Pierluigi Paganini
October 16, 2018
Kaspersky experts published a detailed analysis of the attacks conducted by the Russian-linked cyber espionage group DustSquad. Earlier October, security experts from ESET shared details about the operations of a cyber espionage group tracked as Nomadic Octopus, a threat actor focused on diplomatic entities in Central Asia. The group has been active since at least 2015, ESET researchers presented […]
Pierluigi Paganini
October 11, 2018
A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. According to researchers from Symantec, who first spotted the threat actor, the group has launched attacks on several overseas embassies […]
Pierluigi Paganini
October 10, 2018
A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as […]
Pierluigi Paganini
October 10, 2018
Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector. […]
Pierluigi Paganini
October 08, 2018
Researchers from Kaspersky Lab collected evidence that demonstrates overlaps between the activity of Russian APT groups Turla and Sofacy. In March, during the Kaspersky Security Analyst Summit held in Cancun, Kurt Baumgartner, Kaspersky principal security researcher, revealed the activity associated with Sofacy APT group appears to overlap with campaigns conducted by other cyber espionage groups. Baumgartner […]
Pierluigi Paganini
October 05, 2018
The United States Department of Homeland Security (DHS) is warning of ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs). The DHS issued an alert on ongoing attacks aimed at global managed service providers (MSPs) that are carried out by an advanced APT group. Managed services is the practice of outsourcing on a […]
Pierluigi Paganini
October 04, 2018
Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […]
Pierluigi Paganini
September 06, 2018
The Iran-linked APT group OilRig was recently observed using a new variant of the OopsIE Trojan that implements news evasion capabilities. Experts at Palo Alto Networks observed a new campaign carried out by the Iran-linked APT group OilRig that was leveraging on a new variant of the OopsIE Trojan. The OilRig hacker group is an Iran-linked APT that has been […]
Pierluigi Paganini
September 05, 2018
Researchers at security firm Group-IB have exposed the attacks carried out by the Silence cybercriminal group, providing details on its tactics and tools. Experts at security firm Group-IB have exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group’s activity in more than 25 countries worldwide. Group-IB […]
Pierluigi Paganini
September 05, 2018
Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. The group also knows as Cycldek was first spotted in September 2013, it was mainly targeting entities in Southeast Asia using different malware variants mainly PlugX and […]
