APT

Pierluigi Paganini December 07, 2019
Russia-linked Gamaredon group targets Ukraine officials

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon attacks against Ukraine don’t seem to have stopped. In June malware researchers from Cybaze-Yoroi spotted a new suspicious […]

Pierluigi Paganini December 05, 2019
The evolutions of APT28 attacks

Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International […]

Pierluigi Paganini December 05, 2019
Iran-Linked APT groups target energy, industrial sectors with ZeroCleare Wiper

Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted […]

Pierluigi Paganini November 29, 2019
Group-IB presents its annual report on global threats to stability in cyberspace

Group-IB, has analyzed key recent changes to the global cyberthreat landscape in the “Hi-Tech Crime Trends 2019/2020” report. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has analyzed key recent changes to the global cyberthreat landscape. According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. The […]

Pierluigi Paganini November 14, 2019
Tracking Iran-linked APT33 group via its own VPN networks

APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers for extremely targeted attacks. APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers involved in extremely targeted malware attacks. The targeted malware campaigns aimed at organizations […]

Pierluigi Paganini November 10, 2019
Security Affairs newsletter Round 239

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Controversial law entered into effect in Russia this week First Cyber Attack ‘Mass Exploiting BlueKeep RDP Flaw Spotted in the Wild New Gafgyt botnet targets Gaming Servers Everis and Spains radio network Cadena SER hit by ransomware Exclusive […]

Pierluigi Paganini November 09, 2019
The Platinum APT group adds the Titanium backdoor to its arsenal

Kaspersky researchers have found a new advanced backdoor used by the Platinum advanced persistent threat (APT) group in attacks in the wild. Security experts at Kaspersky Lab have spotted a new backdoor, tracked as Titanium, that was used by the Platinum APT group in attacks in the wild, the malicious code implements sophisticated evasion techniques. […]

Pierluigi Paganini November 05, 2019
Mysterious DarkUniverse APT remained undetected for 8 years

Kaspersky discovered a previously unknown APT group, tracked as DarkUniverse, by analyzing Shadow Brokers’ “Lost in Translation” data dump. In 2017, a hacker group known as the Shadow Brokers stolen malware and hacking tools from the arsenal of the NSA-Linked Equation Group, then it published online the data dump called “Lost in Translation.” The dump […]

Pierluigi Paganini November 03, 2019
Security Affairs newsletter Round 238

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Experts found 17 apps in the Apple App Store infected […]

Pierluigi Paganini November 01, 2019
CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack […]