APT

Pierluigi Paganini January 08, 2017
Iranian Group OilRig is back and delivers digitally signed malware

ClearSky Security discovered a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The OilRig hacker group is an Iran-linked APT that has been around since at least 2015. Researchers at Palo Alto Networks have been monitoring the group for some time and have reported attacks launched against government agencies, financial institutions and technology companies in Saudi Arabia, Israel, the United Arab Emirates, Lebanon, Kuwait and Qatar, the United States, […]

Pierluigi Paganini January 07, 2017
China-Linked DragonOK APT Group continues updating tools and tactics

The China-linked DragonOK continues updating tools and tactics and targeted entities in various countries, including Russia and Tibet. It was September 2014, when security researchers at FireEye spotted for the first time the cyber espionage activities of a Chinese state-sponsored group dubbed DragonOK. At the time, FireEye discovered two hacking campaigns conducted by distinct groups operating in separate regions […]

Pierluigi Paganini January 07, 2017
President Putin ordered cyber attacks and propaganda to influence US Election

Putin ordered cyber attacks and propaganda to influence Election. Reading the “Assessing Russian Activities and Intentions in Recent US Elections” Report. The US Office of the Director of National Intelligence (ODNI) has released an unclassified version of intel community’s findings on activities conducted by the Russian Government in the attempt to influence the 2016 US Presidential […]

Pierluigi Paganini January 06, 2017
MM Core APT malware is back, Forcepoint has detected 2 new versions

Forcepoint has detected two new versions of an advanced persistent threat (APT) malware dubbed MM Core APT and first discovered in 2013. The APT MM Core malware has been in the wild since April 2013 when it was spotted for the first time by experts at FireEye. The malware researchers dubbed the first release of the […]

Pierluigi Paganini January 05, 2017
FireCrypt comes as a malware building kit and includes DDoS code

Recently experts from MalwareHunterTeam discovered FireCrypt ransomware, a threat that comes as a malware building kit and includes DDoS code. Ransomware has become one of the fastest growing threats, new malware implements sophisticated features to avoid detection and rapidly spread among the greatest number of machines. Recently experts from MalwareHunterTeam discovered a new strain of ransomware dubbed FireCrypt, […]

Pierluigi Paganini December 31, 2016
FBI-DHS JAR report links Russian hackers to Presidential Election hacks

A FBI-DHS JAR report released implicated Russian hacking group APT28 and APT29 in attacks against 2016 Presidential Election. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) published on Thursday a Joint Analysis Report(JAR) that provides information about the tools, infrastructure and TTPs used by the Russian civilian and military intelligence […]

Pierluigi Paganini December 29, 2016
The OSCE organization was victim of a major cyber attack

The Organization for Security and Co-operation in Europe (OSCE) confirmed to have suffered suffer a “major” cyber attack. Hackers targeted the Organisation for Security and Cooperation in Europe (OSCE), the news was confirmed on Wednesday by a spokeswoman for the organization. The OSCE is a security and human rights watchdog, clearly the attack is part of […]

Pierluigi Paganini December 22, 2016
Fancy Bear APT tracked Ukrainian artillery units with an Android implant

The Russian APT group Fancy Bear used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016. The popular hacking group, known as Fancy Bear, APT 28, Pawn Storm, Sednit or Sofacy, is once again in the headlines. Experts from the cyber security firm CrowdStrike reported the alleged Russian nation-state actor used malware implant […]

Pierluigi Paganini December 16, 2016
PROMETHIUM and NEODYMIUM APTs used same Zero-Day to Target Turkish citizens

Microsoft discovered two distinct APT groups, PROMETHIUM and NEODYMIUM, that exploited the same Flash Player zero-day flaw on same targets. Security researchers have discovered two distinct APT groups, PROMETHIUM and NEODYMIUM, that exploited the same Flash Player zero-day vulnerability (CVE-2016-4117) in cyber espionage campaigns on Turkish citizens living in Turkey and various other European countries. Both […]

Pierluigi Paganini December 15, 2016
BlackEnergy hackers, now TeleBots, target Ukrainian banks

The BlackEnergy hacker group that targeted the Ukrainian grid one year ago, now identified as TeleBots, are targeting Ukrainian banks. The BlackEnergy hacker group that targeted the Ukrainian grid one year ago causing a power outage in the country are now targeting Ukrainian banks. The Ukrainian government accused Russia of being involved in the attack, […]