This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-20T15:15:10+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said. Blind Eagle (aka APT-C-36) is a financially motivated threat actor&]]> 2024-03-14T12:47:00+00:00 https://thehackernews.com/2024/03/ande-loader-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8463656 False Malware,Threat APT-C-36 2.0000000000000000 CyberWarzone - Cyber News [plus ...]

---

Have you caught wind of APT-C-36, the digital shadow lurking across South America? APT-C-36, dubbed Blind Eagle, is not your average cyber adversary. This Advanced [more...]]]> 2023-11-06T11:24:52+00:00 https://cyberwarzone.com/relentless-cyber-espionage-campaign-apt-c-36-plagues-colombia/ www.secnews.physaphae.fr/article.php?IdArticle=8406534 False None APT-C-36 3.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 38,GoldenJackal,GoldenJackal,APT-C-36,APT 29,APT 29,APT 37,APT 37,Guam,Guam,APT 28,APT 28,APT 41,APT 36,APT 36,APT-C-17,APT-C-17 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also]]> 2023-04-19T20:45:00+00:00 https://thehackernews.com/2023/04/blind-eagle-cyber-espionage-group.html www.secnews.physaphae.fr/article.php?IdArticle=8329399 False None APT-C-36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-02-28T16:03:00+00:00 https://thehackernews.com/2023/02/apt-c-36-strikes-again-blind-eagle.html www.secnews.physaphae.fr/article.php?IdArticle=8314119 False Threat APT-C-36 3.0000000000000000 Recorded Future - FLux Recorded Future The advanced persistent threat (APT) group known as Blind Eagle or APT-C-36 continues to phish with official-looking PDFs, researchers say]]> 2023-02-27T20:04:31+00:00 https://therecord.media/blind-eagle-apt-c-36-colombia-ecuador/ www.secnews.physaphae.fr/article.php?IdArticle=8313819 False Threat APT-C-36 3.0000000000000000 Anomali - Firm Blog Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence OPWNAI : Cybercriminals Starting to Use ChatGPT (published: January 6, 2023) Check Point researchers have detected multiple underground forum threads outlining experimenting with and abusing ChatGPT (Generative Pre-trained Transformer), the revolutionary artificial intelligence (AI) chatbot tool capable of generating creative responses in a conversational manner. Several actors have built schemes to produce AI outputs (graphic art, books) and sell them as their own. Other actors experiment with instructions to write an AI-generated malicious code while avoiding ChatGPT guardrails that should prevent such abuse. Two actors shared samples allegedly created using ChatGPT: a basic Python-based stealer, a Java downloader that stealthily runs payloads using PowerShell, and a cryptographic tool. Analyst Comment: ChatGPT and similar tools can be of great help to humans creating art, writing texts, and programming. At the same time, it can be a dangerous tool enabling even low-skill threat actors to create convincing social-engineering lures and even new malware. MITRE ATT&CK: [MITRE ATT&CK] T1566 - Phishing | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | [MITRE ATT&CK] T1560 - Archive Collected Data | [MITRE ATT&CK] T1005: Data from Local System Tags: ChatGPT, Artificial intelligence, OpenAI, Phishing, Programming, Fraud, Chatbot, Python, Java, Cryptography, FTP Turla: A Galaxy of Opportunity (published: January 5, 2023) Russia-sponsored group Turla re-registered expired domains for old Andromeda malware to select a Ukrainian target from the existing victims. Andromeda sample, known from 2013, infected the Ukrainian organization in December 2021 via user-activated LNK file on an infected USB drive. Turla re-registered the Andromeda C2 domain in January 2022, profiled and selected a single victim, and pushed its payloads in September 2022. First, the Kopiluwak profiling tool was downloaded for system reconnaissance, two days later, the Quietcanary backdoor was deployed to find and exfiltrate files created in 2021-2022. Analyst Comment: Advanced groups are often utilizing commodity malware to blend their traffic with less sophisticated threats. Turla’s tactic of re-registering old but active C2 domains gives the group a way-in to the pool of existing targets. Organizations should be vigilant to all kinds of existing infections and clean them up, even if assessed as “less dangerous.” All known network and host-based indicators and hunting rules associated]]> 2023-01-10T16:30:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-turla-re-registered-andromeda-domains-spynote-is-more-popular-after-the-source-code-publication-typosquatted-site-used-to-leak-companys-data www.secnews.physaphae.fr/article.php?IdArticle=8299602 False Ransomware,Malware,Tool,Threat ChatGPT,APT-C-36 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 9th January, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Check Point Research has published a report on APT-C-36, also known as Blind Eagle – a financially motivated threat group attacking citizens of various countries in South America since at least 2018. CPR […] ]]> 2023-01-09T20:57:31+00:00 https://research.checkpoint.com/2023/9th-january-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8300120 False Threat APT-C-36 3.0000000000000000 SC Magazine - Magazine 2023-01-08T16:31:17+00:00 https://www.scmagazine.com/brief/cybercrime/new-tools-infection-chain-part-of-blind-eagle-comeback www.secnews.physaphae.fr/article.php?IdArticle=8299040 False Threat APT-C-36 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2023-01-06T17:00:00+00:00 https://www.infosecurity-magazine.com/news/blind-eagle-targets-south-america/ www.secnews.physaphae.fr/article.php?IdArticle=8298576 False None APT-C-36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-01-05T20:25:00+00:00 https://thehackernews.com/2023/01/blind-eagle-hackers-return-with-refined.html www.secnews.physaphae.fr/article.php?IdArticle=8298207 False Threat APT-C-36 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Blind Eagle, is a financially motivated threat group that has been launching indiscriminate attacks against citizens of various countries in South America since at least 2018. In a recent campaign targeting Ecuador based organizations, CPR detected a new infection chain that involves a more advanced toolset. ]]> 2023-01-05T09:12:26+00:00 https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8300122 False Threat APT-C-36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2021-09-20T04:00:58+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/0xlymO1MaG4/a-new-wave-of-malware-attack-targeting.html www.secnews.physaphae.fr/article.php?IdArticle=3399349 False Spam,Malware,Threat APT-C-36 None