APT

Pierluigi Paganini August 02, 2018
Alleged Iran-linked APT group RASPITE targets US electric utilities

According to Dragos firm, the RASPITE cyber-espionage group (aka Leafminer) has been targeting organizations in the United States, Europe, Middle East, and East Asia. Researchers from security firm Dragos reported that a group operating out of Iran tracked as RASPITE has been targeting entities in the United States, Europe, Middle East, and East Asia, industrial cybersecurity firm Dragos warns. The group […]

Pierluigi Paganini July 27, 2018
Leafminer cyber espionage group targets Middle East

Hackers belonging an Iran-linked APT group tracked as ‘Leafminer’ have targeted government and various organizations in the Middle East. An Iran-linked APT group tracked as ‘Leafminer’ has targeted government and businesses in the Middle. According to the experts from Symantec, the Leafminer group has been active at least since early 2017. “Symantec has uncovered the operations of a threat actor named […]

Pierluigi Paganini July 24, 2018
DHS – Russian APT groups are inside US critical infrastructure

The US Government is warning of continuous intrusions in National critical infrastructure and it is blaming the Kremlin for the cyber attacks. According to the US Department of Homeland Security, Russia’s APT groups have already penetrated America’s critical infrastructure, especially power utilities, and are still targeting them. These attacks could have dramatic consequence, an attack against […]

Pierluigi Paganini July 15, 2018
Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Researchers from the Z-Lab at CSE Cybsec analyzed a new collection of malware allegedly part of a new espionage campaign conducted by the APT28 group. It was a long weekend for the researchers from the Z-Lab at CSE Cybsec that completed the analysis a number of payloads being part of a new cyber espionage campaign […]

Pierluigi Paganini July 10, 2018
BlackTech APT using stolen D-Link certificates to spread malware

A cyber-espionage group tracked as BlackTech is abusing code-signing certificates stolen from D-Link for the distribution of their malware. Security experts from ESET discovered that an APT group tracked as BlackTech is using code-signing certificates stolen from Taiwanese-based tech firm D-Link and the security company Changing Information Technology Inc. According to the experts, the cyber espionage group […]

Pierluigi Paganini July 03, 2018
Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign

Iranian APT groups continue to very active, recently Charming Kitten cyber spies attempted to pose as an Israeli cyber-security firm that uncovered previous hacking campaigns. The Iranian Charming Kitten ATP group, aka Newscaster or Newsbeef,  launched spear phishing attacks against people interested in reading reports about it. The Newscaster group made the headlines in 2014 when experts at iSight issued a report describing the […]

Pierluigi Paganini June 27, 2018
Recently discovered RANCOR cyber espionage group behind attacks in South East Asia

Security researchers at Palo Alto Networks have uncovered a new cyber espionage group tracked as RANCOR that has been targeting entities in South East Asia. According to the experts, the RANCOR APT group has been targeting political entities in Singapore, Cambodia, and Thailand, and likely in other countries, using two previously unknown strain of malware. The two […]

Pierluigi Paganini June 26, 2018
Lazarus APT hackers leverages HWP Documents in a recent string of attacks

Security researchers at AlienVault uncovered a series of cyber attacks on cryptocurrency exchanges leveraging weaponized Hangul Word Processor HWP documents (Hangul Word Processor documents). The string of attacks involving the HWP documents has been attributed to the North Korea-linked Lazarus APT group, and includes the hack of the South Korean virtual currency exchange Bithumb. The hackers […]

Pierluigi Paganini June 25, 2018
China Tick APT group targeting air-gapped systems in Asia

Palo Alto Networks experts uncovered a new operation conducted by the cyber espionage group known as Tick APT that has been targeting a secure USB drive built by a South Korean defense company.  The Tick APT group has been active for at least a decade, tracked also as Bronze Butler, it was first spotted in 2016 by […]

Pierluigi Paganini June 23, 2018
According to the experts, North Korea is behind the SWIFT attacks in Latin America

SWIFT hackers continue to target banks worldwide, the last string of attacks hit financial institutions across Latin America. According to three people with knowledge of the matter cited by Cyberscoop the attacks were carried by North Korea-linked APT groups that targeted also other banks Recent attacks hit Mexico’s Bancomext and Chile’s Bank of Chile, in both cases the attackers used a […]