APT Archives - Page 84 of 115

Pierluigi Paganini May 21, 2019

MuddyWater BlackWater campaign used new anti-detection techniques

A recent MuddyWater campaign tracked as BlackWater shows that the APT group added new anti-detection techniques to its arsenal. Security experts at Cisco Talos attributed the recently spotted campaign tracked as “BlackWater” to the MuddyWater APT group (aka SeedWorm and TEMP.Zagros). The researchers also pointed out that the cyber espionage group has been updating its tactics, techniques, […]

Pierluigi Paganini May 20, 2019

Chronicle experts spotted a Linux variant of the Winnti backdoor

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti. […]

Pierluigi Paganini May 14, 2019

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37, Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. ScarCruft has been active since at least 2012, it made the headlines in early February […]

Pierluigi Paganini May 10, 2019

DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH

The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […]

Pierluigi Paganini May 07, 2019

LightNeuron, a Turla’s backdoor used to compromise exchange mail servers

Russia-linked APT group Turla has been using a sophisticated backdoor, dubbed LightNeuron, to hijack Microsoft Exchange mail servers. Russia-linked APT group Turla has been using a sophisticated backdoor, dubbed LightNeuron, to hijack Microsoft Exchange mail servers. Turla group (also known as Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting government […]

Pierluigi Paganini May 02, 2019

APT34: Glimpse project

The APT34 Glimpse project is maybe the most complete APT34 project known so far, the popular researcher Marco Ramilli analyzed it for us. Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. This last feature is the most […]

Pierluigi Paganini April 29, 2019

Amnesty International Hong Kong Office hit by state-sponsored attack

The Hong Kong office of Amnesty International has been hit by a long-running cyberattack carried out by China-linked hackers. Amnesty International’s Hong Kong office has been hit with a cyberattack launched by China-linked hackers. “This sophisticated cyber-attack underscores the dangers posed by state-sponsored hacking and the need to be ever vigilant to the risk of […]

Pierluigi Paganini April 24, 2019

The Russian Shadow in Eastern Europe: Gamaredon ‘s Ukrainian MOD Campaign

Security researchers at Yoroi-Cybaze ZLab uncovered a new campaign carried out by the Russian state-actor dubbed Gamaredon. Introduction Few days after the publication of our technical article related to the evidence of possible APT28 interference in the Ukrainian elections, we spotted another signal of a sneakier on-going operation. This campaign, instead, seems to be linked […]

Pierluigi Paganini April 24, 2019

OilRig APT uses Karkoff malware along with DNSpionage in recent attacks

Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns.Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. The OilRig APT group, the threat actor behind the DNSpionage malware campaign, is carrying out a new sophisticated and targeted operation that infects victims […]

Pierluigi Paganini April 24, 2019

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Experts at Kaspersky Lab linked the recent supply-chain attack targeted ASUS users to the “ShadowPad” threat actor and the CCleaner incident. Security researchers at Kaspersky Lab linked the recent supply-chain attack that hit ASUS users (tracked as Operation ShadowHammer) to the “ShadowPad” threat actor. Experts also linked the incident to the supply chain attack that […]

APT

MuddyWater BlackWater campaign used new anti-detection techniques

Chronicle experts spotted a Linux variant of the Winnti backdoor

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH

LightNeuron, a Turla’s backdoor used to compromise exchange mail servers

APT34: Glimpse project

Amnesty International Hong Kong Office hit by state-sponsored attack

The Russian Shadow in Eastern Europe: Gamaredon ‘s Ukrainian MOD Campaign

OilRig APT uses Karkoff malware along with DNSpionage in recent attacks

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google confirms Salesforce CRM breach, faces extortion threat

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

Embargo Ransomware nets $34.2M in crypto since April 2024

Germany limits police spyware use to serious crimes

QUICK LINKS

APT

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!