APT

Pierluigi Paganini December 07, 2018
Experts at Yoroi – Cybaze Z-Lab analyzed MuddyWater Infection Chain

Malware researchers at Yoroi – Cybaze Z-Lab analyzed the MuddyWater Infection Chain observed in a last wave of cyber attacks. Introduction At the end of November, some Middle East countries have been targeted by a new wave of attacks related to the Iranian APT group known as ‚ÄúMuddyWater‚Äú: their first campaign was observed back in […]

Pierluigi Paganini December 04, 2018
Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Russia-linked cyber-espionage group Sofacy,¬†(aka¬†APT28,¬†Pawn Storm,¬†Fancy Bear,¬†Sednit,¬†Tsar Team,¬†and¬†Strontium) use¬†BREXIT lures in recent attacks. The APT group used Brexit-themed bait documents on the same day the UK Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU). “As the United Kingdom (UK) Prime Minister Theresa May announced the initial BREXIT draft agreement […]

Pierluigi Paganini November 30, 2018
New PowerShell-based Backdoor points to MuddyWater

Security researchers at Trend Micro¬†recently discovered PowerShell-based backdoor that resembles a malware used by¬†MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by¬†MuddyWater APT group. The first MuddyWater campaign was¬†observed¬†in late 2017, then researchers from Palo Alto Networks were investigating a mysterious wave […]

Pierluigi Paganini November 24, 2018
North Korea-linked group Lazarus targets Latin American banks

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus¬†recently targeted banks in Latin America. The North Korea-linked APT group Lazarus¬†recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […]

Pierluigi Paganini November 23, 2018
Exclusive Cybaze ZLab ‚Äď Yoroi – Hunting Cozy Bear, new campaign, old habits

The experts at¬†Cybaze ZLab ‚Äď Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka¬†Cozy Bear) The experts at¬†Cybaze ZLab ‚Äď Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka¬†The Dukes,¬†Cozy Bear, and¬†Cozy Duke). The researchers of Yoroi ZLab, on […]

Pierluigi Paganini November 21, 2018
Sofacy APT group used a new tool in latest attacks, the Cannon

Sofacy¬†APT group (aka¬†APT28,¬†Pawn Storm,¬†Fancy Bear,¬†Sednit,¬†Tsar Team,¬†and¬†Strontium) has a new weapon in its arsenal dubbed¬†Cannon. The Russia-linked APT group¬†delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign¬†in late October and early November, spear-phishing messages used Word […]

Pierluigi Paganini November 20, 2018
Experts analyzed how Iranian OilRIG hackers tested their weaponized documents

Security experts at¬†Palo Alto Networks analyzed the method used by Iran-linked OilRig APT Group to test weaponized docs before use in attacks. Security researchers Palo Alto Networks have analyzed the techniques adopted by¬†Iran-linked APT group¬†OilRig¬†(aka¬†APT34)¬†to test the weaponized documents before use in attacks. The¬†OilRig¬†hacker group¬†is an¬†Iran-linked¬†APT that has been around since¬†at least 2015,¬†since then it¬†targeted¬†mainly […]

Pierluigi Paganini November 19, 2018
Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29

Malware researchers from¬†Cybaze ZLab – Yoroi team have detected a new strain of malware that appears to be associated with a new wave of attacks carries out by Russia linked APT29 group. The researchers of Yoroi ZLab, on 16 November, accessed to a new APT29‚Äôs dangerous malware which seems to be involved in the recent […]

Pierluigi Paganini November 16, 2018
Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze¬†ZLab – Yoroi team. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of […]

Pierluigi Paganini November 15, 2018
Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags¬†to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […]