Cyber warfare

Pierluigi Paganini May 22, 2018
North Korea-linked Sun Team APT group targets deflectors with Android Malware

A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store. A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store. The campaign, named RedDawn by security experts at […]

Pierluigi Paganini May 15, 2018
Dutch Government plans to phase out the use of Kaspersky solutions

Dutch Government plans to phase out the use of Kaspersky solutions while the security firm confirmed that its code infrastructure is going to move to Switzerland. The antivirus firm Kaspersky Lab made the headlines again, the company confirmed that its code infrastructure is going to move to Switzerland. The news arrives just after the comment from the Netherlands […]

Pierluigi Paganini May 11, 2018
Allanite threat actor focused on critical infrastructure is targeting electric utilities and ICS networks

Security experts from the industrial cybersecurity firm Dragos warn of a threat actor tracked as Allanite has been targeting business and industrial control networks at electric utilities in the United States and the United Kingdom. Dragos experts linked the campaigns conducted by the Dragonfly APT group and Dymalloy APT, aka Energetic Bear and Crouching Yeti, to a threat actors they […]

Pierluigi Paganini May 07, 2018
A new report sheds the lights on state-sponsored Chinese APTs under Winnti umbrella

Security experts at 401TRG, the threat research and analysis team at ProtectWise, have discovered links between several Chinese APT groups under the Winnti umbrella. The experts analyzed several campaigns conducted by the cyber espionage groups over the last years and associated their activities with the Chinese Government, in one case the nation-state actor was working from the […]

Pierluigi Paganini May 05, 2018
The Pentagon bans Huawei and ZTE phones from stores on military bases

The Pentagon is ordering retail outlets on US military bases to stop selling Huawei and ZTE products due to unacceptable security risk they pose. Smartphones manufactured by Chinese firms Huawei and ZTE are banned by US Military, the decision was taken by the Pentagon. The Pentagon is ordering retail outlets on US military bases to stop selling […]

Pierluigi Paganini May 03, 2018
Fancy Bear abuses LoJack security software in targeted attacks

Recently, several LoJack agents were found to be connecting to servers that are believed to be controlled by the notorious Russia-linked Fancy Bear APT group. LoJack for laptops is a security software designed to catch computer thieves, but it could be theoretically abused to spy on legitimate owners of the device. LoJack could be used to locate […]

Pierluigi Paganini May 01, 2018
The NATO team is the winner of the cyber defence exercise Locked Shields 2018

The NATO team is the winner of the Cyber Defence Exercise Locked Shields 2018 that took place on April 23-26 in Tallinn, Estonia. The international live-fire cyber defence exercise Locked Shields 2018 took place on April 23-26 in Tallinn, Estonia, and the figures behind this important competition are impressive. A total of 22 Blue Teams participated […]

Pierluigi Paganini April 30, 2018
Op GhostSecret – ThaiCERT seized a server used by North Korea Hidden Cobra APT group in the Sony Picture hack

The Thai authorities with the support of the ThaiCERT and security first McAfee have seized a server used by North Korean Hidden Cobra APT as part of the Op GhostSecret campaign. The Thai authorities with the support of the ThaiCERT have seized a server used by North Korean hackers in the attack against Sony Picture. […]

Pierluigi Paganini April 12, 2018
APT33 devised a code injection technique dubbed Early Bird to evade detection by anti-malware tools

The Iran-linked APT33 group continues to be very active, security researchers at Cyberbit have discovered an Early Bird code injection technique used by the group. The Early Bird method was used to inject the TurnedUp malware into the infected systems evading security solutions. The technique allows injecting a malicious code into a legitimate process, it allows execution […]

Pierluigi Paganini April 08, 2018
Experts spotted a campaign spreading a new Agent Tesla Spyware variant

A new variant of the infamous Agent Tesla spyware was spotted by experts at Fortinet, the malware has been spreading via weaponize Microsoft Word documents. Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system. To do this, the spyware […]