APT

Pierluigi Paganini August 31, 2017
APT group leverage Gazer backdoor to spy on embassies and consular operations

Security researchers at ESET have spotted a new cyber espionage campaign targeting embassies and consular operations with new Gazer Backdoor. Security researchers at ESET have spotted a new cyber espionage campaign targeting embassies, consulates, and ministries worldwide. Hackers leverage a new backdoor dubbed Gazer to spy on governments and diplomats. The campaign active at least since 2016 was associated infamous Russian […]

Pierluigi Paganini August 29, 2017
India and Pakistan hit by state-sponsored cyber espionage campaign

The security firm Symantec has discovered another cyber espionage campaign against India and Pakistan which is likely to be state-sponsored. Security experts at Symantec have uncovered a sustained cyber spying campaign against Indian and Pakistani entities involved in regional security issues. The nature of the targets and the threat actors’ techniques suggest it is a […]

Pierluigi Paganini August 28, 2017
Popular Sarahah App secretly uploads your phone contacts to the company’s servers

According to a report published by The Intercept, the popular Sarahah app silently uploads users’ phone contacts to the company’s servers. This summer, Sarahah became one of the most popular iPhone apps in the world for both iOS and Android. Sarahah has been created by Saudi Arabian developer Zain al-Abidin Tawfiq, it implements a social network […]

Pierluigi Paganini August 28, 2017
Chinese APT17 group leverages fake Game of Thrones leaks as lures

Researchers at Proofpoint spotted a cyber espionage campaign leveraging recent Game of Thrones episode leaks and attribute it to Chinese APT17 group. Security researchers at Proofpoint have uncovered a cyber espionage campaign leveraging recent Game of Thrones episode leaks to trick victims into opening malicious documents sent via email. Experts have observed during the past week, the […]

Pierluigi Paganini August 24, 2017
Fancy Bears release data on soccer players’ TUE drug use and doping cases

Russia-linked hackers Fancy Bears claimed that around 160 football players failed drug tests in 2015, and 25 2010 World Cup players used doping medicines. A self-styled hacker group that calls itself Fancy Bears has set up the website fancybear.net to leak emails and medical records related to football players who used doping substances under a campaign dubbed OpOlympics. The group […]

Pierluigi Paganini August 19, 2017
Turla APT group adapts KopiLuwak backdoor for use in G20-themed attack

Security experts at Proofpoint have collected evidence that suggests that the Turla APT group is conducting a new espionage campaign. The experts discovered a newly dropper for the KopiLuwak backdoor, KopiLuwak is a JavaScript malware that was spotted early this year while the APT was delivering it to at least one victim leveraging a document containing an official letter from […]

Pierluigi Paganini August 14, 2017
North Korea-Linked Lazarus APT targets U.S. Defense contractors

The North Korea-linked Lazarus APT group as Lazarus is believed to be behind attacks targeting United States defense contractors. According to Palo Alto Networks, the North Korea-linked Lazarus APT group as Lazarus is believed to be behind attacks targeting United States defense contractors. The activity of the Lazarus APT Group surged in 2014 and 2015, […]

Pierluigi Paganini August 11, 2017
APT28 hackers are leveraging NSA Hacking tool to spy on Hotels guests

According to FireEye, the notorious Russia-linked APT28 group is behind an ongoing campaign targeting hotels in several European countries. According to FireEye, the notorious Russia-linked APT28 group (Pawn Storm, Fancy Bear, Sofacy, Sednit and Strontium) is behind an ongoing campaign targeting hotels in several European countries. The researchers observed many attacks targeting the networks of hotels […]

Pierluigi Paganini August 10, 2017
Experts found a link between the KONNI attacks and DarkHotel campaigns against NK

Experts at Cylance noticed that the decoy document used in KONNI attacks is similar to the one used in recent campaigns of the DarkHotel APT. In May, Cisco Talos team discovered a RAT dubbed KONNI malware that targets organizations linked to North Korea. The malware, dubbed by researchers “KONNI,” was undetected for more than 3 years and was used […]

Pierluigi Paganini August 08, 2017
Irish electricity transmission system operator EirGrid targeted by a nation-state actor

The Irish electricity transmission system operator EirGrid was targeted by a state-sponsored actor, the hackers weren’t discovered at least for two months. The Irish electricity transmission system operator EirGrid was targeted by a state-sponsored attack. EirGrid is the state-owned company that operates the electricity transmission grid across the Ireland, it also supplies the distribution network […]