This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-30T18:43:59+00:00 www.secnews.physaphae.fr Mandiant - Blog Sécu de Mandiant   Following the discovery of malware residing within ESXi hypervisors in September 2022, Mandiant began investigating numerous intrusions conducted by UNC3886, a suspected China-nexus cyber espionage actor that has targeted prominent strategic organizations on a global scale. In January 2023, Mandiant provided detailed analysis of the exploitation of a now-patched vulnerability in FortiOS employed by a threat actor suspected to be UNC3886. In March 2023, we provided details surrounding a custom malware ecosystem utilized on affected Fortinet devices. Furthermore, the investigation uncovered the compromise of VMware technologies, which facilitated access to guest virtual machines. Investigations into more recent operations in 2023 following fixes from the vendors involved in the investigation have corroborated Mandiant\'s initial observations that the actor operates in a sophisticated, cautious, and evasive nature. Mandiant has observed that UNC3886 employed several layers of organized persistence for redundancy to maintain access to compromised environments over time. Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available even if the primary layer is detected and eliminated. This blog post discusses UNC3886\'s intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including: The use of publicly available rootkits for long-term persistence Deployment of malware that leveraged trusted third-party services for command and control (C2 or C&C) Subverting access and collecting credentials with Secure Shell (SSH) backdoors Extracting credentials from TACACS+ authentication using custom malware  Mandiant has published detection and hardening guidelines for ESXi hypervisors and attack techniques employed by UNC3886. For Google SecOps Enterprise+ customer]]> 2024-06-18T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8520461 False Malware,Tool,Vulnerability,Threat,Cloud,Technical APT 41 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-08T15:09:15+00:00 https://community.riskiq.com/article/974639f2 www.secnews.physaphae.fr/article.php?IdArticle=8478203 False Ransomware,Spam,Malware,Tool,Threat,Cloud APT 41 3.0000000000000000