This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T20:18:41+00:00 www.secnews.physaphae.fr Kaspersky - Kaspersky Research blog In this article, we discuss the tools and TTPs used in the SideWinder APT\'s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.]]> 2025-03-10T10:00:36+00:00 https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/ www.secnews.physaphae.fr/article.php?IdArticle=8654837 False Tool APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-21T11:41:26+00:00 https://community.riskiq.com/article/02320e34 www.secnews.physaphae.fr/article.php?IdArticle=8600983 False Ransomware,Malware,Tool,Vulnerability,Threat,Cloud APT 38,APT 37,APT-C-17 2.0000000000000000 Dark Reading - Informationweek Branch The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.]]> 2024-10-16T10:01:41+00:00 https://www.darkreading.com/cyberattacks-data-breaches/sidewinder-wide-geographic-net-attack-spree www.secnews.physaphae.fr/article.php?IdArticle=8598774 False Tool APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-15T19:57:54+00:00 https://community.riskiq.com/article/2473c825 www.secnews.physaphae.fr/article.php?IdArticle=8598344 True Ransomware,Malware,Tool,Vulnerability,Threat APT-C-17 3.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky analyzes SideWinder APT\'s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.]]> 2024-10-15T10:00:54+00:00 https://securelist.com/sidewinder-apt/114089/ www.secnews.physaphae.fr/article.php?IdArticle=8598098 False Tool APT-C-17 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T10:51:17+00:00 https://community.riskiq.com/article/ed438f56 www.secnews.physaphae.fr/article.php?IdArticle=8552050 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile APT33,APT 41,APT 33,APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-30T17:42:47+00:00 https://community.riskiq.com/article/3cb7ee3f www.secnews.physaphae.fr/article.php?IdArticle=8547456 True Ransomware,Malware,Tool,Vulnerability,Threat APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2022-06-02T01:38:51+00:00 https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=4930336 False Malware,Tool,Threat APT-C-17 None Bleeping Computer - Magazine Américain 2022-06-01T09:10:12+00:00 https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/ www.secnews.physaphae.fr/article.php?IdArticle=4919241 False Tool,Threat APT-C-17 None Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence What’s With The Shared VBA Code Between Transparent Tribe And Other Threat Actors? (published: February 9, 2022) A recent discovery has been made that links malicious VBA macro code between multiple groups, namely: Transparent Tribe, Donot Team, SideCopy, Operation Hangover, and SideWinder. These groups operate (or operated) out of South Asia and use a variety of techniques with phishing emails and maldocs to target government and military entities within India and Pakistan. The code is similar enough that it suggests cooperation between APT groups, despite having completely different goals/targets. Analyst Comment: This research shows that APT groups are sharing TTPs to assist each other, regardless of motive or target. Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Phishing - T1566 Tags: Transparent Tribe, Donot, SideWinder, Asia, Military, Government Fake Windows 11 Upgrade Installers Infect You With RedLine Malware (published: February 9, 2022) Due to the recent announcement of Windows 11 upgrade availability, an unknown threat actor has registered a domain to trick users into downloading an installer that contains RedLine malware. The site, "windows-upgraded[.]com", is a direct copy of a legitimate Microsoft upgrade portal. Clicking the 'Upgrade Now' button downloads a 734MB ZIP file which contains an excess of dead code; more than likely this is to increase the filesize for bypassing any antivirus scan. RedLine is a well-known infostealer, capable of taking screenshots, using C2 communications, keylogging and more. Analyst Comment: Any official Windows update or installation files will be downloaded through the operating system directly. If offline updates are necessary, only go through Microsoft sites and subdomains. Never update Windows from a third-party site due to this type of attack. MITRE ATT&CK: [MITRE ATT&CK] Video Capture - T1125 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 Tags: RedLine, Windows 11, Infostealer ]]> 2022-02-15T20:01:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-mobile-malware-is-on-the-rise-apt-groups-are-working-together-ransomware-for-the-individual-and-more www.secnews.physaphae.fr/article.php?IdArticle=4134740 False Ransomware,Malware,Tool,Vulnerability,Threat,Guideline Uber,APT 43,APT 36,APT-C-17 None