This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T15:45:16+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch The FalseFont backdoor allows operators to remotely access an infected system and launch additional files.]]> 2023-12-22T16:45:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/iran-peach-sandstorm-cyberattackers-global-defense www.secnews.physaphae.fr/article.php?IdArticle=8427467 False None APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "]]> 2023-12-22T11:04:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html www.secnews.physaphae.fr/article.php?IdArticle=8427216 False Threat,Industrial APT33,APT 33 3.0000000000000000 HackRead - Chercher Cyber waqas PEACH SANDSTORM, également reconnu comme l'Holmium, s'est récemment concentré sur les cibles de la base industrielle de la défense mondiale (DIB). Ceci est un article de HackRead.com Lire le post original: L'Iran & # 8217; s Peach Sandstorm Deploy Deploy Falsefont Backdoor dans le secteur de la défense

---

By Waqas Peach Sandstorm, also recognized as HOLMIUM, has recently focused on global Defense Industrial Base (DIB) targets. This is a post from HackRead.com Read the original post: Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector]]> 2023-12-21T20:46:58+00:00 https://www.hackread.com/iran-peach-sandstorm-falsefont-backdoor-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8426987 False Industrial APT 33 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [...]]]> 2023-12-21T15:28:06+00:00 https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8426986 False Malware APT33,APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate]]> 2023-09-15T09:44:00+00:00 https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html www.secnews.physaphae.fr/article.php?IdArticle=8383564 False Threat APT 33 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine APT33 activity resulted in data theft from small number of victims]]> 2023-09-15T09:00:00+00:00 https://www.infosecurity-magazine.com/news/iranian-threat-group-thousands/ www.secnews.physaphae.fr/article.php?IdArticle=8383622 False Threat APT33,APT33,APT 33,APT 33 2.0000000000000000 CVE Liste - Common Vulnerability Exposure _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.]]> 2023-06-19T01:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35840 www.secnews.physaphae.fr/article.php?IdArticle=8346829 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2023-03-14T14:15:13+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24180 www.secnews.physaphae.fr/article.php?IdArticle=8318500 False Vulnerability APT 33 None TrendLabs Security - Editeur Antivirus 2022-08-15T00:00:00+00:00 https://www.trendmicro.com/en_us/research/22/h/oil-gas-cybersecurity-recommendations-part-3.html www.secnews.physaphae.fr/article.php?IdArticle=6332877 False None APT33,APT33,APT 33 None Global Security Mag - Site de news francais Business]]> 2022-08-09T08:37:38+00:00 http://www.globalsecuritymag.fr/Nutanix-promeut-Andrew-Brinded-au,20220809,128717.html www.secnews.physaphae.fr/article.php?IdArticle=6208877 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2022-04-11T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27115 www.secnews.physaphae.fr/article.php?IdArticle=4430135 False Vulnerability APT 33 None CVE Liste - Common Vulnerability Exposure 2022-04-07T17:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43421 www.secnews.physaphae.fr/article.php?IdArticle=4413221 False Vulnerability APT 33 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2022-04-04T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0403 www.secnews.physaphae.fr/article.php?IdArticle=4395076 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2022-03-21T17:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26960 www.secnews.physaphae.fr/article.php?IdArticle=4319544 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2022-02-24T19:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44663 www.secnews.physaphae.fr/article.php?IdArticle=4179316 False Vulnerability APT 33 None CVE Liste - Common Vulnerability Exposure 2022-02-08T23:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45919 www.secnews.physaphae.fr/article.php?IdArticle=4097305 False None APT 33 None SANS Institute - SANS est un acteur de defense et formation 2022-02-02T14:00:05+00:00 https://isc.sans.edu/diary/rss/28300 www.secnews.physaphae.fr/article.php?IdArticle=4071175 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-10-07T11:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32172 www.secnews.physaphae.fr/article.php?IdArticle=3483153 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-09-01T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23427 www.secnews.physaphae.fr/article.php?IdArticle=3321323 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-09-01T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23428 www.secnews.physaphae.fr/article.php?IdArticle=3321324 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-08-04T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24825 www.secnews.physaphae.fr/article.php?IdArticle=3172701 False Vulnerability APT 33 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-08-04T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24821 www.secnews.physaphae.fr/article.php?IdArticle=3172697 False Vulnerability APT 33 4.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-08-04T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24823 www.secnews.physaphae.fr/article.php?IdArticle=3172699 False Vulnerability APT 33 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-08-04T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24824 www.secnews.physaphae.fr/article.php?IdArticle=3172700 False None APT 33 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-08-04T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24827 www.secnews.physaphae.fr/article.php?IdArticle=3172703 False Vulnerability APT 33 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-08-04T15:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24826 www.secnews.physaphae.fr/article.php?IdArticle=3172702 False Vulnerability APT 33 5.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-07-28T16:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23415 www.secnews.physaphae.fr/article.php?IdArticle=3145554 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-07-14T17:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23407 www.secnews.physaphae.fr/article.php?IdArticle=3065861 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-06-14T17:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32682 www.secnews.physaphae.fr/article.php?IdArticle=2924787 False None APT 33 3.0000000000000000 CVE Liste - Common Vulnerability Exposure 2021-06-13T11:15:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23394 www.secnews.physaphae.fr/article.php?IdArticle=2919629 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-05-17T11:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29053 www.secnews.physaphae.fr/article.php?IdArticle=2799393 False None APT 33 None CVE Liste - Common Vulnerability Exposure 2021-02-26T23:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36079 www.secnews.physaphae.fr/article.php?IdArticle=2406959 False Guideline APT 33 None Wired Threat Level - Security News 2020-01-09T18:59:03+00:00 https://www.wired.com/story/iran-apt33-us-electric-grid www.secnews.physaphae.fr/article.php?IdArticle=1500108 False None APT 33 None Wired Threat Level - Security News 2019-11-20T12:00:00+00:00 https://www.wired.com/story/iran-apt33-industrial-control-systems www.secnews.physaphae.fr/article.php?IdArticle=1477568 False None APT33,APT 33 None Security Affairs - Blog Secu 2019-11-14T11:49:25+00:00 https://securityaffairs.co/wordpress/93845/apt/apt33-vpn-networks.html www.secnews.physaphae.fr/article.php?IdArticle=1466787 False Malware APT33,APT 33 None TrendLabs Security - Editeur Antivirus The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia. ]]> 2019-11-14T07:01:25+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/8dTHXacVfEg/ www.secnews.physaphae.fr/article.php?IdArticle=1466726 False Malware,Threat APT33,APT 33 None ZD Net - Magazine Info 2019-11-14T07:00:08+00:00 https://www.zdnet.com/article/iranian-hacking-group-built-its-own-vpn-network/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1466398 False None APT33,APT 33 None Security Affairs - Blog Secu 2019-07-09T08:42:00+00:00 https://securityaffairs.co/wordpress/88130/malware/malware-shared-uscybercom-dated-2016.html www.secnews.physaphae.fr/article.php?IdArticle=1194914 True Malware APT33,APT 33 None Global Security Mag - Site de news francais Vulnérabilités ]]> 2019-07-04T12:48:03+00:00 http://www.globalsecuritymag.fr/Mise-en-garde-contre-la,20190704,88797.html www.secnews.physaphae.fr/article.php?IdArticle=1186589 True Malware APT33,APT 33 None Bleeping Computer - Magazine Américain 2019-07-03T15:31:02+00:00 https://www.bleepingcomputer.com/news/security/outlook-flaw-exploited-by-iranian-apt33-us-cybercom-issues-alert/ www.secnews.physaphae.fr/article.php?IdArticle=1185589 False Malware,Vulnerability APT33,APT 33 None Security Affairs - Blog Secu 2019-07-01T06:49:03+00:00 https://securityaffairs.co/wordpress/87784/apt/apt33-updates-infrastructure.html www.secnews.physaphae.fr/article.php?IdArticle=1181009 False None APT33,APT 33 None SecurityWeek - Security News March 2019 report detailing its activities, according to researchers from Recorded Future. ]]> 2019-06-27T14:56:04+00:00 https://www.securityweek.com/iranian-cyberspies-update-infrastructure-following-recent-report www.secnews.physaphae.fr/article.php?IdArticle=1179012 False None APT33,APT 33 None UnderNews - Site de news "pirate" francais FireEye a identifié des activités de 'spearphishing' (harponnage) conduites par le groupe de menaces iranien  APT33.]]> 2019-06-25T11:03:01+00:00 https://www.undernews.fr/hacking-hacktivisme/fireeye-a-identifie-des-activites-de-spearphishing-harponnage-conduites-par-le-groupe-de-menaces-iranien-apt33.html www.secnews.physaphae.fr/article.php?IdArticle=1172669 False None APT33,APT 33 None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-03-28T09:11:00+00:00 https://www.csoonline.com/article/3385126/apt-group-elfin-switches-from-data-destruction-to-data-stealing-via-winrar-vulnerability.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1085514 False Data Breach,Vulnerability APT33,APT 33 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-03-28T01:18:01+00:00 https://thehackernews.com/2019/03/apt33-cyber-espionage-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=1084728 False None APT33,APT 33 None SecurityWeek - Security News 2019-03-27T14:00:02+00:00 https://www.securityweek.com/iran-linked-cyberspy-group-apt33-continues-attacks-saudi-arabia-us www.secnews.physaphae.fr/article.php?IdArticle=1084552 False None APT33,APT 33 None Mandiant - Blog Sécu de Mandiant opérations d'influence , perturbateurs

---

UPDATE (Jan. 30): Figure 1 has been updated to more accurately reflect APT39 targeting. Specifically, Australia, Norway and South Korea have been removed. In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. We have tracked activity linked to this group since November 2014 in order to protect organizations from APT39 activity to date. APT39\'s focus on the widespread theft of personal information sets it apart from other Iranian groups FireEye tracks, which have been linked to influence operations, disruptive]]> 2019-01-29T11:00:00+00:00 https://www.mandiant.com/resources/blog/apt39-iranian-cyber-espionage-group-focused-on-personal-information www.secnews.physaphae.fr/article.php?IdArticle=8377713 False None APT 39,APT 39,APT33,APT 33 4.0000000000000000 Mandiant - Blog Sécu de Mandiant Juin 2019 Campagne d'intrusion Les secteurs financiers, de vente au détail, des médias et de l'éducation & # 8211;ainsi que U.S.Cyber Command \'s Juillet 2019 CVE-2017-11774 Indicateurs , que Fireeye attribue également à APT33.Le processus rigoureux de FireEye \\ pour le regroupement et l'attribution de ce

---

UPDATE (Jul. 3, 2019): On May 16, 2019 FireEye\'s Advanced Practices team attributed the remaining "suspected APT33 activity" (referred to as GroupB in this blog post) to APT33, operating at the behest of the Iranian government. The malware and tradecraft in this blog post are consistent with the June 2019 intrusion campaign targeting U.S. federal government agencies and financial, retail, media, and education sectors – as well as U.S. Cyber Command\'s July 2019 CVE-2017-11774 indicators, which FireEye also attributes to APT33. FireEye\'s rigorous process for clustering and attributing this]]> 2018-12-21T19:00:00+00:00 https://www.mandiant.com/resources/blog/overruled-containing-a-potentially-destructive-adversary www.secnews.physaphae.fr/article.php?IdArticle=8377719 False Malware APT33,APT 33,APT 33 4.0000000000000000 ZD Net - Magazine Info 2018-12-20T05:16:00+00:00 https://www.zdnet.com/article/shamoons-data-wiping-malware-believed-to-be-the-work-of-iranian-hackers/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=955897 False Malware APT33,APT 33 None Wired Threat Level - Security News 2018-11-02T13:00:00+00:00 https://www.wired.com/story/photo-gallery-scrap-yards-copper www.secnews.physaphae.fr/article.php?IdArticle=876169 False None APT 33 None Security Affairs - Blog Secu 2018-04-12T18:19:00+00:00 https://securityaffairs.co/wordpress/71309/apt/apt33-early-bird.html www.secnews.physaphae.fr/article.php?IdArticle=582088 False None APT33,APT 33 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2018-04-12T14:50:02+00:00 https://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-evade-detection/131147/ www.secnews.physaphae.fr/article.php?IdArticle=581665 False None APT33,APT 33 None SecurityWeek - Security News Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant. The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016. On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016. Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days). Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation. In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor. Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region. When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups. Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten). ]]> 2018-04-04T14:00:03+00:00 https://www.securityweek.com/breaches-increasingly-discovered-internally-mandiant www.secnews.physaphae.fr/article.php?IdArticle=565681 False Conference APT 35,APT 32,APT33,APT 33,APT 34 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Part 1 focused on the exploits tracked by OTX. This blog will talk about the malware, and Part 3 will discuss trends we’re seeing in threat actors. Which malware should I be most concerned about? Most security incidents that a security team will respond to involve malware. We took a look at three sources of malware telemetry to help prioritise popular malware families: Malware families AlienVault customers detect the most; Which malware domains are observed the most frequently by Cisco’s Umbrella DNS; and Malware families with the highest number of individual samples Which malware families do our customers detect the most? The following table describes the malware that we detected most frequently on our customers networks: This table represents malware detected by AlienVault as it communicates across a network, in 2017. This data is biased towards families that we have named network detections for. That means this table is a good representation of malware that is actively running on networks, though it’s important to also review other statistics on malware that has been blocked from running. The #1 ranked malware, njRat, is particularly popular in the Middle East. It’s a fairly simple .NET backdoor and Youtube is full of videos of how amateur users can deploy it. We often see it packed with a seemingly endless supply of custom packers to evade anti-virus. Whilst the vast bulk of njRat users are low-level criminals, it is also frequently used in targeted political attacks in the Middle East. A Youtube guide for using njRat The #2 ranked malware, NetWire, is primarily used by low-end criminals to steal banking details. Again, it is a freely available tool and has also been abused by targeted attackers too. The top malware we saw for Linux was China ELF DDoS. We saw little malware for Mac, though the adware MacKeeper was popular. Which malware domains are observed the most frequently? We matched known malicious domains from AlienVault OTX against Umbrella DNS’s record of the most visited domains by their customers. From that we produced this table of the “most popular malicious domains”: The column ]]> 2018-01-23T14:00:00+00:00 http://feeds.feedblitz.com/~/519532080/0/alienvault-blogs~OTX-Trends-Part-Malware www.secnews.physaphae.fr/article.php?IdArticle=459640 False None APT33,Wannacry,APT 33 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Child safety smartwatches ‘easy’ to hack, watchdog says | BBC Third of business directors have never heard of GDPR With GDPR around the corner, and the feeling that you cannot escape the acronym wherever you go; it is quite concerning to learn that a third of business directors haven’t heard of it. While one can understand if the general public is not aware of the upcoming regulation; it is incumbent upon company directors to be aware of increased responsibilities due to GDPR. GDPR is not just another technical or security requirement, but is based in fundamental privacy rights of citizens and with potentially harsh fines. Despite many months to prepare, it would appear as if GDPR may still catch many companies by surprise. Third of IoD Members Have Never Heard of GDPR | Infosecurity Magazine Ghosts of vulnerabilities past It looks like Microsoft’s bug tracking database was infiltrated back in 2013. The company kept the news quiet and moved on. It’s pretty worrying what someone with all that information could have / would have done. How many exploits were made possible because some bad guy somewhere found some vulnerabilities they could exploit? A good reminder that companies should take a hard look at their assets and their value. Not just value in terms of direct business, but the potential impact on customers. Microsoft responded quietly after detecting secret database hack in 2013 | Reuters Microsoft never disclosed 2013 hack of secret vulnerability database | ars technica Microsoft’s bug tracker was hacked in 2013 but it didn’t tell anyone about it | Silicon Angle Unmasking the ransomware kingpins This is a great read by Elie Bursztein on exposing the cybercriminal groups that dominate the ransomware underworld. It’s the third party in a trilogy of blogs – I probably can’t do it justice so it’s best you go check it out: Unmasking the ransomware kingpins A Stick Figure Guide to the Advanced Encryption Standard (AES) This is an old post – like really old from 2009. But I only came across it recently and found it to be real]]> 2017-10-20T13:00:00+00:00 http://feeds.feedblitz.com/~/474958195/0/alienvault-blogs~Things-I-Hearted-this-Week-th-October www.secnews.physaphae.fr/article.php?IdArticle=421708 False None APT33,APT 33 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, the stories are mounting. Iran has also been in the cyber espionage news, with major suspected attacks ranging from the Las Vegas Sands attack in 2014 to the DDOS attack on numerous US banks in 2016. Beyond these high-profile attacks, there are also countless examples of low-profile attacks. While these attacks don’t make the major headlines, they may actually be more relevant to your organization. In this blog, we zero in on this lesser-publicized activity, focusing on a recently discovered Iranian hacker group, dubbed APT33, the tools they have developed, and how AlienVault can help you detect this activity in your environment. What is state-sponsored cyber espionage and what are the typical goals? First, a quick primer on state-sponsored cyber espionage. State-sponsored cyber espionage is the act of obtaining secrets and information from individuals, competitors, rivals, groups, governments, and enemies, without the permission and knowledge of the holder of the information, usually for economic, political, or military advantage. The goals of these state-sponsored groups or individuals range from basic theft or sabotage to collecting military and diplomatic information to enabling domestic organizations to compete on a global economic level. Why should you care? Should you be concerned about state-sponsored cyber hacks? In a word, yes. And, it’s really the low-profile attacks from state-sponsored hackers that should be most concerning. This is because the tools and methods that these hackers develop and utilize can be leveraged by other nefarious hackers against your organization. You need to be alerted to and protected against these tools. Who is APT33? This leads us to Iranian group Advanced Persistent Threat 33 (APT33), a group recently chronicled by security firm FireEye. FireEye assessed that APT33 works at the behest of the Iranian government, and they attribute to APT33 many breaches of Saudi Arabian, South Korean, and US organizations ranging from the aviation sector to the energy sector. The primary goals of APT33 appear to be to enhance Iran’s domestic aviation capabilities or to support Iran’s military decision making against Saudi Arabia. Notably, FireEye has found signs of APT33 activity in some of its own clients' networks, but suspects the APT33 intrusions have been on a wider scale. APT33 has unveiled new tools, including a new backdoor. APT33 has developed numerous tools, including a new backdoor called TURNEDUP. TURNEDUP is capable of uploading and downloading files, creating a reverse shell, taking screenshots, and gathering system information. FireEye found that APT33 has also leveraged Dropshot, a drop]]> 2017-10-17T13:00:00+00:00 http://feeds.feedblitz.com/~/472705174/0/alienvault-blogs~Newly-Discovered-Iranian-APT-Group-Brings-Statesponsored-Cyber-Espionage-into-Focus www.secnews.physaphae.fr/article.php?IdArticle=419823 False Guideline APT33,APT 33 None Zataz - Magazine Francais de secu 2017-09-24T17:34:21+00:00 https://www.zataz.com/hackers-iran-apt33/ www.secnews.physaphae.fr/article.php?IdArticle=411419 False None APT33,APT 33 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Meet APT33: A Gnarly Iranian Hacker Crew Threatening Destruction |Forbes Threat data, IOCs and information on APT33, aka greenbug | OTX Data breaches and Class action lawsuits Should individuals whose data has been breached have the right to sue companies? It’s a tricky question, and one that the courts are seemingly having trouble on deciding on. Recently, a judge dismissed two consolidated class actions by more than 21m federal employees who had information breached by the Office of Personnel Management (OPM). The Judge concluded that the federal employees could not establish their threshold right to sue in federal court because they had not shown they faced imminent risk of identity theft, even though nearly two dozen of those named in the class actions claimed their confidential information has already been misused. Hopefully things will change going forward. The problem with identity theft is that it’s not time-dependant. An attacker could hoard details for a long period before committing a crime. And even when an identity is stolen, it is difficult to tie back to where the breach occurred. OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal | Dark Reading OPM Says Gov't Workers' Data Breach Suit Fails | Law360 In the long run, class actions may not be the best way to redress data breaches | Reuters Somewhat related, My three years in identity theft hell | Bloomberg The Ghost of Windows XP As the lyrics go, “They stab it with their steely knives, but they just can’t kill the beast.” In this case, the beast seems to be Win XP, which, despite being woefully outdated, continues to make its presence felt. The latest announcement being that a fifth of the Manchester police department are running Win XP. Manchester police still relies on Windows XP | BBC Manchester Police are using Windows XP on one in five computers | V3 When insurance goes too far Melina Efthimiadis along with her husband wanted to add personal umbrella liability insurance to their Nationwide homeowner's policy. She says they have been low risk clients so she didn't think it would be a problem. In the application process for Nationwide, Melina says they had to write down the number of dogs they owned and their breeds, wh]]> 2017-09-22T13:00:00+00:00 http://feeds.feedblitz.com/~/460675978/0/alienvault-blogs~Things-I-hearted-this-week-September www.secnews.physaphae.fr/article.php?IdArticle=411332 False Guideline APT33,CCleaner,APT 33 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2017-09-21T17:54:36+00:00 https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/ www.secnews.physaphae.fr/article.php?IdArticle=410952 False None APT33,APT 33 None IT Security Guru - Blog Sécurité 2017-09-21T09:31:03+00:00 http://www.itsecurityguru.org/2017/09/21/iranian-hacking-group-apt33-creators-destructive-malware/ www.secnews.physaphae.fr/article.php?IdArticle=410577 False None APT33,APT 33 5.0000000000000000 UnderNews - Site de news "pirate" francais FireEye, le spécialiste de la sécurité des réseaux basée sur l'intelligence, annonce les détails d'un groupe de "hackers" iranien aux capacités potentiellement destructrices, qu'il a baptisé APT33. Ce groupe a déjà ciblé les secteurs de l'énergie et de l'aéronautique.]]> 2017-09-21T06:57:39+00:00 http://feedproxy.google.com/~r/undernews/oCmA/~3/V0q9F-Fw9nY/fireeye-revele-les-activites-du-groupe-iranien-apt33.html www.secnews.physaphae.fr/article.php?IdArticle=410560 False None APT33,APT 33 None Security Affairs - Blog Secu 2017-09-21T06:25:15+00:00 http://securityaffairs.co/wordpress/63230/apt/apt33-iranian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=410486 True None APT33,APT 33 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2017-09-20T11:53:19+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/vxp4o5wtdtM/apt33-iranian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=410278 False None APT33,APT 33 None Mandiant - Blog Sécu de Mandiant Groupe iranien présumé qui utilisait auparavant Shamoon & # 8211;AKA distrtrack & # 8211;pour cibler les organisations dans le golfe Persique.Cependant, au cours des dernières années, nous avons suivi un groupe iranien suspect séparé et moins largement connu avec des capacités destructrices potentielles, que nous appelons APT33.Notre analyse révèle que l'APT33 est un groupe capable qui a effectué des opérations de cyber-espionnage depuis au moins 2013. Nous évaluons les œuvres APT33 à la demande du gouvernement iranien. récent

---

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with potential destructive capabilities, whom we call APT33. Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government. Recent]]> 2017-09-20T09:00:00+00:00 https://www.mandiant.com/resources/blog/apt33-insights-into-iranian-cyber-espionage www.secnews.physaphae.fr/article.php?IdArticle=8377764 False Malware APT33,APT 33,APT 33 4.0000000000000000