Sofacy APT group (APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) continues to operate and thanks to rapid and continuously changes of tactics the hackers are able to remain under the radar. According to experts from Palo Alto Networks, the hackers also used new tools in recent attacks, recently the APT group has shifted focus in their interest, from NATO member […]
A North Korea-linked APT group, tracked by experts at industrial cybersecurity firm Dragos as Covellite, has stopped targeting US organizations. Anyway, the group, that is believed to be linked to the notorious Lazarus APT group, is continuing to target organizations in Europe and East Asia. The group has been around at least since 2017 and is still active, […]
Experts from security firms GreyNoise Intelligence and JASK believe that the threat actor behind the VPNFilter is now attempting to resume the botnet with a new wave of infections. A week ago security experts and law enforcement bodies reported the existence of a huge Russia-linked botnet tracked as VPNFilter. The botnet infected over 500,000 routers and […]
A North Korea-linked APT group, tracked as Andariel Group, leveraged an ActiveX zero-day vulnerability in targeted attacks against South Korean entities. According to a report published by South Korean cyber-security firm AhnLab, the Andariel Group is a division of the dreaded Lazarus APT Group, it already exploited ActiveX vulnerabilities in past attacks The attackers exploited at […]
The Department of Homeland Security (DHS) and the FBI issued a joint Technical alert on two strain on malware, the Joanap backdoor Trojan and Brambul Server Message Block worm, associated with the HIDDEN COBRA North Korea-linked APT group. The US-CERT alert reads: “Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators […]
Researchers and the FBI are working together to take down the dreaded VPNFilter botnet composed of hundreds of thousands of compromised devices. For several months, there have been rumors and vague warnings about highly skilled adversaries targeting critical infrastructure. Last week we learned some details about the warning, why you might be impacted and how […]
The Justice Department announced an effort to disrupt the VPNFilter botnet of hundreds of thousands of infected home and office (SOHO) routers and other networked devices under the control of a Russia-linked APT group. Yesterday Talos and other security firm revealed the discovery of a huge botnet tracked as VPNFilter composed of more than 500,000 compromised routers and […]
Security firm Talos along with other cybersecurity firms and law enforcement agencies have uncovered a huge botnet dubbed VPNFilter, composed of more than 500,000 compromised routers and network-attached storage (NAS) devices. The experts believe the VPNFilter was developed by Russia and the associated malware appears to be very sophisticated, at the time they discovered more than 500,000 compromised devices across […]
Security experts from ESET observed the Turla APT group leveraging for the first time the Metasploit framework in the Mosquito campaign The Russia-linked Turla APT group continues its cyber espionage campaigns shifting towards more generic tools to remain under the radar. Turla is the name of a Russian cyber espionage APT group (also known as […]
A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store. A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store. The campaign, named RedDawn by security experts at […]