This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T21:27:29+00:00 www.secnews.physaphae.fr Mandiant - Blog Sécu de Mandiant Introduction In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks\' Junos OS routers. Mandiant attributed these backdoors to the China-nexus espionage group, UNC3886. Mandiant uncovered several TINYSHELL-based backdoors operating on Juniper Networks\' Junos OS routers. The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging mechanisms on the target device. Mandiant worked with Juniper Networks to investigate this activity and observed that the affected Juniper MX routers were running end-of-life hardware and software. Mandiant recommends that organizations upgrade their Juniper devices to the latest images released by Juniper Networks, which includes mitigations and updated signatures for the Juniper Malware Removal Tool (JMRT). Organizations should run the JMRT Quick Scan and Integrity Check after the upgrade. Mandiant has reported on similar custom malware ecosystems in 2022 and 2023 that UNC3886 deployed on virtualization technologies and network edge devices. This blog post showcases a development in UNC3886\'s tactics, techniques and procedures (TTPs), and their focus on malware and capabilities that enable them to operate on network and edge devices, which typically lack security monitoring and detection solutions, such as endpoint detection and response (EDR) agents.  Mandiant previously reported on UNC3886\'s emphasis on techniques to gather and use legitimate credentials to move laterally within a network, undetected. These objectives remained consistent but were pursued with the introduction of a new tool in 2024. Observations in this blog post strengthen our assessment that the actor\'s focus is on maintaining long-term access to victim networks. UNC3886 continues to show a deep understanding of the underlying technology of the appliances being targeted. At the time of writing, Mandiant has not identified any technical overlaps between activities detailed in this blog post and those publicly reported by other parties as Volt Typhoon or Salt Typhoon.  Attribution UNC3886 is a highly adept China-nexu]]> 2025-03-12T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8655317 False Malware,Tool,Vulnerability,Threat,Patching,Prediction,Cloud,Technical Guam 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-28T11:27:40+00:00 https://community.riskiq.com/article/fa5a55d5 www.secnews.physaphae.fr/article.php?IdArticle=8602805 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction,Medical,Cloud,Technical APT 38,Guam 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-05T13:39:39+00:00 https://community.riskiq.com/article/b4f39b04 www.secnews.physaphae.fr/article.php?IdArticle=8476526 False Malware,Tool,Vulnerability,Threat,Studies,Industrial,Prediction,Technical Guam 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom]]> 2024-01-25T11:00:00+00:00 https://cybersecurity.att.com/blogs/labs-research/the-dark-side-of-2023-cybersecurity-malware-evolution-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=8442915 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Prediction Guam 3.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 41,APT 38,APT 37,APT 37,APT 29,APT 29,APT 28,APT 28,APT 36,APT 36,Guam,Guam,APT-C-17,APT-C-17,GoldenJackal,GoldenJackal,APT-C-36 3.0000000000000000