This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-18T09:58:56+00:00 www.secnews.physaphae.fr Recorded Future - FLux Recorded Future Le tristement célèbre groupe de piratage chinois suivi en tant qu'APT41 a utilisé deux souches de logiciels espions nouvellement identifiées pour infecter les appareils Android, ont déclaré des chercheurs en cybersécurité.APT41, également connu sous le nom de Winnti et Brass Typhoon (anciennement Barium), est un groupe d'espionnage parrainé par l'État qui a été actif pour Plus d'une décennie et est connu pour cibler les organisations gouvernementales pour le renseignement

---

The infamous Chinese hacking group tracked as APT41 has been using two newly-identified spyware strains to infect Android devices, cybersecurity researchers said. APT41, also known as Winnti and Brass Typhoon (formerly Barium), is a state-sponsored espionage group that has been active for more than a decade and is known for targeting government organizations for intelligence]]> 2023-07-19T19:36:00+00:00 https://therecord.media/china-linked-hackers-target-mobile-devices-wyrmspy-dragonegg-spyware www.secnews.physaphae.fr/article.php?IdArticle=8358951 False None APT 41,APT 41,APT-C-17 2.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 38,GoldenJackal,GoldenJackal,APT-C-36,APT 29,APT 29,APT 37,APT 37,Guam,Guam,APT 28,APT 28,APT 41,APT 36,APT 36,APT-C-17,APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies Group-IB and Bridewell said in a joint report shared with The Hacker News. "The identified phishing]]> 2023-05-17T14:10:00+00:00 https://thehackernews.com/2023/05/state-sponsored-sidewinder-hacker.html www.secnews.physaphae.fr/article.php?IdArticle=8337299 False Threat APT-C-17 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry]]> 2023-05-09T15:09:00+00:00 https://thehackernews.com/2023/05/researchers-uncover-sidewinders-latest.html www.secnews.physaphae.fr/article.php?IdArticle=8334747 False Threat APT-C-17 3.0000000000000000 Dark Reading - Informationweek Branch The APT is exploiting a remote template injection flaw to deliver malicious documents that lure in government officials and other targets with topics of potential interest.]]> 2023-05-09T14:30:00+00:00 https://www.darkreading.com/attacks-breaches/sidewinder-strikes-victims-pakistan-turkey-multiphase-polymorphic-attack www.secnews.physaphae.fr/article.php?IdArticle=8334836 False None APT-C-17 3.0000000000000000 BlackBerry - Fabricant Matériel et Logiciels The BlackBerry Research and Intelligence team has been actively monitoring the SideWinder APT group, whose latest campaign targets Pakistan government organizations by using a server-based polymorphism technique to deliver the payload.]]> 2023-05-08T08:01:00+00:00 https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan www.secnews.physaphae.fr/article.php?IdArticle=8393082 False None APT-C-17,APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-16T23:46:00+00:00 https://thehackernews.com/2023/02/researchers-link-sidewinder-group-to.html www.secnews.physaphae.fr/article.php?IdArticle=8310928 False None APT-C-17 3.0000000000000000 Dark Reading - Informationweek Branch 2023-02-16T16:41:00+00:00 https://www.darkreading.com/endpoint/sidewinder-apt-linked-phishing-attacks-latest-rampage www.secnews.physaphae.fr/article.php?IdArticle=8310879 False Threat APT-C-17 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-02-15T09:30:00+00:00 https://www.infosecurity-magazine.com/news/sidewinder-apt-attacks-regional/ www.secnews.physaphae.fr/article.php?IdArticle=8310433 False Threat APT-C-17 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-10-24T11:55:00+00:00 https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html www.secnews.physaphae.fr/article.php?IdArticle=7662160 False Malware APT-C-17 None Checkpoint - Fabricant Materiel Securite Check Point Research (CPR) reported evidence suggesting that Pakistan Air Force's Headquarters was a victim of a successful attack conducted by Sidewinder, a suspected India-based APT group. During May 2022, several malware samples and two encrypted files, related to the attack were uploaded to Virus Total. After decrypting the encrypted files, CPR saw that one… ]]> 2022-07-13T11:00:06+00:00 https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/ www.secnews.physaphae.fr/article.php?IdArticle=5690250 False Malware APT-C-17 None knowbe4 - cybersecurity services ]]> 2022-06-02T13:09:56+00:00 https://blog.knowbe4.com/sidewinder-targets-pakistani-entities-with-phishing-attacks www.secnews.physaphae.fr/article.php?IdArticle=4932604 False None APT-C-17 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-02T01:38:51+00:00 https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=4930336 False Malware,Tool,Threat APT-C-17 None Bleeping Computer - Magazine Américain 2022-06-01T09:10:12+00:00 https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/ www.secnews.physaphae.fr/article.php?IdArticle=4919241 False Tool,Threat APT-C-17 None Security Affairs - Blog Secu SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake and T-APT-04). The group stands out for the high frequency and persistence of its attacks, researchers believe that the […] ]]> 2022-05-31T14:28:17+00:00 https://securityaffairs.co/wordpress/131831/apt/sidewinder-aggressive-apt.html www.secnews.physaphae.fr/article.php?IdArticle=4905216 False Threat APT-C-17 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-05-31T00:30:39+00:00 https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html www.secnews.physaphae.fr/article.php?IdArticle=4901754 False Threat APT-C-17 None Dark Reading - Informationweek Branch 2022-05-05T15:04:29+00:00 https://www.darkreading.com/endpoint/1000-attacks-sidewinder-apt-sheds-skin www.secnews.physaphae.fr/article.php?IdArticle=4664517 False None APT-C-17 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline APT 43,Uber,APT 36,APT-C-17 None ZD Net - Magazine Info 2021-07-07T12:00:06+00:00 https://www.zdnet.com/article/sidecopy-cybercriminals-use-custom-trojans-in-india-attacks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=3032877 False None APT-C-17 None CISCO Talos - Cisco Research blog ]]> 2021-07-07T05:01:04+00:00 http://feedproxy.google.com/~r/feedburner/Talos/~3/7sPQPB7nf_U/sidecopy.html www.secnews.physaphae.fr/article.php?IdArticle=3032498 False None APT 36,APT-C-17 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Alien Labs has conducted an investigation on the adversary group publicly known as SideWinder in order to historically document its highly active campaigns and identify a more complete picture of targets, motivations, and objectives. Through our investigation, we have uncovered a collection of activity targeting government and business throughout South Asia and East Asia spanning many years. Our findings are primarily focused on activity since 2017, however the group has been reportedly operating since at least 2012. Alien Labs along with other security researchers have assessed with low to medium confidence that the group is operates in support of India political interests based on targets, campaign timelines, technical characteristics of command and control (C2) infrastructure and malware, association with other known India interest APTs, in addition to past cyber threat intelligence reporting and our private telemetry. SideWinder is a highly active adversary primarily making use of email spear phishing, document exploitation, and DLL Side Loading techniques to evade detection and to deliver targeted implants. The adversary activity remains at a consistent rate and AT&T Alien Labs recommends the deployment of detections and retrospective analysis of shared indicators of compromise (IOCs) for past undetected activity. In this report we are providing a timeline of known campaigns and their associated IOCs, in addition to a large number of campaigns/IOCs which have not been previously reported or publicly identified. Full reports and IOCs are available here.       ]]> 2021-01-13T11:00:00+00:00 https://feeds.feedblitz.com/~/641520314/0/alienvault-blogs~A-Global-Perspective-of-the-SideWinder-APT www.secnews.physaphae.fr/article.php?IdArticle=2181207 False Threat APT-C-17 None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2020-12-09T19:53:13+00:00 https://threatpost.com/sidewinder-apt-nepal-afghanistan-spy-campaign/162086/ www.secnews.physaphae.fr/article.php?IdArticle=2087650 False None APT-C-17 None TrendLabs Security - Editeur Antivirus ]]> 2020-12-09T00:00:00+00:00 https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html www.secnews.physaphae.fr/article.php?IdArticle=2148723 False None APT-C-17 None Mandiant - Blog Sécu de Mandiant chinoisL'acteur APT41 Effectuer l'une des campagnes les plus larges d'un acteur de cyber-espionnage chinois que nous avons observé ces dernières années.Entre le 20 janvier et le 11 mars, Fireeye a observé apt41 Exploiter les vulnérabilités dans Citrix NetScaler / ADC , les routeurs Cisco, et Zoho ManageEngine Desktop Central dans plus de 75 clients Fireeye.Les pays que nous avons vus ciblés comprennent l'Australie, le Canada, le Danemark, la Finlande, la France, l'Inde, l'Italie, le Japon, la Malaisie, le Mexique, les Philippines, la Pologne, le Qatar, l'Arabie saoudite, Singapour, la Suède, la Suisse, les Émirats arabes unis, le Royaume-Uni et les États-Unis.Le suivant

---

Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers. Countries we\'ve seen targeted include Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA. The following]]> 2020-03-25T07:00:00+00:00 https://www.mandiant.com/resources/blog/apt41-initiates-global-intrusion-campaign-using-multiple-exploits www.secnews.physaphae.fr/article.php?IdArticle=8377653 False Vulnerability APT 41,APT 41,APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-01-07T08:41:42+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/gXdTFvgA_as/android-zero-day-malware-apps.html www.secnews.physaphae.fr/article.php?IdArticle=1498072 False None APT-C-17 None Dark Reading - Informationweek Branch 2020-01-06T17:20:00+00:00 https://www.darkreading.com/application-security/malicious-google-play-apps-linked-to-sidewinder-apt/d/d-id/1336728?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1497241 False None APT-C-17 None TrendLabs Security - Editeur Antivirus We found three malicious apps in the Google Play store that work together to compromise a victim's device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that uses the use-after-free vulnerability. ]]> 2020-01-06T13:00:34+00:00 http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/eDHziCpWtJs/ www.secnews.physaphae.fr/article.php?IdArticle=1500896 False Vulnerability APT-C-17 None Mandiant - Blog Sécu de Mandiant Double Dragon » Rapport sur notre nouveau groupe de menaces gradué: APT41.Un groupe à double espionnage en Chine-Nexus et un groupe financièrement axé sur les financières, APT41 cible des industries telles que les jeux, les soins de santé, la haute technologie, l'enseignement supérieur, les télécommunications et les services de voyage. Ce billet de blog concerne la porte dérobée passive sophistiquée que nous suivons en tant que Lowkey, mentionnée dans le rapport APT41 et récemment dévoilée au Fireeye Cyber Defense Summit .Nous avons observé le dispositif de ciel utilisé dans des attaques très ciblées, en utilisant des charges utiles qui fonctionnent uniquement sur des systèmes spécifiques.Famille de logiciels malveillants supplémentaires

---

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog post is about the sophisticated passive backdoor we track as LOWKEY, mentioned in the APT41 report and recently unveiled at the FireEye Cyber Defense Summit. We observed LOWKEY being used in highly targeted attacks, utilizing payloads that run only on specific systems. Additional malware family]]> 2019-10-15T09:15:00+00:00 https://www.mandiant.com/resources/blog/lowkey-hunting-missing-volume-serial-id www.secnews.physaphae.fr/article.php?IdArticle=8377676 False Malware,Threat APT 41,APT-C-17 4.0000000000000000 Wired Threat Level - Security News 2018-08-18T13:00:00+00:00 https://www.wired.com/2018/08/geeks-guide-michael-bishop www.secnews.physaphae.fr/article.php?IdArticle=779715 False None APT-C-17 None