APT Archives - Page 62 of 114

Pierluigi Paganini January 04, 2021

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. This PowerShell script is also used by threat actors to download a legitimate image file from image hosting […]

Pierluigi Paganini December 31, 2020

SolarWinds hackers gained access to Microsoft source code

The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used at least one of them to view source code in a number of source code repositories. […]

Pierluigi Paganini December 25, 2020

North Korea-linked Lazarus APT targets the COVID-19 research

The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […]

Pierluigi Paganini December 21, 2020

SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two […]

Pierluigi Paganini December 17, 2020

FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds supply chain attack. Last week, Russia-linked hackers breached SolarWinds, the attackers had used a trojanized […]

Pierluigi Paganini December 16, 2020

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Microsoft and its partners have seized the primary domain used in the SolarWinds attack to identify the victims through sinkholing. Microsoft partnered with other cybersecurity firms to seize the primary domain used in the SolarWinds attack (avsvmcloud[.]com) in an attempt to identify all victims and prevent other systems from being served malicious software. The domain […]

Pierluigi Paganini December 16, 2020

PyMICROPSIA Windows malware includes checks for Linux and macOS

Experts discovered a new Windows info-stealer, named PyMICROPSIA, linked to AridViper group that is rapidly evolving to target other platforms. Experts from Palo Alto Networks’s Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA, that might be used soon to also target Linux and macOS systems. Experts spotted the PyMICROPSIA info stealer while investigating […]

Pierluigi Paganini December 14, 2020

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products. The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. Nation-state actors, allegedly Russia-linked […]

Pierluigi Paganini December 11, 2020

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. Vietnam-linked APT group APT32, also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on […]

Pierluigi Paganini December 10, 2020

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has […]

APT

New alleged MuddyWater attack downloads a PowerShell script from GitHub

SolarWinds hackers gained access to Microsoft source code

North Korea-linked Lazarus APT targets the COVID-19 research

SUPERNOVA, a backdoor found while investigating SolarWinds hack

FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

PyMICROPSIA Windows malware includes checks for Linux and macOS

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Wing FTP Server flaw actively exploited shortly after technical details were made public

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

McDonald’s job app exposes data of 64 Million applicants

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

QUICK LINKS

APT

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!