www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T15:39:29+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) Faits saillants hebdomadaires OSINT, 21 octobre 2024<br>Weekly OSINT Highlights, 21 October 2024 2024-10-21T11:41:26+00:00 https://community.riskiq.com/article/02320e34 www.secnews.physaphae.fr/article.php?IdArticle=8600983 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38,APT 37,APT-C-17 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Beyond the Surface: the evolution and expansion of the SideWinder APT group 2024-10-15T19:57:54+00:00 https://community.riskiq.com/article/2473c825 www.secnews.physaphae.fr/article.php?IdArticle=8598344 True Ransomware,Malware,Tool,Vulnerability,Threat APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) Faits saillants hebdomadaires, 5 août 2024<br>Weekly OSINT Highlights, 5 August 2024 2024-08-05T10:51:17+00:00 https://community.riskiq.com/article/ed438f56 www.secnews.physaphae.fr/article.php?IdArticle=8552050 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile APT33,APT 41,APT 33,APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea 2024-07-30T17:42:47+00:00 https://community.riskiq.com/article/3cb7ee3f www.secnews.physaphae.fr/article.php?IdArticle=8547456 True Ransomware,Malware,Tool,Vulnerability,Threat APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan 2022-10-24T11:55:00+00:00 https://thehackernews.com/2022/10/sidewinder-apt-using-new-warhawk.html www.secnews.physaphae.fr/article.php?IdArticle=7662160 False Malware APT-C-17 None Checkpoint - Fabricant Materiel Securite A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets Check Point Research (CPR) reported evidence suggesting that Pakistan Air Force's Headquarters was a victim of a successful attack conducted by Sidewinder, a suspected India-based APT group. During May 2022, several malware samples and two encrypted files, related to the attack were uploaded to Virus Total. After decrypting the encrypted files, CPR saw that one… ]]> 2022-07-13T11:00:06+00:00 https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/ www.secnews.physaphae.fr/article.php?IdArticle=5690250 False Malware APT-C-17 None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities 2022-06-02T01:38:51+00:00 https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=4930336 False Malware,Tool,Threat APT-C-17 None Anomali - Firm Blog Anomali Cyber Watch: Mobile Malware Is On The Rise, APT Groups Are Working Together, Ransomware For The Individual, and More Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 43,APT 36,APT-C-17 None Mandiant - Blog Sécu de Mandiant Lowkey: Chasse pour l'ID de série de volume manquant<br>LOWKEY: Hunting for the Missing Volume Serial ID Double Dragon » Rapport sur notre nouveau groupe de menaces gradué: APT41.Un groupe à double espionnage en Chine-Nexus et un groupe financièrement axé sur les financières, APT41 cible des industries telles que les jeux, les soins de santé, la haute technologie, l'enseignement supérieur, les télécommunications et les services de voyage. Ce billet de blog concerne la porte dérobée passive sophistiquée que nous suivons en tant que Lowkey, mentionnée dans le rapport APT41 et récemment dévoilée au Fireeye Cyber Defense Summit .Nous avons observé le dispositif de ciel utilisé dans des attaques très ciblées, en utilisant des charges utiles qui fonctionnent uniquement sur des systèmes spécifiques.Famille de logiciels malveillants supplémentaires

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog post is about the sophisticated passive backdoor we track as LOWKEY, mentioned in the APT41 report and recently unveiled at the FireEye Cyber Defense Summit. We observed LOWKEY being used in highly targeted attacks, utilizing payloads that run only on specific systems. Additional malware family]]> 2019-10-15T09:15:00+00:00 https://www.mandiant.com/resources/blog/lowkey-hunting-missing-volume-serial-id www.secnews.physaphae.fr/article.php?IdArticle=8377676 False Malware,Threat APT 41,APT-C-17 4.0000000000000000