This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T02:01:16+00:00 www.secnews.physaphae.fr Reversemode - Blog de reverser IntroductionYesterday afternoon, I was writing what should have been the regular newsletter when the power suddenly went out. I wasn\'t alarmed at all because I live in a mountain area, and power outages like this happen several times a year. It was a slightly windy day, so I assumed that maybe a tree had cracked and hit a low-voltage line or something similar. But, as it turns out, that wasn\'t the case. Instead, something unprecedented occurred, a \'zero energy\' event: the power grid in Spain and Portugal went down completely.As we can see from the following graph coming from Red Eléctrica Española (transmission system operator responsible for managing the Spanish electricity system), at 12:35pm suddenly 15 GW of generation power went \'missing\'. As the prime minister would explain during a press release: "in 5 seconds, 60% of the country\'s demand disappeared from the system".The interconnected power system is one of the most complex systems ever built. It is beyond the scope of this article to provide a detailed technical assessment of all possible non-cyber scenarios that could contribute to a \'black swan\' event. In fact, investigations into large-scale power outages typically take months to reach reliable conclusions. Therefore, I will leave this task to the experts, who have access to the necessary data to conduct such a complex analysis.However, there is specific information suggesting that a potential cyber attack could be behind this. For example:https://www.larazon.es/economia/cni-apunta-ciberataque-como-posible-causa-apagon_20250428680f7e19319ae75da4ba8c32.htmlThe President of the regional government of Andalusia (Spain) claims that, after consulting with cybersecurity experts, the massive power outage is likely the result of a cyber attack.https://www.eleconomista.es/energia/noticias/13337515/04/25/juanma-moreno-apunta-a-un-ciberataque-como-posible-causa-del-gran-apagon-en-espana.htmlMeanwhile, top European figures such as the European Council p]]> 2025-04-29T11:04:11+00:00 https://www.reversemode.com/2025/04/spains-blackout-cyber-or-not-unbiased.html www.secnews.physaphae.fr/article.php?IdArticle=8669358 False Ransomware,Malware,Threat,Studies,Prediction,Technical APT 44 3.0000000000000000 Cyble - CyberSecurity Firm Présentation Selon un nouveau rapport Cyble, les hacktivistes vont de plus en plus au-delà des activités traditionnelles telles que les attaques DDOS et les défaillances de sites Web en infrastructure critique plus sophistiquée et attaques de ransomwares. Dans un rapport pour les clients, Cyble a déclaré que le hacktivisme s'est «transformé en un instrument complexe de guerre hybride» avec la montée en puissance des groupes qui ont adopté des techniques d'attaque plus sophistiquées plus généralement associées aux acteurs de l'État-nation et aux groupes de menaces motivés financièrement. Hacktivism "ne se limite plus aux explosions idéologiques marginales", selon le rapport. «Il s'agit maintenant d'un appareil de cyber-insurrection décentralisé, capable de façonner les récits géopolitiques, de déstabiliser les systèmes critiques et de s'engager directement dans des conflits mondiaux à travers le domaine numérique.» Le rapport CYBLE a examiné les groupes hacktiviste les plus actifs au premier trimestre de 2025, les nations et les secteurs les plus ciblés, les techniques d'attaque émergentes, et plus encore. Les groupes hacktiviste les plus actifs ciblent l'infrastructure critique Les hacktivistes pro-russes étaient les plus actifs au premier trimestre, dirigés par NONAME057 (16), Hacktivist Sandworm]]> 2025-04-15T08:22:39+00:00 https://cyble.com/blog/hacktivists-infrastructure-move-into-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8662999 False Ransomware,Tool,Vulnerability,Threat,Legislation,Industrial,Prediction,Cloud,Technical APT 44 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41]]> 2025-02-18T15:22:00+00:00 https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648844 False Threat,Prediction APT 41 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-09T12:22:03+00:00 https://community.riskiq.com/article/86d339a0 www.secnews.physaphae.fr/article.php?IdArticle=8622260 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Prediction APT 45 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-18T12:22:31+00:00 https://community.riskiq.com/article/2560112c www.secnews.physaphae.fr/article.php?IdArticle=8613484 False Ransomware,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 41,APT 38 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-11T18:57:29+00:00 https://community.riskiq.com/article/048b77c8 www.secnews.physaphae.fr/article.php?IdArticle=8609479 False Ransomware,Malware,Tool,Threat,Prediction,Medical,Cloud APT 45 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-31T19:07:37+00:00 https://community.riskiq.com/article/393b61a9 www.secnews.physaphae.fr/article.php?IdArticle=8604347 False Ransomware,Malware,Tool,Threat,Prediction APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-19T10:58:28+00:00 https://community.riskiq.com/article/256c3cbd www.secnews.physaphae.fr/article.php?IdArticle=8560248 False Ransomware,Malware,Tool,Threat,Prediction APT 41,APT 42 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-22T10:33:31+00:00 https://community.riskiq.com/article/12ac549a www.secnews.physaphae.fr/article.php?IdArticle=8541988 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 41 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-15T11:27:07+00:00 https://community.riskiq.com/article/fdcb22e4 www.secnews.physaphae.fr/article.php?IdArticle=8537522 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Prediction,Medical APT 41,APT 40 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Trend Micro analyzed a cyberespionage attack the company has attributed to Earth Freybug, a subset of APT41 (tracked by Microsoft as [Brass Typhoon](https://sip.security.microsoft.com/intel-profiles/f0aaa62bfbaf3739bb92106688e6a00fc05eafc0d4158b0e389b4078112d37c6?)). According to Trend Micro, Earth Freybug has been active since at least 2012 and the Chinese-linked group has been active in espionage and financially motivated attacks. Earth Freybug employs diverse tools like LOLBins and custom malware, targeting organizations globally. The attack used techniques like dynamic link library (DLL) hijacking and API unhooking to avoid monitoring for a new malware called UNAPIMON. UNAPIMON evades detection by preventing child processes from being monitored. The attack flow involved creating remote scheduled tasks and executing reconnaissance commands to gather system information. Subsequently, a backdoor was launched using DLL side-loading via a service called SessionEnv, which loads a malicious DLL. UNAPIMON, the injected DLL, uses API hooking to evade monitoring and execute malicious commands undetected, showcasing the attackers\' sophistication. [Check out Microsoft\'s write-up on dynamic-link library (DLL) hijacking here.](https://sip.security.microsoft.com/intel-explorer/articles/91be20e8?) #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html #### Publication Date April 2, 2024 #### Author(s) Christopher So]]> 2024-04-03T20:46:53+00:00 https://community.riskiq.com/article/327771c8 www.secnews.physaphae.fr/article.php?IdArticle=8475473 False Malware,Tool,Prediction APT 41 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description The Kimsuky threat group, known to be supported by North Korea, has been active since 2013. The group usually launches spear phishing attacks against national defense, defense industries, media, diplomacy, national organizations, and academic sectors. Their attacks aim to steal internal information and technology from organizations. While the Kimsuky group typically uses spear phishing attacks for initial access, most of their recent attacks involve the use of shortcut-type malware in LNK file format. Although LNK malware comprise a large part of recent attacks, cases using JavaScripts or malicious documents are continuing to be detected. Such attack cases that use JavaScript-type malware usually involve the distribution of AppleSeed. In addition to JavaScript, Excel macro malware are also used to install AppleSeed. AppleSeed is a backdoor that can receive the threat actor\'s commands from the C&C server and execute the received commands. The threat actor can use AppleSeed to control the infected system. It also offers features such as a downloader that installs additional malware, keylogging and taking screenshots, and stealing information by collecting files from the user system and sending them. AlphaSeed is a malware developed in Golang and supports similar features to AppleSeed such as command execution and infostealing. #### Reference URL(s) 1. https://asec.ahnlab.com/en/60054/ #### Publication Date December 27, 2023 #### Author(s) Sanseo ]]> 2023-12-28T19:18:50+00:00 https://community.riskiq.com/article/461188d1 www.secnews.physaphae.fr/article.php?IdArticle=8430436 False Malware,Threat,Prediction APT 43 3.0000000000000000 AhnLab - Korean Security Firm Les activités de Kimsuky Group & # 8217;Les activités d'autres types étaient relativement faibles.De plus, des échantillons de phishing ont été trouvés dans l'infrastructure connue pour la distribution de logiciels malveillants antérieurs (fleurs, randomquery et appleseed), et des échantillons de babyshark ont été découverts dans l'infrastructure RandomQuery.Cela suggère la probabilité de plusieurs types de logiciels malveillants en utilisant une seule infrastructure.Rapport de tendance AUG_TRÉTÉE sur le groupe Kimsuk

---

The Kimsuky group’s activities in August 2023 showed a notable surge in the BabyShark type, while the activities of other types were relatively low. Also, phishing samples were found in the infrastructure known for distributing previous malware (FlowerPower, RandomQuery, and AppleSeed), and BabyShark samples were discovered in the RandomQuery infrastructure. This suggests the likelihood of multiple types of malware utilizing a single infrastructure. Aug_Threat Trend Report on Kimsuky Group ]]> 2023-10-23T02:21:45+00:00 https://asec.ahnlab.com/en/57938/ www.secnews.physaphae.fr/article.php?IdArticle=8399125 False Malware,Threat,Prediction APT 43 3.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 41,APT 38,APT 37,APT 37,APT 29,APT 29,APT 28,APT 28,APT 36,APT 36,Guam,Guam,APT-C-17,APT-C-17,GoldenJackal,GoldenJackal,APT-C-36 3.0000000000000000 The Register - Site journalistique Anglais Mandiant identifies \'moderately sophisticated\' but \'prolific\' APT43 as global menace Google Cloud\'s recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage.…]]> 2023-03-30T04:40:47+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/30/mandian_apt43_north_korea/ www.secnews.physaphae.fr/article.php?IdArticle=8323334 False Studies,Prediction APT 43 2.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report (published: October 7, 2021) Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%). Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions. MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110 Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran Ransomware in the CIS (published: October 7, 2021) Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto]]> 2021-10-12T17:41:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-aerospace-and-telecoms-targeted-by-iranian-malkamak-group-cozy-bear-refocuses-on-cyberespionage-wicked-panda-is-traced-by-malleable-c2-profiles-and-more www.secnews.physaphae.fr/article.php?IdArticle=3505382 False Ransomware,Malware,Tool,Threat,Guideline,Prediction APT 41,APT 41,APT 39,APT 29,APT 29,APT 28 None