This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-23T02:45:11+00:00 www.secnews.physaphae.fr Mandiant - Blog Sécu de Mandiant   APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists. Mandiant assesses APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). APT42 was observed posing as journalists and event organizers to build trust with their victims through ongoing correspondence, and to deliver invitations to conferences or legitimate documents. These social engineering schemes enabled APT42 to harvest credentials and use them to gain initial access to cloud environments. Subsequently, the threat actor covertly exfiltrated data of strategic interest to Iran, while relying on built-in features and open-source tools to avoid detection. In addition to cloud operations, we also outline recent malware-based APT42 operations using two custom backdoors: NICECURL and TAMECAT. These backdoors are delivered via spear phishing, providing the attackers with initial access that might be used as a command execution interface or as a jumping point to deploy additional malware. APT42 targeting and missions are consistent with its assessed affiliation with the IRGC-IO, which is a part of the Iranian intelligence apparatus that is responsible for monitoring and preventing foreign threats to the Islamic Republic and domestic unrest. APT42 activities overlap with the publicly reported actors CALANQUE (Google Threat Analysis Group), Charming Kitten (ClearSky and CERTFA), Mint Sandstorm/Phosphorus (Microsoft), TA453 (Proofpoint), Yellow Garuda (PwC), and ITG18 (]]> 2024-05-01T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8500390 False Threat,Malware,Cloud,Tool APT 35,APT 42,Yahoo 2.0000000000000000 AhnLab - Korean Security Firm Pupy est une souche malveillante de rat qui offre un soutien à la plate-forme croisée.Parce qu'il s'agit d'un programme open-source publié sur GitHub, il est continuellement utilisé par divers acteurs de menace, y compris des groupes APT.Par exemple, il est connu pour avoir été utilisé par APT35 (qui aurait des liens avec l'Iran) [1] et a également été utilisé dans l'opération Earth Berberoka [2] qui ciblait les sites de jeux en ligne.Récemment, une souche de logiciels malveillante nommée Disy Dog a été découverte, qui est une version mise à jour de Pupy Rat ....

---

Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT groups. For example, it is known to have been used by APT35 (said to have ties to Iran) [1] and was also used in Operation Earth Berberoka [2] which targeted online gambling websites. Recently, a malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT.... ]]> 2024-04-18T07:46:32+00:00 https://asec.ahnlab.com/en/64258/ www.secnews.physaphae.fr/article.php?IdArticle=8484600 False Threat,Malware APT 35 2.0000000000000000 Dark Reading - Informationweek Branch The latest ploy by the APT also known as Charming Cypress targets policy experts in the Middle East, Europe, and the US.]]> 2024-02-22T14:09:46+00:00 https://www.darkreading.com/vulnerabilities-threats/iran-backed-charming-kitten-stages-fake-webinar-platform-to-ensnare-targets www.secnews.physaphae.fr/article.php?IdArticle=8453731 False None APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a]]> 2024-02-19T10:09:00+00:00 https://thehackernews.com/2024/02/iranian-hackers-target-middle-east.html www.secnews.physaphae.fr/article.php?IdArticle=8452155 False Threat APT 35 2.0000000000000000 Volexity - Cyber Firms Grâce à ses offres de services de sécurité gérées, la volexité identifie régulièrement des campagnes de phisseur de lance ciblant ses clients.Un acteur de menace persistant, dont la volexité des campagnes observe fréquemment, est l'acteur de menace d'origine iranienne CharmingCypress (alias Charming Kitten, Apt42, TA453).La volexité évalue que CharmingCypress est chargé de collecter des renseignements politiques contre les cibles étrangères, en particulier en se concentrant sur les groupes de réflexion, les ONG et les journalistes.Dans leurs campagnes de phishing, CharmingCypress utilise souvent des tactiques inhabituelles d'ingénierie sociale, comme engager des cibles dans des conversations prolongées par e-mail avant d'envoyer des liens vers un contenu malveillant.Dans une campagne de lance de lance particulièrement notable observée par volexité, CharmingCypress est allé jusqu'à créer une plate-forme de webinaire entièrement fausse à utiliser dans le cadre de l'attrait.CharmingCypress contrôlé un accès à cette plate-forme, nécessitant des cibles pour installer des applications VPN chargées de logiciels malveillants avant d'accorder l'accès.Remarque: Un contenu dans ce blog a récemment été discuté dans le rapport de Microsoft \\, de nouveaux TTP observés dans la campagne de Sandstorm de Mint ciblant des individus de haut niveau dans les universités et [& # 8230;]

---

>Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observes, is the Iranian-origin threat actor CharmingCypress (aka Charming Kitten, APT42, TA453). Volexity assesses that CharmingCypress is tasked with collecting political intelligence against foreign targets, particularly focusing on think tanks, NGOs, and journalists. In their phishing campaigns, CharmingCypress often employs unusual social-engineering tactics, such as engaging targets in prolonged conversations over email before sending links to malicious content. In a particularly notable spear-phishing campaign observed by Volexity, CharmingCypress went so far as to craft an entirely fake webinar platform to use as part of the lure. CharmingCypress controlled access to this platform, requiring targets to install malware-laden VPN applications prior to granting access. Note: Some content in this blog was recently discussed in Microsoft\'s report, New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and […] ]]> 2024-02-13T14:47:15+00:00 https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/ www.secnews.physaphae.fr/article.php?IdArticle=8449587 False Threat APT 35,APT 42 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le phosphore a appelé les organisations avec des systèmes cyber-physiques (CPS) pour résoudre les problèmes de mauvaise configuration clés qui les rendent vulnérables ...

---

>Phosphorus has called upon organizations with cyber-physical systems (CPS) to address key misconfiguration issues that leave them vulnerable... ]]> 2023-12-13T10:21:31+00:00 https://industrialcyber.co/news/phosphorus-cps-protection-platform-is-said-to-match-cisa-mitigation-guidance-for-top-misconfiguration-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8422006 False None APT 35 3.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage iranien a ciblé les organisations dans les secteurs du transport, de la logistique et de la technologie d'Israël le mois dernier au milieu d'une augmentation de la cyber-activité iranienne depuis le début de la guerre d'Israël avec le Hamas.Des chercheurs de la société de cybersécurité Crowdstrike \'s Counter Adversary Operations ont attribué l'activité à Charming Kitten, un Group iranien avancé de menace persistante (APT) , dans un [rapport

---

An Iranian hacking group targeted organizations in Israel\'s transportation, logistics and technology sectors last month amid an uptick in Iranian cyber activity since the start of Israel\'s war with Hamas. Researchers at the cybersecurity company CrowdStrike\'s Counter Adversary Operations attributed the activity to Charming Kitten, an Iranian advanced persistent threat (APT) group, in a [report]]> 2023-11-09T18:00:00+00:00 https://therecord.media/charming-kitten-targeted-israel-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8408636 False Threat APT 35 2.0000000000000000 Recorded Future - FLux Recorded Future Des pirates présumés de l'État national iranien ont attaqué des organisations au Brésil, en Israël et aux Émirats arabes unis à l'aide de logiciels de porte dérobée non identifiés auparavant, ont découvert des chercheurs.Le groupe de pirates a étiqueté bobcat balistique, également connu sous le nom de Charming Kitten, a déployé la porte dérobée entre mars 2021 et juin 2022 contre au moins 34 victimes, principalement en Israël, selon la société de cybersécurité ESET.

---

Suspected Iranian nation-state hackers attacked organizations in Brazil, Israel and the United Arab Emirates using previously unidentified backdoor malware, researchers have discovered. The hacker group labeled Ballistic Bobcat, also known as Charming Kitten, deployed the backdoor between March 2021 and June 2022 against at least 34 victims, mostly in Israel, according to cybersecurity company ESET.]]> 2023-09-12T19:53:00+00:00 https://therecord.media/sponsor-backdoor-charming-kitten-brazil-israel-uae www.secnews.physaphae.fr/article.php?IdArticle=8382001 False Tool APT 35 3.0000000000000000 Dark Reading - Informationweek Branch Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.]]> 2023-09-11T20:30:00+00:00 https://www.darkreading.com/dr-global/irans-charming-kitten-israeli-exchange-servers www.secnews.physaphae.fr/article.php?IdArticle=8381491 False None APT 35,APT 35 2.0000000000000000 Bleeping Computer - Magazine Américain A nation-state threat actor known as \'Charming Kitten\' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named \'Sponsor\' against 34 companies around the globe. [...]]]> 2023-09-11T12:19:26+00:00 https://www.bleepingcomputer.com/news/security/iranian-hackers-backdoor-34-orgs-with-new-sponsor-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8381418 False Threat,Malware APT 35 2.0000000000000000 AhnLab - Korean Security Firm juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

---

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 35,APT 35,APT 29,APT 29,APT 37,APT 37,APT 31,APT 28,APT 28 2.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 35,APT 35,APT 25,APT 32,APT 32,APT 37,APT 37,APT 15,APT 15,APT 28,APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Germany\'s Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory. The]]> 2023-08-14T16:30:00+00:00 https://thehackernews.com/2023/08/charming-kitten-targets-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=8369892 False None APT 35,APT 35 3.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Soyez le premier à recevoir la note de menaces de cloud directement dans votre boîte de réception en vous abonnant ici.Charming Kitten (également connu sous le nom d'APT35, TA453, Mint Sandstorm, Yellow Garuda) est un acteur de menace prolifique parrainé par l'État iranien bien connu, en particulier actif par le biais de campagnes complexes d'ingénierie sociale, contre le gouvernement européen, américain et du Moyen-Orient et le personnel militaire,Les universitaires, les journalistes et les organisations [& # 8230;]

---

>Be the first to receive the Cloud Threats Memo directly in your inbox by subscribing here. Charming Kitten (also known as APT35, TA453, Mint Sandstorm, Yellow Garuda) is a well-known prolific Iranian state-sponsored threat actor, particularly active through complex social engineering campaigns, against European, U.S., and Middle Eastern government and military personnel, academics, journalists, and organizations […] ]]> 2023-07-17T14:19:59+00:00 https://www.netskope.com/blog/cloud-threats-memo-another-state-sponsored-actor-exploiting-dropbox www.secnews.physaphae.fr/article.php?IdArticle=8357762 False Threat,Cloud APT 35,APT 35 2.0000000000000000 Dark Reading - Informationweek Branch Iran-linked APT35 group crafted specific Mac malware when targeting a member of the media with new tools to add backdoors.]]> 2023-07-10T17:58:00+00:00 https://www.darkreading.com/dr-global/apt35-mac-bespoke-malware www.secnews.physaphae.fr/article.php?IdArticle=8354062 False Malware APT 35,APT 35 4.0000000000000000 ProofPoint - Firm Security 2023-07-10T11:27:38+00:00 https://www.proofpoint.com/us/newsroom/news/apt35-develops-mac-bespoke-malware www.secnews.physaphae.fr/article.php?IdArticle=8356799 False Malware APT 35,APT 35 2.0000000000000000 ProofPoint - Firm Security 2023-07-09T11:34:17+00:00 https://www.proofpoint.com/us/newsroom/news/charming-kitten-hackers-use-new-noknok-malware-macos www.secnews.physaphae.fr/article.php?IdArticle=8356800 False Malware APT 35,APT 35 2.0000000000000000 Bleeping Computer - Magazine Américain Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. [...]]]> 2023-07-09T10:13:16+00:00 https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-use-new-noknok-malware-for-macos/ www.secnews.physaphae.fr/article.php?IdArticle=8353811 False Malware APT 35,APT 35 2.0000000000000000 SecurityWeek - Security News En mai 2023, le groupe de cyberespionnage lié à l'Iran Charming Kitten a ciblé un groupe de réflexion basé aux États-Unis avec un nouveau malware macOS.

---

>In May 2023, Iran-linked cyberespionage group Charming Kitten targeted a US-based think tank with new macOS malware. ]]> 2023-07-07T13:42:29+00:00 https://www.securityweek.com/iranian-cyberspies-target-us-based-think-tank-with-new-macos-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8353399 False Malware APT 35,APT 35 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates soutenant le gouvernement de l'Iran ciblent des experts des affaires du Moyen-Orient et de la sécurité nucléaire dans une nouvelle campagne qui, selon les chercheurs, impliquait des logiciels malveillants pour les produits Apple et Microsoft.Les experts en cybersécurité de Proofpoint ont attribué la campagne à un groupe qu'ils appellent TA453 mais est également connu sous le nom de Charming Kitten, Mint Sandstorm ou APT42,

---

Hackers supporting the government of Iran are targeting experts in Middle Eastern affairs and nuclear security in a new campaign that researchers said involved malware for both Apple and Microsoft products. Cybersecurity experts from Proofpoint attributed the campaign to a group they call TA453 but also is known as Charming Kitten, Mint Sandstorm or APT42,]]> 2023-07-06T17:42:00+00:00 https://therecord.media/iran-ta453-apt42-charming-kitten-espionage-nuclear-security-think-tanks www.secnews.physaphae.fr/article.php?IdArticle=8353083 False Malware APT 35,APT 42 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-07-06T12:21:23+00:00 https://www.globalsecuritymag.fr/Proofpoint-Charming-Kitten-cible-les-experts-en-securite-nucleaire.html www.secnews.physaphae.fr/article.php?IdArticle=8352896 False None APT 35,APT 35 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Charming Kitten, the nation-state actor affiliated with Iran\'s Islamic Revolutionary Guard Corps (IRGC), has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security measures placed in the malware to make it more difficult to analyze and collect intelligence,"]]> 2023-06-30T19:24:00+00:00 https://thehackernews.com/2023/06/iranian-hackers-charming-kitten-utilize.html www.secnews.physaphae.fr/article.php?IdArticle=8351031 False Malware APT 35 2.0000000000000000 Dark Reading - Informationweek Branch The APT35 group (aka Charming Kitten), have added backdoor capabilities to their spear-phishing payloads - and targeted an Israeli reporter with it.]]> 2023-06-30T17:53:00+00:00 https://www.darkreading.com/dr-global/iran-linked-apt35-israeli-media-upgraded-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8351073 False None APT 35,APT 35 2.0000000000000000 knowbe4 - cybersecurity services 2023-06-29T17:18:11+00:00 https://blog.knowbe4.com/charming-kitten-spear-phishing www.secnews.physaphae.fr/article.php?IdArticle=8350708 False Threat,Malware APT 35 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Volexity said the updated malware uses IPFS, public cloud hosting for decryption and configuration]]> 2023-06-29T15:30:00+00:00 https://www.infosecurity-magazine.com/news/charming-kittens-powerstar-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8350670 False Malware,Cloud APT 35 3.0000000000000000 Volexity - Cyber Firms La volexité travaille avec de nombreuses personnes et organisations souvent soumises à des campagnes sophistiquées et hautement ciblées de phistes de lance de divers acteurs de menaces au niveau de l'État-nation.Au cours des dernières années, la volexité a observé que les acteurs de la menace augmentent considérablement le niveau d'effort qu'ils ont consacré à compromettre les références ou les systèmes de cibles individuelles.Les campagnes de phisces de lance impliquent désormais souvent des messages individuels et sur mesure qui engagent un dialogue avec chaque cible, parfois sur une période de plusieurs jours, avant qu'un lien malveillant ou une pièce jointe de fichier ne soit envoyé.Un acteur de menace volexité voit fréquemment utiliser ces techniques est le charmant chaton, qui opérerait à partir de l'Iran.Charming Kitten semble principalement soucieux de collecter des renseignements en compromettant les informations d'identification des comptes et, par la suite, l'e-mail des personnes qu'ils lancent avec succès Phish.Le groupe extrait souvent toutes les autres informations d'identification ou accès qu'ils peuvent, puis tenteront de pivoter d'autres systèmes, tels que ceux accessibles [& # 8230;]

---

>Volexity works with many individuals and organizations often subjected to sophisticated and highly targeted spear-phishing campaigns from a variety of nation-state-level threat actors. In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets. Spear-phishing campaigns now often involve individual, tailored messages that engage in dialogue with each target, sometimes over a period of several days, before a malicious link or file attachment is ever sent. One threat actor Volexity frequently sees employing these techniques is Charming Kitten, who is believed to be operating out of Iran. Charming Kitten appears to be primarily concerned with collecting intelligence by compromising account credentials and, subsequently, the email of individuals they successfully spear phish. The group will often extract any other credentials or access they can, and then attempt to pivot to other systems, such as those accessible […] ]]> 2023-06-28T13:07:56+00:00 https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/ www.secnews.physaphae.fr/article.php?IdArticle=8388307 False Threat APT 35,APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant\'s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint]]> 2023-05-09T14:23:00+00:00 https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html www.secnews.physaphae.fr/article.php?IdArticle=8334732 False Threat,Vulnerability APT 35 2.0000000000000000 Anomali - Firm Blog Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces Réaction en chaîne: Rokrat & rsquo; s.Lien manquant (Publié: 1er mai 2023) Depuis 2022, le groupe parrainé par le Nord-Korea APT37 (Group123, Ricochet Chollima) a principalement changé ses méthodes de livraison de Maldocs pour cacher des charges utiles à l'intérieur des fichiers LNK surdimensionnés.Vérifier les chercheurs a identifié plusieurs chaînes d'infection utilisées par le groupe de juillet 2022 à avril 2023. Celles-ci ont été utilisées pour livrer l'un des outils personnalisés de l'APT37 (Goldbackdoor et Rokrat), ou le malware de marchandises Amadey.Tous les leurres étudiés semblent cibler des personnes coréennes avec des sujets liés à la Corée du Sud. Commentaire de l'analyste: Le passage aux chaînes d'infection basées sur LNK permet à APT37 de l'interaction utilisateur moins requise car la chaîne peut être déclenchée par un simple double clic.Le groupe continue l'utilisation de Rokrat bien triés qui reste un outil furtif avec ses couches supplémentaires de cryptage, le cloud C2 et l'exécution en mémoire.Les indicateurs associés à cette campagne sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquerleur infrastructure. mitre att & amp; ck: [mitre att & amp; ck] t1059.001: Powershell | [mitre att & amp; ck] t1055 - injection de processus | [mitre att & amp; ck] t1027 - fichiers ou informations obscurcis | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1204.002 - Exécution des utilisateurs: fichier malveillant | [mitre att & amp; ck] t1059.005 - commande et script interprète: visuel basique | [mitre att & amp; ck] t1140 - désobfuscate / décode ou informations | [mitre att & amp; ck] T1218.011 - Exécution par proxy binaire signée: Rundll32 Tags: malware: Rokrat, mitre-software-id: s0240, malware-Type: Rat, acteur: Groupe123, mitre-groupe: APT37, acteur: Ricochet Chollima, Country source: Corée du Nord, Country source: KP, Cible-Country: Corée du Sud, Cible-Country: KR, Type de fichier: Zip, déposer-Type: Doc, Fichier-Type: ISO, Fichier-Type: LNK, File-Type: Bat, File-Type: EXE, Fichier-Type: VBS, malware: Amadey,MALWARE: Goldbackdoor, Type de logiciels malveillants: porte dérobée, abusée: Pcloud, abusé: Cloud Yandex, abusé: OneDrive, abusé: & # 8203; & # 8203; Processeur de mots Hangul, abusé: themida, système cible: Windows ]]> 2023-05-01T23:16:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt37-adopts-lnk-files-charming-kitten-uses-bellaciao-implant-dropper-vipersoftx-infostealer-unique-byte-remapping-encryption www.secnews.physaphae.fr/article.php?IdArticle=8332656 False Threat,Ransomware,Malware,Cloud,Tool,Prediction,Vulnerability APT 35,APT 37,APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage parrainé par l'État iranien a été accusé d'avoir déployé une nouvelle souche de logiciels malveillants nommé Bellaciao contre plusieurs victimes aux États-Unis, en Europe, en Inde, en Turquie et dans d'autres pays.Des chercheurs de la société de cybersécurité Bitdefender [attribuée] (https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciaooo-a-closer-look-at-irans-latest-malware/) le maline à APT35 / APT42 & #8211;également connu sous le nom de Mint Sandstorm ou Charming Kitten & # 8211;un groupe de menaces persistantes avancé qui

---

An Iranian state-sponsored hacking group has been accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries. Researchers from cybersecurity firm Bitdefender [attributed](https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/) the malware to APT35/APT42 – also known as Mint Sandstorm or Charming Kitten – an advanced persistent threat group that]]> 2023-04-30T16:51:00+00:00 https://therecord.media/iran-apt-charming-kitten-bellaciao-malware-us-europe-asia www.secnews.physaphae.fr/article.php?IdArticle=8332393 False Threat,Malware APT 35,APT 42 3.0000000000000000 Dark Reading - Informationweek Branch The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.]]> 2023-04-28T20:18:35+00:00 https://www.darkreading.com/cloud/bellaciao-showcases-iran-threat-groups-modernizing-malware www.secnews.physaphae.fr/article.php?IdArticle=8331989 False Threat,Malware APT 35 2.0000000000000000 IT Security Guru - Blog Sécurité Charming Kitten, the infamous Iranian nation-state group, is actively targeting victims across Europe, U.S., India and Middle East with a new malware dubbed BellaCiao. The malware is the latest in their expansive custom tool kit. BellaCiao was discovered by Bitdefender, who describe the malware as a “personalised dropper” that’s capable of delivering malware payloads onto […] ]]> 2023-04-28T01:30:56+00:00 https://www.itsecurityguru.org/2023/04/28/charming-kitten-using-new-malware-in-multi-country-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=charming-kitten-using-new-malware-in-multi-country-attacks www.secnews.physaphae.fr/article.php?IdArticle=8331819 True Malware,Tool APT 35,APT 35 2.0000000000000000 Dark Reading - Informationweek Branch Goodbye, PHOSPHORUS! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?]]> 2023-04-27T19:57:00+00:00 https://www.darkreading.com/threat-intelligence/threat-actor-names-proliferate-adding-confusion www.secnews.physaphae.fr/article.php?IdArticle=8331672 False Threat APT 35 2.0000000000000000 The State of Security - Magazine Américain Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been operating since at least 2011, making a name for itself by targeting activists and journalists in the Middle East, as well as organisations in the United States, UK, Israel, and elsewhere. Earlier this month, Microsoft announced that the group, which...]]> 2023-04-27T10:17:55+00:00 https://www.tripwire.com/state-of-security/charming-kitten-targets-critical-infrastructure-us-and-elsewhere-bellaciao www.secnews.physaphae.fr/article.php?IdArticle=8331600 False Malware APT 35,APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that\'s capable of delivering other malware payloads onto a victim machine based on commands received]]> 2023-04-26T18:46:00+00:00 https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8331253 False Malware APT 35,APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that\'s designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt]]> 2023-04-25T18:34:00+00:00 https://thehackernews.com/2023/04/iranian-hackers-launch-sophisticated.html www.secnews.physaphae.fr/article.php?IdArticle=8330923 False Threat APT 35 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Check Point Research uncovers rare techniques used by Iranian-affiliated threat actor, targeting Israeli entities Check Point Research reveals new findings related to Phosphorus APT group, an Iranian APT group operating in the Middle East and North America. CPR dubbed this activity cluster Educated Manticore Educated Manticore has substantially enhanced its toolkit by incorporating new techniques, embracing current attack trends, and employing ISO images and other archive files to initiate infection chains. The research puts a spotlight on the lures of the attack, which used Hebrew and Arabic languages, suggesting targets were entities in Israel. - Malware Update]]> 2023-04-25T13:03:37+00:00 https://www.globalsecuritymag.fr/Check-Point-Research-uncovers-rare-techniques-used-by-Iranian-affiliated-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8330909 True Threat APT 35 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: la recherche sur le point de contrôle révèle de nouvelles résultats liés à Manticore éduqué, un groupe hacktiviste lié à Phosphore, un acteur de menace affilié à l'Irano opérant au Moyen-Orient et en Amérique du Nord.L'éduqué Manticore a considérablement amélioré sa boîte à outils en incorporant des techniques rarement vues, en adoptant les tendances d'attaque actuelles et en utilisant des images ISO et d'autres fichiers d'archives pour initier des chaînes d'infection.La recherche met en lumière les leurres de l'attaque, qui a utilisé des langues hébreu et arabe, suggérant que des cibles étaient des entités en Israël.Les principales conclusions hacktivisme, piratage à des fins politiques ou sociales, sont en augmentation et ses agents sont de plus en plus sophistiqués.Comme [& # 8230;]

---

>Highlights: Check Point Research reveals new findings related to Educated Manticore, a hacktivist group related to Phosphorus, an Iranian-affiliated threat actor operating in the Middle East and North America. Educated Manticore has substantially enhanced its toolkit by incorporating seldom-seen techniques, embracing current attack trends, and employing ISO images and other archive files to initiate infection chains. The research puts a spotlight on the lures of the attack, which used Hebrew and Arabic languages, suggesting targets were entities in Israel. Main findings Hacktivism, hacking for political or social purposes, is on the rise and its agents are becoming more sophisticated. As […] ]]> 2023-04-25T10:05:41+00:00 https://blog.checkpoint.com/security/check-point-research-uncovers-rare-techniques-used-by-iranian-affiliated-threat-actor-targeting-israeli-entities/ www.secnews.physaphae.fr/article.php?IdArticle=8330865 False Threat APT 35 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Résultats clés: Introduction Dans ce rapport, la recherche sur le point de contrôle révèle les nouvelles résultats d'un cluster d'activités étroitement liées au phosphore.La recherche présente une nouvelle chaîne d'infection améliorée conduisant au déploiement d'une nouvelle version de Powerless.Cet implant était & # 160; attribué & # 160; au phosphore dans le passé, un groupe de menaces affilié à l'Iran opérant au Moyen-Orient [& # 8230;]

---

>Key Findings: Introduction In this report, Check Point research reveals new findings of an activity cluster closely related to Phosphorus. The research presents a new and improved infection chain leading to the deployment of a new version of PowerLess. This implant was attributed to Phosphorus in the past, an Iran-affiliated threat group operating in the Middle East […] ]]> 2023-04-25T10:04:57+00:00 https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8330870 False Threat APT 35 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions (published: March 10, 2023) Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network. Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor. MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android Cobalt Illusion Masquerades as Atlantic Council Employee (published: March 9, 2023) A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i]]> 2023-03-14T17:32:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-xenomorph-automates-the-whole-fraud-chain-on-android-icefire-ransomware-started-targeting-linux-mythic-leopard-delivers-spyware-using-romance-scam www.secnews.physaphae.fr/article.php?IdArticle=8318511 False Threat,Ransomware,Malware,Guideline,Tool,Conference,Vulnerability ChatGPT,ChatGPT,APT 35,APT 42,APT 36 2.0000000000000000 knowbe4 - cybersecurity services The UK's National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia's SEABORGIUM threat actor and Iran's TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists."]]> 2023-01-30T13:52:25+00:00 https://blog.knowbe4.com/russian-iranian-spear-phishing-campaigns-in-uk www.secnews.physaphae.fr/article.php?IdArticle=8305530 False Threat,Conference APT 35 2.0000000000000000 Recorded Future - FLux Recorded Future Two separate but similar espionage campaigns from Russian and Iranian-linked groups have prompted a warning from Britain's National Cyber Security Centre. In a document published on Thursday local time the NCSC warned how instead of sending surprise phishing emails, the hacking groups – identified as “Russia-based” SEABORGIUM and “Iran-based” APT42, or Charming Kitten – are […]]> 2023-01-26T00:01:00+00:00 https://therecord.media/british-cyber-agency-issues-warning-over-russian-and-iranian-espionage-campaigns/ www.secnews.physaphae.fr/article.php?IdArticle=8304084 False Conference APT 35,APT 42 2.0000000000000000 CVE Liste - Common Vulnerability Exposure 2023-01-07T11:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25070 www.secnews.physaphae.fr/article.php?IdArticle=8298792 False Guideline,Conference,Vulnerability APT 35 None Dark Reading - Informationweek Branch 2022-12-16T16:04:25+00:00 https://www.darkreading.com/attacks-breaches/iran-backed-charming-kitten-apt-eyes-kinetic-ops-kidnapping www.secnews.physaphae.fr/article.php?IdArticle=8296235 False None APT 35 3.0000000000000000 The Register - Site journalistique Anglais 2022-12-15T02:35:09+00:00 https://go.theregister.com/feed/www.theregister.com/2022/12/15/charming_kitten_ta453_expands_targets/ www.secnews.physaphae.fr/article.php?IdArticle=8291417 False Medical APT 35 1.00000000000000000000 Global Security Mag - Site de news francais Malware Update]]> 2022-12-14T10:20:58+00:00 https://www.globalsecuritymag.fr/Iranian-state-aligned-threat-actor-targets-new-victims-in-cyberespionage-and.html www.secnews.physaphae.fr/article.php?IdArticle=8291153 False Threat,Conference APT 35,APT 42 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-12-07T16:00:00+00:00 https://www.infosecurity-magazine.com/news/security-risks-found-in-millions/ www.secnews.physaphae.fr/article.php?IdArticle=8288719 False Conference APT 35 3.0000000000000000 ProofPoint - Firm Security 2022-10-18T09:53:56+00:00 https://www.proofpoint.com/us/newsroom/news/not-so-charming-kitten-working-iran www.secnews.physaphae.fr/article.php?IdArticle=7575835 False None APT 35 None CSO - CSO Daily Dashboard recently reported with medium confidence that APT42 operates on behalf of the Islamic Revolutionary Guard Corps (IRGC)'s Intelligence Organization (IRGC-IO) and specializes in highly targeted social engineering.To read this article in full, please click here]]> 2022-09-14T05:09:00+00:00 https://www.csoonline.com/article/3673295/iranian-cyberspies-use-multi-persona-impersonation-in-phishing-threads.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6887761 False Conference APT 35,APT 42 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-09-08T11:08:00+00:00 https://thehackernews.com/2022/09/microsoft-warns-of-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6779982 False Threat,Ransomware,Conference APT 35 None Dark Reading - Informationweek Branch 2022-08-23T11:57:26+00:00 https://www.darkreading.com/endpoint/charming-kitten-apt-wields-new-scraper-to-steal-email-inboxes www.secnews.physaphae.fr/article.php?IdArticle=6483285 False Tool APT 35,Yahoo None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-08-23T07:50:00+00:00 https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html www.secnews.physaphae.fr/article.php?IdArticle=6485628 False Threat,Malware,Tool,Conference APT 35,Yahoo None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Update: The Phish Goes On - 5 Million Stolen Credentials and Counting (published: June 16, 2022) PIXM researchers describe an ongoing, large-scale Facebook phishing campaign. Its primary targets are Facebook Messenger mobile users and an estimated five million users lost their login credentials. The campaign evades Facebook anti-phishing protection by redirecting to a new page at a legitimate service such as amaze.co, famous.co, funnel-preview.com, or glitch.me. In June 2022, the campaign also employed the tactic of displaying legitimate shopping cart content at the final page for about two seconds before displaying the phishing content. The campaign is attributed to Colombian actor BenderCrack (Hackerasueldo) who monetizes displaying affiliate ads. Analyst Comment: Users should check what domain is asking for login credentials before providing those. Organizations can consider monitoring their employees using Facebook as a Single Sign-On (SSO) Provider. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 Tags: Facebook, Phishing, Facebook Messenger, Social networks, Mobile, Android, iOS, Redirect, Colombia, source-country:CO, BenderCrack, Hackerasueldo F5 Labs Investigates MaliBot (published: June 15, 2022) F5 Labs researchers describe a novel Android trojan, dubbed MaliBot. Based on re-written SOVA malware code, MaliBot is maintaining its Background Service by setting itself as a launcher. Its code has some unused evasion portions for emulation environment detection and setting the malware as a hidden app. MaliBot spreads via smishing, takes control of the device and monetizes using overlays for certain Italian and Spanish banks, stealing cryptocurrency, and sometimes sending Premium SMS to paid services. Analyst Comment: Users should be wary of following links in unexpected SMS messages. Try to avoid downloading apps from third-party websites. Be cautious with enabling accessibility options. MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016 | [MITRE ATT&CK] User Execution - T1204 Tags: MaliBot, Android, MFA bypass, SMS theft, Premium SMS, Smishing, Binance, Trust wallet, VNC, SOVA, Sality, Cryptocurrency, Financial, Italy, target-country:IT, Spain, target-country:ES Extortion Gang Ransoms Shoprite, Largest Supermarket Chain in Africa (published: June 15, 2022) On June 10, 2022, the African largest supermarket chain operating in twelve countries, Shoprite Holdings, announced a possible cybersecurity incident. The company notified customers in E]]> 2022-06-21T15:03:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-gallium-expands-targeting-across-telecommunications-government-and-finance-sectors-with-new-pingpull-tool-dragonforce-malaysia-opspatuk-opsindia-and-more www.secnews.physaphae.fr/article.php?IdArticle=5309464 False Threat,Ransomware,Malware,Guideline,Tool,Conference,Vulnerability APT 35,Yahoo None IT Security Guru - Blog Sécurité 2022-06-15T10:41:47+00:00 https://www.itsecurityguru.org/2022/06/15/new-iranian-spear-phishing-campaign-hijacks-email-conversations/?utm_source=rss&utm_medium=rss&utm_campaign=new-iranian-spear-phishing-campaign-hijacks-email-conversations www.secnews.physaphae.fr/article.php?IdArticle=5163528 False Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence COBALT MIRAGE Conducts Ransomware Operations in U.S. (published: May 12, 2022) Secureworks researchers describe campaigns by Iran-sponsored group Cobalt Mirage. These actors are likely part of a larger group, Charming Kitten (Phosphorus, APT35, Cobalt Illusion). In 2022, Cobalt Mirage deployed BitLocker ransomware on a US charity systems, and exfiltrated data from a US local government network. Their ransomware operations appear to be a low-scale, hands-on approach with rare tactics such as sending a ransom note to a local printer. The group utilized its own custom binaries including a Fast Reverse Proxy client (FRPC) written in Go. It also relied on mass scanning for known vulnerabilities (ProxyShell, Log4Shell) and using commodity tools for encryption, internal scanning, and lateral movement. Analyst Comment: However small your government or NGO organization is, it still needs protection from advanced cyber actors. Keep your system updated, and employ mitigation strategies when updates for critical vulnerabilities are not available. MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 Tags: Cobalt Mirage, Phosphorous, Cobalt Illusion, TunnelVision, Impacket, wmiexec, Softperfect network scanner, LSASS, RDP, Powershell, BitLocker, Ransomware, Fast Reverse Proxy client, FRP, FRPC, Iran, source-country:IR, USA, target-country:US, Cyberespionage, Government, APT, Go, Log4j2, ProxyShell, CVE-2021-34473, CVE-2021-45046, CVE-2021-44228, CVE-2020-12812, CVE-2021-31207, CVE-2018-13379, CVE-2021-34523, CVE-2019-5591 SYK Crypter Distributing Malware Families Via Discord (published: May 12, 2022) Morphisec researchers discovered a new campaign abusing popular messaging platform Discord content distribution network (CDN). If a targeted user activates the phishing attachment, it starts the DNetLoader malware that reaches out to the hardcoded Discord CDN link and downloads a next stage crypter such as newly-discovered SYK crypter. SYK crypter is being loaded into memory where it decrypts its configuration and the next stage payload using hardcoded keys and various encryption methods. It detects and impairs antivirus solutions and checks for d]]> 2022-05-17T15:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-costa-rica-in-ransomware-emergency-charming-kitten-spy-and-ransom-saitama-backdoor-hides-by-sleeping-and-more www.secnews.physaphae.fr/article.php?IdArticle=4668209 False Threat,Ransomware,Malware,Tool,Conference,Vulnerability APT 35,APT 15,APT 34 None SecurityWeek - Security News 2022-05-12T13:18:29+00:00 https://www.securityweek.com/iranian-cyberspy-group-launching-ransomware-attacks-against-us www.secnews.physaphae.fr/article.php?IdArticle=4584033 False Threat,Ransomware,Conference APT 35,APT 35 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-12T06:56:45+00:00 https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html www.secnews.physaphae.fr/article.php?IdArticle=4583977 False Threat,Ransomware,Malware,Conference APT 35,APT 15 4.0000000000000000 Security Affairs - Blog Secu 2022-04-26T18:00:59+00:00 https://securityaffairs.co/wordpress/130630/apt/iran-apt-exploiting-vmware-rce.html www.secnews.physaphae.fr/article.php?IdArticle=4509287 False Vulnerability APT 35 None SecurityWeek - Security News 2022-02-22T15:18:36+00:00 https://www.securityweek.com/enterprise-iot-security-firm-phosphorus-raises-38-million www.secnews.physaphae.fr/article.php?IdArticle=4166870 False Patching,Conference APT 35,APT 35 None Security Affairs - Blog Secu 2022-02-18T15:21:14+00:00 https://securityaffairs.co/wordpress/128159/apt/tunnelvision-exploits-log4j-vulnerability.html?utm_source=rss&utm_medium=rss&utm_campaign=tunnelvision-exploits-log4j-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=4144680 False Ransomware,Conference,Vulnerability APT 35 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-02-17T23:40:44+00:00 https://thehackernews.com/2022/02/iranian-hackers-targeting-vmware.html www.secnews.physaphae.fr/article.php?IdArticle=4143060 False Ransomware,Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence New CapraRAT Android Malware Targets Indian Government and Military Personnel (published: February 7, 2022) Trend Micro researchers have discovered a new remote access trojan (RAT) dubbed, CapraRAT, that targets Android systems. CapraRAT is attributed to the advanced persistent threat (APT) group, APT36 (Earth Karkaddan, Mythic Leopard, Transparent Tribe), which is believed to be Pakistan-based group that has been active since at least 2016. The Android-targeting CapraRAT shares similarities (capabilities, commands, and function names) to the Windows targeting Crimson RAT, and researchers note that it may be a modified version of the open source AndroRAT. The delivery method of CapraRAT is unknown, however, APT36 is known to use spearphishing emails with attachments or links. Once CapraRAT is installed and executed it will attempt to reach out to a command and control server and subsequently begin stealing various data from an infected device. Analyst Comment: It is important to only use the Google Play Store to obtain your software (for Android users), and avoid installing software from unverified sources because it is easier for malicious applications to get into third-party stores. Applications that ask for additional permissions outside of their normal functionality should be treated with suspicion, and normal functionality for the applications should be reviewed carefully prior to installation. Antivirus applications, if available, should be installed devices. MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Software Deployment Tools - T1072 Tags: APT36, Earth Karkaddan, Mythic Leopard, Transparent Tribe, Android, CapraRAT Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (published: February 3, 2022) The Russia-sponsored, cyberespionage group Primitive Bear (Gamaredon) has continued updating its toolset, according to Unit 42 researchers. The group continues to use their primary tactic in spearphishing emails with attachments that leverage remote templates and template injection with a focus on Ukraine. These email attachments are usually Microsoft Word documents that use the remote template to fetch VBScript, execute it to establish persistence, and wait for the group’s instruction via a command and control server. Unit 42 researchers have analyzed the group’s activity and infrastructure dating back to 2018 up to the current border tensions between Russia and Ukraine. The infrastructure behind the campaigns is robust, with clusters of domains that are rotated and parked on different IPs, often on a daily basis. Analyst Comment: Spearphishing emails represent a significant security risk because the sending email will often appear legitimate to the target; sometimes a target company email is compromis]]> 2022-02-08T16:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-conti-ransomware-attack-iran-sponsored-apts-new-android-rat-russia-sponsored-gamaredon-and-more www.secnews.physaphae.fr/article.php?IdArticle=4094313 False Threat,Ransomware,Malware,Conference APT 35,APT 35,APT 29,APT 29,APT 36 2.0000000000000000 knowbe4 - cybersecurity services [Heads Up] Beware of New QuickBooks Payment Scams   Email not displaying? | CyberheistNews Vol 12 #06  |   Feb. 8th., 2022 [Heads Up] Beware of New QuickBooks Payment Scams Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email. The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell. Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer. Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good. Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting. CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots: https://blog.knowbe4.com/beware-of-quickbooks-payment-scams ]]> 2022-02-08T14:23:51+00:00 https://blog.knowbe4.com/cyberheistnews-vol-12-06-heads-up-beware-of-new-quickbooks-payment-scams www.secnews.physaphae.fr/article.php?IdArticle=4094184 False Threat,Malware,Hack,Conference APT 35 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-02-02T13:58:34+00:00 https://threatpost.com/charming-kitten-powershell-backdoor/178158/ www.secnews.physaphae.fr/article.php?IdArticle=4070591 False None APT 35 None Security Affairs - Blog Secu 2022-02-02T11:55:18+00:00 https://securityaffairs.co/wordpress/127526/apt/apt35-spike-memento-op.html?utm_source=rss&utm_medium=rss&utm_campaign=apt35-spike-memento-op www.secnews.physaphae.fr/article.php?IdArticle=4069999 False Ransomware,Conference APT 35,APT 35 None SecurityWeek - Security News 2022-02-01T16:24:06+00:00 https://www.securityweek.com/iranian-hackers-using-new-powershell-backdoor-linked-memento-ransomware www.secnews.physaphae.fr/article.php?IdArticle=4066276 False Ransomware,Conference APT 35,APT 35 None Bleeping Computer - Magazine Américain 2022-02-01T14:00:00+00:00 https://www.bleepingcomputer.com/news/security/cyberspies-linked-to-memento-ransomware-use-new-powershell-malware/ www.secnews.physaphae.fr/article.php?IdArticle=4066936 False Ransomware,Malware,Conference APT 35,APT 35 None CybeReason - Vendor blog Over the past months, the Cybereason Nocturnus Team observed an uptick in the activity of the Iranian attributed group dubbed Phosphorus (AKA Charming Kitten, APT35), known for previously attacking medical research organizations in the US and Israel in late 2020, and for targeting academic researchers from the US, France, and the Middle East region back in 2019.]]> 2022-02-01T05:01:00+00:00 https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage www.secnews.physaphae.fr/article.php?IdArticle=4063281 False Conference APT 35,APT 35 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-02-01T02:28:30+00:00 https://thehackernews.com/2022/02/iranian-hackers-using-new-powershell.html www.secnews.physaphae.fr/article.php?IdArticle=4064183 False Threat,Malware,Conference APT 35,APT 35 None Security Affairs - Blog Secu 2022-01-12T11:22:16+00:00 https://securityaffairs.co/wordpress/126613/apt/apt35-log4shell-backdoor.html?utm_source=rss&utm_medium=rss&utm_campaign=apt35-log4shell-backdoor www.secnews.physaphae.fr/article.php?IdArticle=3951538 False Conference APT 35 None Bleeping Computer - Magazine Américain 2022-01-11T18:17:45+00:00 https://www.bleepingcomputer.com/news/security/state-hackers-use-new-powershell-backdoor-in-log4j-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=3949411 False Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard (published: December 27, 2021) Check Point researchers have published their findings on the Equation Group’s post-exploitation framework DanderSpritz — a major part of the “Lost in Translation” leak — with a focus on its DoubleFeature logging tool. DoubleFeature (similar to other Equation Group tools) employs several techniques to make forensic analysis difficult: function names are not passed explicitly, but instead a checksum of it; strings used in DoubleFeature are decrypted on-demand per function and they are re-encrypted once function execution completes. DoubleFeature also supports additional obfuscation methods, such as a simple substitution cipher and a stream cipher. In its information gathering DoubleFeature can monitor multiple additional plugins including: KillSuit (also known as KiSu and GrayFish) plugin that is running other plugins, providing a framework for persistence and evasion, MistyVeal (MV) implant verifying that the targeted system is indeed an authentic victim, StraitBizarre (SBZ) cross-platform implant, and UnitedRake remote access tool (UR, EquationDrug). Analyst Comment: It is important to study Equation Group’s frameworks because some of the leaked exploits were seen exploited by other threat actors. Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. MITRE ATT&CK: [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Rootkit - T1014 | [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140 Tags: Equation Group, DanderSpritz, DoubleFeature, Shadow Brokers, EquationDrug, UnitedRake, DiveBar, KillSuit, GrayFish, StraitBizarre, MistyVeal, PeddleCheap, DiceDealer, FlewAvenue, DuneMessiah, CritterFrenzy, Elby loader, BroughtHotShot, USA, Russia, APT Dridex Affiliate Dresses Up as Scrooge (published: December 23, 2021) Days before Christmas, an unidentified Dridex affiliate is using malspam emails with extremely emotion-provoking lures. One malicious email purports that 80% of the company’s employees have tested positive for Omicron, a variant of COVID-19, another email claims that the recipient was just terminated from his or her job. The attached malicious Microsoft Excel documents have two anti-sandbox features: they are password protected, and the macro doesn’t run until a user interacts with a pop-up dialog. If the user makes the macro run, it will drop an .rtf f]]> 2021-12-29T16:00:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-equation-groups-post-exploitation-framework-decentralized-finance-defi-protocol-exploited-third-log4j-vulnerability-and-more www.secnews.physaphae.fr/article.php?IdArticle=3904146 False Threat,Ransomware,Malware,Tool,Conference,Vulnerability APT 35 None Wired Threat Level - Security News 2021-10-14T14:36:04+00:00 https://www.wired.com/story/apt35-iran-hackers-phishing-telegram-bot www.secnews.physaphae.fr/article.php?IdArticle=3514384 False Conference APT 35 None SecurityWeek - Security News 2021-08-05T15:48:35+00:00 http://feedproxy.google.com/~r/securityweek/~3/n6qIj2C2k4g/iran-linked-hackers-expand-arsenal-new-android-backdoor www.secnews.physaphae.fr/article.php?IdArticle=3178517 False Threat,Conference APT 35,APT 35 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-08-05T14:16:03+00:00 https://threatpost.com/black-hat-charming-kitten-opsec-goofs-training-videos/168394/ www.secnews.physaphae.fr/article.php?IdArticle=3177922 False None APT 35,APT 35 None InfoSecurity Mag - InfoSecurity Magazine 2021-08-04T22:54:00+00:00 https://www.infosecurity-magazine.com/news/bhusa-the-9-lives-of-the-charming/ www.secnews.physaphae.fr/article.php?IdArticle=3175787 False None APT 35,APT 35 5.0000000000000000 Security Intelligence - Site de news Américain 2021-08-04T20:30:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/xUwqxoI5yaA/ www.secnews.physaphae.fr/article.php?IdArticle=3174405 False Threat,Conference APT 35,APT 35 None UnderNews - Site de news "pirate" francais TA453 usurpe secrètement l'université de Londres pour dérober des données personnelles récupérées ensuite par le gouvernement iranien first appeared on UnderNews.]]> 2021-07-31T09:53:50+00:00 https://www.undernews.fr/hacking-hacktivisme/ta453-usurpe-secretement-luniversite-de-londres-pour-derober-des-donnees-personnelles-recuperees-ensuite-par-le-gouvernement-iranien.html www.secnews.physaphae.fr/article.php?IdArticle=3154911 False Conference APT 35,APT 35 None Data Security Breach - Site de news Francais 2021-07-14T22:29:21+00:00 https://www.datasecuritybreach.fr/11741-2/ www.secnews.physaphae.fr/article.php?IdArticle=3067772 False None APT 35 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-07-13T16:44:59+00:00 https://threatpost.com/apt-ta453-siphons-intel-mideast/167715/ www.secnews.physaphae.fr/article.php?IdArticle=3058387 False None APT 35 None DarkTrace - DarkTrace: AI bases detection 2021-04-23T09:00:00+00:00 https://www.darktrace.com/en/blog/apt-35-charming-kitten-discovered-in-a-pre-infected-environment www.secnews.physaphae.fr/article.php?IdArticle=2682631 False Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence The Leap of a Cycldek-Related Threat Actor (published: April 5, 2021) A new sophisticated Chinese campaign was observed between June 2020 and January 2021, targeting government, military and other critical industries in Vietnam, and, to lesser extent, in Central Asia and Thailand. This threat actor uses a "DLL side-loading triad" previously mastered by another Chinese group, LuckyMouse: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. But the code origins of the new malware used on different stages of this campaign point to a different Chinese-speaking group, Cycldek. Analyst Comment: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). MITRE ATT&CK: [MITRE ATT&CK] DLL Side-Loading - T1073 | [MITRE ATT&CK] File Deletion - T1107 Tags: Chinese-speaking, Cycldek-related Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool (published: April 1, 2021) Hancitor is an information stealer and malware downloader used by a threat actor designated as MAN1, Moskalvzapoe or TA511. Initial infection includes target clicking malspam, then clicking on a link in an opened Google Docs page, and finally clicking to enable macros in the downloaded Word document. In recent months, this actor began using a network ping tool to help enumerate the Active Directory (AD) environment of infected hosts. It generates approximately 1.5 GB of Internet Control Message Protocol (ICMP) traffic. Analyst Comment: Organizations should use email security solutions to block malicious/spam emails. All email attachments should be scanned for malware before they reach the user's inbox. IPS rules need to be configured properly to identify any reconnaissance attempts e.g. port scan to get early indication of potential breach. MITRE ATT&CK: [MITRE ATT&CK] Remote System Discovery - T1018 | [MITRE ATT&CK] Remote Access Tools - T1219 | [MITRE ATT&CK] Rundll32 - T1085 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071 | [MITRE ATT&CK] System Information Discovery - T1082 Tags: Hancitor, Malspam, Cobalt Strike ]]> 2021-04-06T16:57:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-apt-groups-data-breach-malspam-and-more www.secnews.physaphae.fr/article.php?IdArticle=2593638 False Threat,Malware,Tool,Conference,Vulnerability APT 35,APT 10 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2021-03-31T12:48:58+00:00 https://threatpost.com/charming-kitten-pounces-on-researchers/165129/ www.secnews.physaphae.fr/article.php?IdArticle=2566195 False None APT 35,APT 35 None InformationSecurityBuzzNews - Site de News Securite Experts Insight On APT35 Recent Phishing Attacks]]> 2021-01-15T12:14:17+00:00 https://informationsecuritybuzz.com/expert-comments/experts-insight-on-apt35-recent-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=2195754 False Conference APT 35,APT 35 None Schneier on Security - Chercheur Cryptologue Américain delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications. Steadfast in its work and objectives, Helix Kitten has a consistent track record of developing meticulous spear-phishing attacks...]]> 2021-01-08T20:19:37+00:00 https://www.schneier.com/blog/archives/2021/01/apt-horoscope.html www.secnews.physaphae.fr/article.php?IdArticle=2160466 False Conference APT 35,APT 35,APT 34 None InformationSecurityBuzzNews - Site de News Securite Expert Reacted On Microsoft Says Iranian Hackers “Phosphorus” Targeted Conference Attendees]]> 2020-10-29T15:21:08+00:00 https://www.informationsecuritybuzz.com/expert-comments/expert-reacted-on-microsoft-says-iranian-hackers-phosphorus-targeted-conference-attendees/ www.secnews.physaphae.fr/article.php?IdArticle=2002467 False Threat,Conference APT 35 None InformationSecurityBuzzNews - Site de News Securite Iran-linked Threat Actor Targets T20 Summit Attendees]]> 2020-10-29T11:16:42+00:00 https://www.informationsecuritybuzz.com/expert-comments/iran-linked-threat-actor-targets-t20-summit-attendees/ www.secnews.physaphae.fr/article.php?IdArticle=2001940 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2020-10-29T08:28:32+00:00 https://securityaffairs.co/wordpress/110110/apt/iran-phosphorus-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=iran-phosphorus-attacks www.secnews.physaphae.fr/article.php?IdArticle=2001792 False Conference APT 35 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence China’s ‘Hybrid War’: Beijing’s Mass Surveillance of Australia and the World for Secrets and Scandal (published: September 14, 2020) A database containing 2.4 million people has been leaked from a Shenzhen company, Zhenhua Data, believed to have ties to the Chinese intelligence service. The database contains personal information on over 35,000 Australians and prominent figures, and 52,000 Americans. This includes addresses, bank information, birth dates, criminal records, job applications, psychological profiles, and social media. Politicians, lawyers, journalists, military officers, media figures, and Natalie Imbruglia are among the records of Australians contained in the database. While a lot of the information is public, there is also non-public information contributing to claims that China is developing a mass surveillance system. Recommendation: Users should always remain vigilant about the information they are putting out into the public, and avoid posting personal or sensitive information online. Tags: China, spying US Criminal Court Hit by Conti Ransomware; Critical Data at Risk (published: September 11, 2020) The Fourth District Court of Louisiana, part of the US criminal court system, appears to have become the latest victim of the Conti ransomware. The court's website was attacked and used to steal numerous court documents related to defendants, jurors, and witnesses, and then install the Conti ransomware. Evidence of the data theft was posted to the dark web. Analysis of the malware by Emsisoft’s threat analyst, Brett Callow, indicates that the ransomware deployed in the attack was Conti, which has code similarity to another ransomware strain, Ryuk. The Conti group, believed to be behind this ransomware as a service, is sophisticated and due to the fact that they receive a large portion of the ransoms paid, they are motivated to avoid detections and continue to develop advanced attacking tools. This attack also used the Trickbot malware in its exploit chain, similar to that used by Ryuk campaigns. Recommendation: Defense in Depth, including vulnerability remediation and scanning, monitoring, endpoint protection, backups, etc. is key to thwarting increasingly sophisticated attacks. Ransomware attacks are particularly attractive to attackers due to the fact that each successful ransomware attack allows for multiple streams of income. The attackers can not only extort a ransom to decrypt the victim's files (especially in cases where the victim finds they do not have appropriate disaster recovery plans), but they can also monetize the exfiltrated data directly and/or use the data to aid in future attacks. This technique is increasingly used in supply chain compromises to build difficult to detect spearphishing attacks. Tags: conti, ryuk, ransomware ]]> 2020-09-15T15:00:00+00:00 https://www.anomali.com/blog/weekly-threat-briefing-apt-group-malware-ransomware-and-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=2103282 False Threat,Ransomware,Malware,Tool,Conference,Vulnerability APT 35,APT 31,APT 28 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs This week on Lock and Code, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. Categories: Podcast Tags: advanced persistent threatsAPTCenter for Public Health ResearchCharming Kittencovid-19data breachddosDDos attackdistributed denial of service attackelection interferenceelectionsLugar CentremalvertisingNetflix scampandemic (Read more...) ]]> 2020-09-14T14:49:08+00:00 https://blog.malwarebytes.com/podcast/2020/09/lock-and-code-s1ep15-safely-using-google-chrome-extensions-with-pieter-arntz/ www.secnews.physaphae.fr/article.php?IdArticle=1916438 False Malware,Conference APT 35 None Security Affairs - Blog Secu 2020-08-28T15:33:29+00:00 https://securityaffairs.co/wordpress/107644/apt/charming-kitten-apt-whatsapp-linkedin.html?utm_source=rss&utm_medium=rss&utm_campaign=charming-kitten-apt-whatsapp-linkedin www.secnews.physaphae.fr/article.php?IdArticle=1887053 False Conference APT 35 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-08-28T03:36:28+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/SlFF9FYAUqI/hackers-journalist-malware.html www.secnews.physaphae.fr/article.php?IdArticle=1886578 False Malware,Conference APT 35 None Security Affairs - Blog Secu 2020-07-17T13:49:25+00:00 https://securityaffairs.co/wordpress/106032/apt/apt35-data-leak.html?utm_source=rss&utm_medium=rss&utm_campaign=apt35-data-leak www.secnews.physaphae.fr/article.php?IdArticle=1809947 False Conference APT 35 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-07-17T03:23:46+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/AGojF6xrBSA/iranian-hacking-training-videos.html www.secnews.physaphae.fr/article.php?IdArticle=1809580 False Threat,Conference APT 35 5.0000000000000000 Wired Threat Level - Security News 2020-07-16T10:00:00+00:00 https://www.wired.com/story/iran-apt35-hacking-video www.secnews.physaphae.fr/article.php?IdArticle=1807436 False Conference APT 35 None Security Intelligence - Site de news Américain 2020-07-16T09:00:00+00:00 http://feedproxy.google.com/~r/SecurityIntelligence/~3/FW3Ff-e-Gik/ www.secnews.physaphae.fr/article.php?IdArticle=1807511 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2020-02-07T10:59:52+00:00 https://securityaffairs.co/wordpress/97430/apt/charming-kitten-phishing-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=1529366 False Conference APT 35 None Bleeping Computer - Magazine Américain 2020-02-05T12:57:16+00:00 https://www.bleepingcomputer.com/news/security/charming-kitten-hackers-impersonate-journalist-in-phishing-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1526763 True None APT 35 None Security Affairs - Blog Secu 2019-10-13T23:06:24+00:00 https://securityaffairs.co/wordpress/92469/apt/charming-kitten-impersonation-methods.html www.secnews.physaphae.fr/article.php?IdArticle=1401461 False Threat,Conference APT 35 None SecurityWeek - Security News 2019-10-09T18:20:48+00:00 http://feedproxy.google.com/~r/Securityweek/~3/VIYT0SkoGlQ/iranian-hackers-update-spear-phishing-techniques-recent-campaign www.secnews.physaphae.fr/article.php?IdArticle=1393558 False Threat,Conference APT 35 None Security Affairs - Blog Secu 2019-10-06T14:10:54+00:00 https://securityaffairs.co/wordpress/92188/apt/phosphorus-apt-2020-presidential-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=1385535 False Threat,Conference APT 35 None