-zero-impressions www.secnews.physaphae.fr/article.php?IdArticle=2791679 False None APT 32 None TechRepublic - Security News US 2021-05-14T12:49:59+00:00 https://www.techrepublic.com/article/ai-under-the-sea-autonomous-robot-to-collect-data-from-new-depths/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2786139 False None APT 32 None Wired Threat Level - Security News 2021-05-13T19:00:20+00:00 https://www.wired.com/story/subnautica-noaa-whoi-oceanexplorer-stream www.secnews.physaphae.fr/article.php?IdArticle=2781388 False None APT 32 None Wired Threat Level - Security News 2021-05-06T15:00:00+00:00 https://www.wired.com/story/sharks-use-the-earths-magnetic-field-like-a-compass www.secnews.physaphae.fr/article.php?IdArticle=2746490 False None APT 32 None TroyHunt - Blog Security 2021-05-02T09:43:33+00:00 https://arstechnica.com/?p=1761816 www.secnews.physaphae.fr/article.php?IdArticle=2729091 False None APT 32 None Graham Cluley - Blog Security 2021-04-30T07:30:29+00:00 https://hotforsecurity.bitdefender.com/blog/digitalocean-admits-data-breach-exposed-customers-billing-details-25754.html www.secnews.physaphae.fr/article.php?IdArticle=2720021 False Data Breach APT 32 None SecurityWeek - Security News 2021-04-29T14:35:46+00:00 http://feedproxy.google.com/~r/Securityweek/~3/ChohrSXNhAY/digitalocean-discloses-breach-involving-billing-information www.secnews.physaphae.fr/article.php?IdArticle=2714728 False Vulnerability APT 32 None Bleeping Computer - Magazine Américain 2021-04-28T16:09:13+00:00 https://www.bleepingcomputer.com/news/security/digitalocean-data-breach-exposes-customer-billing-information/ www.secnews.physaphae.fr/article.php?IdArticle=2710746 False Data Breach APT 32 None McAfee Labs - Editeur Logiciel If you're like me, you love a good heist film. Movies like The Italian Job, Inception, and Ocean's 11 are riveting, but outside of cinema these types of heists don't really happen anymore, right? Think again. In 2019, the Green Vault Museum in Dresden, Germany reported a jewel burglary worthy of its own film. On […] ]]> 2021-04-26T15:00:44+00:00 https://www.mcafee.com/blogs/enterprise/cloud-security/you-dont-have-to-give-up-your-crown-jewels-in-hopes-of-better-cloud-security/ www.secnews.physaphae.fr/article.php?IdArticle=2696702 False None APT 32 5.0000000000000000 Wired Threat Level - Security News 2021-04-14T12:00:00+00:00 https://www.wired.com/story/will-future-electric-vehicles-be-powered-by-deep-sea-metals www.secnews.physaphae.fr/article.php?IdArticle=2637561 False None APT 32 None TroyHunt - Blog Security 2021-03-30T23:09:47+00:00 https://arstechnica.com/?p=1753206 www.secnews.physaphae.fr/article.php?IdArticle=2564254 False None APT 32 None TroyHunt - Blog Security 2021-03-24T18:51:31+00:00 https://arstechnica.com/?p=1751997 www.secnews.physaphae.fr/article.php?IdArticle=2528131 False None APT 32 None Wired Threat Level - Security News 2021-03-20T12:00:00+00:00 https://www.wired.com/story/where-shoes-ordered-check-ocean-floor www.secnews.physaphae.fr/article.php?IdArticle=2509708 False None APT 32 None Wired Threat Level - Security News 2021-03-12T13:00:00+00:00 https://www.wired.com/story/ocean-acidification-could-make-tiny-fish-lose-their-hearing www.secnews.physaphae.fr/article.php?IdArticle=2474076 False None APT 32 None Errata Security - Errata Security Baltimore ransomware attack. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.But this New York Times article said otherwise, blaming the Baltimore attack on EternalBlue. And there are hundreds of other news articles [eg] that agree, citing the New York Times. There are no news articles that dispute this.In a recent book, the author of that article admits it's not true, that EternalBlue didn't cause the ransomware to spread. But they defend themselves as it being essentially true, that EternalBlue is responsible for a lot of bad things, even if technically, not in this case. Such errors are justified, on the grounds they are generalizations and simplifications needed for the mass audience.So we are left with the situation Orwell describes: all records tell the same tale -- when the lie passes into history, it becomes the truth.Orwell continues:He wondered, as he had many times wondered before, whether he himself was a lunatic. Perhaps a lunatic was simply a minority of one. At one time it had been a sign of madness to believe that the earth goes round the sun; today, to believe that the past is inalterable. He might be ALONE in holding that belief, and if alone, then a lunatic. But the thought of being a lunatic did not greatly trouble him: the horror was that he might also be wrong.I'm definitely a lunatic, alone in my beliefs. I sure hope I'm not wrong.

---

Update: Other lunatics document their struggles with Minitrue: When I was investigating the TJX breach, there were NYT articles citing unnamed sources that were made up & then outlets would publish citing the NYT. The TJX lawyers would require us to disprove the articles. Each time we would. It was maddening fighting lies for 8 months.— Nicholas J. Percoco (@c7five) March 1, 2021 ]]> 2021-02-28T20:05:19+00:00 https://blog.erratasec.com/2021/02/we-are-living-in-1984-eternalblue.html www.secnews.physaphae.fr/article.php?IdArticle=2414565 False Ransomware APT 32,NotPetya,Wannacry None SecurityWeek - Security News 2021-02-24T12:46:50+00:00 http://feedproxy.google.com/~r/Securityweek/~3/vz_bQiZcJU8/vietnamese-hackers-target-human-rights-defenders-amnesty www.secnews.physaphae.fr/article.php?IdArticle=2392196 False None APT 32 None Bleeping Computer - Magazine Américain 2021-02-23T20:00:00+00:00 https://www.bleepingcomputer.com/news/security/apt32-state-hackers-target-human-rights-defenders-with-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=2390678 False None APT 32 None CVE Liste - Common Vulnerability Exposure 2021-02-22T17:15:12+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27228 www.secnews.physaphae.fr/article.php?IdArticle=2384083 False None APT 32 None TroyHunt - Blog Security 2021-02-11T19:00:02+00:00 https://arstechnica.com/?p=1741444 www.secnews.physaphae.fr/article.php?IdArticle=2332140 False None APT 32 None Security Affairs - Blog Secu 2021-02-07T11:55:04+00:00 https://securityaffairs.co/wordpress/114298/breaking-news/security-affairs-newsletter-round-300.html?utm_source=rss&utm_medium=rss&utm_campaign=security-affairs-newsletter-round-300 www.secnews.physaphae.fr/article.php?IdArticle=2307357 False None APT 32 None TroyHunt - Blog Security 2021-02-05T17:50:02+00:00 https://arstechnica.com/?p=1739819 www.secnews.physaphae.fr/article.php?IdArticle=2300055 False None APT 32 None TechRepublic - Security News US 2021-02-04T15:01:01+00:00 https://www.techrepublic.com/article/overall-participation-in-open-source-was-down-in-2020/#ftag=RSS56d97e7 www.secnews.physaphae.fr/article.php?IdArticle=2294517 False None APT 32 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-02-01T03:15:16+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/j5O_XD1jTuY/new-cryptojacking-malware-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=2278378 False Threat,Malware APT 32 None Security Affairs - Blog Secu 2021-01-31T11:27:14+00:00 https://securityaffairs.co/wordpress/114005/malware/pro-ocean-miner.html?utm_source=rss&utm_medium=rss&utm_campaign=pro-ocean-miner www.secnews.physaphae.fr/article.php?IdArticle=2275053 False Malware APT 32 None Bleeping Computer - Magazine Américain 2021-01-29T14:06:49+00:00 https://www.bleepingcomputer.com/news/security/new-pro-ocean-malware-worms-through-apache-oracle-redis-servers/ www.secnews.physaphae.fr/article.php?IdArticle=2268844 False Malware APT 32 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-01-28T20:06:57+00:00 https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/ www.secnews.physaphae.fr/article.php?IdArticle=2262535 False Malware APT 32 None Wired Threat Level - Security News 2021-01-18T13:00:00+00:00 https://www.wired.com/story/the-autonomous-saildrone-surveyor-preps-for-its-sea-voyage www.secnews.physaphae.fr/article.php?IdArticle=2210662 False None APT 32 None Wired Threat Level - Security News 2021-01-12T16:00:00+00:00 https://www.wired.com/story/the-arctic-ocean-is-teeming-with-microfibers-from-clothes www.secnews.physaphae.fr/article.php?IdArticle=2176557 False None APT 32 None Wired Threat Level - Security News 2021-01-11T13:00:00+00:00 https://www.wired.com/story/the-plan-to-build-a-global-network-of-floating-power-stations www.secnews.physaphae.fr/article.php?IdArticle=2170067 False None APT 32 None Wired Threat Level - Security News 2020-12-21T17:04:00+00:00 https://www.wired.com/story/the-oldest-crewed-deep-sea-submarine-just-got-a-big-makeover www.secnews.physaphae.fr/article.php?IdArticle=2117450 False None APT 32 None Security Affairs - Blog Secu 2020-12-11T17:49:36+00:00 https://securityaffairs.co/wordpress/112204/apt/facebook-apt32-vietnamese-firm.html?utm_source=rss&utm_medium=rss&utm_campaign=facebook-apt32-vietnamese-firm www.secnews.physaphae.fr/article.php?IdArticle=2092846 False None APT 32 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-12-11T17:05:37+00:00 https://threatpost.com/facebook-accounts-apt32-cyberattacks/162186/ www.secnews.physaphae.fr/article.php?IdArticle=2092716 False Threat,Malware APT 32 None Bleeping Computer - Magazine Américain 2020-12-11T10:06:12+00:00 https://www.bleepingcomputer.com/news/security/facebook-unmasks-vietnam-s-apt32-hacking-group/ www.secnews.physaphae.fr/article.php?IdArticle=2092513 False None APT 32 None ZD Net - Magazine Info 2020-12-11T01:56:06+00:00 https://www.zdnet.com/article/facebook-doxes-apt32-links-vietnams-primary-hacking-group-to-local-it-firm/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=2090940 False None APT 32 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-12-10T23:42:22+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/WobQ7zMc8KA/facebook-tracks-apt32-oceanlotus.html www.secnews.physaphae.fr/article.php?IdArticle=2091583 False Threat,Hack APT 32 None Wired Threat Level - Security News 2020-12-08T12:00:00+00:00 https://www.wired.com/story/fleetwood-mac-dreams-friends-nostalgia www.secnews.physaphae.fr/article.php?IdArticle=2084747 False None APT 32 None Wired Threat Level - Security News 2020-12-02T19:00:00+00:00 https://www.wired.com/story/the-incredible-journey-of-the-electronic-plastic-bottle www.secnews.physaphae.fr/article.php?IdArticle=2072807 False None APT 32 None Graham Cluley - Blog Security 2020-12-02T16:26:10+00:00 https://grahamcluley.com/mac-users-warned-of-more-ocean-lotus-malware-targeted-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=2072670 False Malware APT 32 None Security Affairs - Blog Secu 2020-12-01T11:56:54+00:00 https://securityaffairs.co/wordpress/111716/apt/bismuth-crypto-miners.html?utm_source=rss&utm_medium=rss&utm_campaign=bismuth-crypto-miners www.secnews.physaphae.fr/article.php?IdArticle=2070054 False None APT 32 None IT Security Guru - Blog Sécurité 2020-12-01T11:11:20+00:00 https://www.itsecurityguru.org/2020/12/01/macos-users-targeted-with-updated-malware/?utm_source=rss&utm_medium=rss&utm_campaign=macos-users-targeted-with-updated-malware www.secnews.physaphae.fr/article.php?IdArticle=2070074 False Malware APT 32 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-11-30T17:52:50+00:00 https://threatpost.com/macos-users-targeted-oceanlotus-backdoor/161655/ www.secnews.physaphae.fr/article.php?IdArticle=2067832 False None APT 32 None Security Through Education - Security Through Education 2020-11-03T14:20:02+00:00 https://www.social-engineer.org/newsletter/the-danny-ocean-of-social-engineers/?utm_source=rss&utm_medium=rss&utm_campaign=the-danny-ocean-of-social-engineers www.secnews.physaphae.fr/article.php?IdArticle=2015549 False None APT 32 None Wired Threat Level - Security News 2020-10-29T15:00:00+00:00 https://www.wired.com/story/how-octopuses-use-their-suction-cups-to-taste-through-touch www.secnews.physaphae.fr/article.php?IdArticle=2002341 False None APT 32 None Wired Threat Level - Security News 2020-10-27T12:00:00+00:00 https://www.wired.com/story/these-oceanographers-want-to-turn-marine-slime-into-drugs www.secnews.physaphae.fr/article.php?IdArticle=1998944 False None APT 32 4.0000000000000000 Malwarebytes Labs - MalwarebytesLabs We discovered a new attack that injected its payload-dubbed "Kraken-into the Windows Error Reporting (WER) service as a defense evasion mechanism. Categories: Malware Malwarebytes news Threat analysis Tags: "your right to compensation"APTAPT attacksAPT32APTsCactusTorchcompensation manual.docDotNettoJscriptkrakenkraken.krakenWERWerFault.exeWindow Error ReportingWindows Error Reporting service (Read more...) ]]> 2020-10-06T15:00:00+00:00 https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/ www.secnews.physaphae.fr/article.php?IdArticle=1959760 False None APT 32 None Wired Threat Level - Security News 2020-09-02T12:00:00+00:00 https://www.wired.com/story/your-blue-jeans-are-polluting-the-ocean www.secnews.physaphae.fr/article.php?IdArticle=1894384 False None APT 32 None Wired Threat Level - Security News 2020-09-01T11:00:00+00:00 https://www.wired.com/story/can-a-bubble-net-stop-a-hurricane-some-norwegians-think-so www.secnews.physaphae.fr/article.php?IdArticle=1892241 False None APT 32 None Wired Threat Level - Security News 2020-08-18T17:46:29+00:00 https://www.wired.com/story/how-much-microplastic-is-swirling-in-the-atlantic www.secnews.physaphae.fr/article.php?IdArticle=1869137 False None APT 32 None