APT

Pierluigi Paganini March 13, 2020
Russia-Linked Turla APT uses new malware in watering hole attacks

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous […]

Pierluigi Paganini March 05, 2020
Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers

China-linked cyber espionage groups increasingly targeted organizations in the telecommunications industry in 2019. According to the CrowdStrike 2020 Global Threat Report, the telecommunications and government sectors were the most targeted by the threat actors. Experts monitored operations carried out by nation-state actors and financially-motivated attackers. Most of the attacks against organizations in the telecom sector […]

Pierluigi Paganini March 04, 2020
CIA Hacking unit APT-C-39 hit China since 2008

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. According to the firm, the US cyber spies are targeting various industry sectors […]

Pierluigi Paganini March 03, 2020
The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four […]

Pierluigi Paganini March 02, 2020
Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group.Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. Introduction In November 2018, researchers from Cisco Talos […]

Pierluigi Paganini February 21, 2020
Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Exclusive: Pakistan and India to armaments. Researchers from Cybaze-Yoroi ZLab gathered intelligence on the return of Operation Transparent Tribe is back 4 years later Introduction The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. […]

Pierluigi Paganini February 19, 2020
DRBControl cyber-espionage group targets gambling, betting companies

The DRBControl APT group has been targeting gambling and betting companies worldwide with malware that links to two China-linked APT groups. Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware. The attackers aimed at stealing databases and source […]

Pierluigi Paganini February 17, 2020
Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Security experts from Yoroy-Cybaze ZLab have conducted a detailed analysis of an implant used by the Gamaredon APT group in a recent campaign. Introduction  Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB (Federal Security Service) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against […]

Pierluigi Paganini February 17, 2020
Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. During the last quarter of 2019, experts from security firm ClearSky uncovered a hacking campaign tracked […]

Pierluigi Paganini February 14, 2020
US Govt agencies detail North Korea-linked HIDDEN COBRA malware

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation. The government experts released new and updated Malware Analysis Reports (MARs) […]