APT

Pierluigi Paganini July 01, 2019
Iran-linked APT33 updates infrastructure following its public disclosure

The Iran-linked cyberespionage group APT33 has updated its infrastructure after the publication of a report detailing its activities. In March, Symantec published a report detailing the activities of Iran-linked cyberespionage group APT33 that was targeting organizations in Saudi Arabia and the United States. The APT33 group has been around since at least 2013, since mid-2016, the […]

Pierluigi Paganini June 28, 2019
Regin spyware involved in attack against the Russian tech giant Yandex

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. The Regin malware has been […]

Pierluigi Paganini June 28, 2019
Cloud Hopper operation hit 8 of the world’s biggest IT service providers

A long-running operation carried out by China-linked hackers, and tracked as Cloud Hopper, has targeted clients of major companies, including IBM, HPE, Tata CS, Fujitsu, and NTT. Hackers broke into the internal networks on major companies, such as HPE and IBM, and stole corporate data and trade secrets. Then the attackers used the stolen information […]

Pierluigi Paganini June 27, 2019
Similarities and differences between MuddyWater and APT34

Security expert Marco Ramilli analyzed similarities and differences between the MuddyWater and APT34 cyberespionage groups. Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. […]

Pierluigi Paganini June 26, 2019
Lake City agreed to pay $500,000 in ransom, is the second case in Florida in a week

A few days ago, Riviera Beach City agreed to pay $600,000 in ransom, now a Lake City, another city in Florida, agreed to do the same after a ransomware attack. A few days ago, Riviera Beach City agreed to pay $600,000 in ransom, now less than a week later, another city in Florida opted to […]

Pierluigi Paganini June 26, 2019
Operation Soft Cell – Multiple telco firms hacked by nation-state actor

Operation Soft Cell – Experts at Cybereason discovered that China-linked hackers have breached numerous telco providers controlling their networks. Researchers at Cybereason uncovered an ongoing long-running espionage campaign, tracked as Operation Soft Cell, that targets telco providers. Tactics, techniques, and procedures, and the type of targets suggest the involvement of a nation-state actor likely linked […]

Pierluigi Paganini June 24, 2019
US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a significant increase in cyberattacks from Iranian hackers spreading data wipers. US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying, credential stuffing, and spear-phishing. The attacks are targeting U.S. industries and government agencies, the statement was also […]

Pierluigi Paganini June 23, 2019
NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report […]

Pierluigi Paganini June 21, 2019
Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Russia-linked Turla cyberspies used a new set of tools in new attacks and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Recent campaigns demonstrate that Turla continues to evolve its arsenal and adopt news […]

Pierluigi Paganini June 11, 2019
MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks. Security experts at Trend Micro report that the MuddyWater APT group (aka SeedWorm and TEMP.Zagros), has used an updated multi-stage PowerShell backdoor in recent cyber espionage campaigns. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called […]