APT Archives - Page 90 of 115

Pierluigi Paganini December 07, 2018

Experts at Yoroi – Cybaze Z-Lab analyzed MuddyWater Infection Chain

Malware researchers at Yoroi – Cybaze Z-Lab analyzed the MuddyWater Infection Chain observed in a last wave of cyber attacks. Introduction At the end of November, some Middle East countries have been targeted by a new wave of attacks related to the Iranian APT group known as “MuddyWater“: their first campaign was observed back in […]

Pierluigi Paganini December 04, 2018

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Russia-linked cyber-espionage group Sofacy, (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) use BREXIT lures in recent attacks. The APT group used Brexit-themed bait documents on the same day the UK Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU). “As the United Kingdom (UK) Prime Minister Theresa May announced the initial BREXIT draft agreement […]

Pierluigi Paganini November 30, 2018

New PowerShell-based Backdoor points to MuddyWater

Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. The first MuddyWater campaign was observed in late 2017, then researchers from Palo Alto Networks were investigating a mysterious wave […]

Pierluigi Paganini November 24, 2018

North Korea-linked group Lazarus targets Latin American banks

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […]

Pierluigi Paganini November 23, 2018

Exclusive Cybaze ZLab – Yoroi – Hunting Cozy Bear, new campaign, old habits

The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka Cozy Bear) The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka The Dukes, Cozy Bear, and Cozy Duke). The researchers of Yoroi ZLab, on […]

Pierluigi Paganini November 21, 2018

Sofacy APT group used a new tool in latest attacks, the Cannon

Sofacy APT group (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign in late October and early November, spear-phishing messages used Word […]

Pierluigi Paganini November 20, 2018

Experts analyzed how Iranian OilRIG hackers tested their weaponized documents

Security experts at Palo Alto Networks analyzed the method used by Iran-linked OilRig APT Group to test weaponized docs before use in attacks. Security researchers Palo Alto Networks have analyzed the techniques adopted by Iran-linked APT group OilRig (aka APT34) to test the weaponized documents before use in attacks. The OilRig hacker group is an Iran-linked APT that has been around since at least 2015, since then it targeted mainly […]

Pierluigi Paganini November 19, 2018

Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29

Malware researchers from Cybaze ZLab – Yoroi team have detected a new strain of malware that appears to be associated with a new wave of attacks carries out by Russia linked APT29 group. The researchers of Yoroi ZLab, on 16 November, accessed to a new APT29’s dangerous malware which seems to be involved in the recent […]

Pierluigi Paganini November 16, 2018

Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze ZLab – Yoroi team. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of […]

Pierluigi Paganini November 15, 2018

Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […]

APT

Experts at Yoroi – Cybaze Z-Lab analyzed MuddyWater Infection Chain

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

New PowerShell-based Backdoor points to MuddyWater

North Korea-linked group Lazarus targets Latin American banks

Exclusive Cybaze ZLab – Yoroi – Hunting Cozy Bear, new campaign, old habits

Sofacy APT group used a new tool in latest attacks, the Cannon

Experts analyzed how Iranian OilRIG hackers tested their weaponized documents

Cybaze ZLab – Yoroi team analyzed malware used in recent attacks on US entities attributed to APT29

Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

Cisco disclosed a CRM data breach via vishing attack

Exposed Without a Breach: The Cost of Data Blindness

SonicWall investigates possible zero-day amid Akira ransomware surge

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

QUICK LINKS

APT

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!