apt

French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers are hijacking home routers to set up a […]

The post France ANSSI agency warns of APT31 campaign against French organizations appeared first on Security Affairs.

Read More France ANSSI agency warns of APT31 campaign against French organizations

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […]

The post US DoJ indicts four members of China-linked APT40 cyberespionage group appeared first on Security Affairs.

Read More US DoJ indicts four members of China-linked APT40 cyberespionage group

Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. The four security flaws were discovered earlier this year and affect Google Chrome, Internet Explorer, and WebKit browser […]

The post Google: four zero-day flaws have been exploited in the wild appeared first on Security Affairs.

Read More Google: four zero-day flaws have been exploited in the wild

Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322. Microsoft said that the recent attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322. This week SolarWinds addressed a zero-day remote code execution flaw (CVE-2021-35211) in Serv-U products which […]

The post China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks appeared first on Security Affairs.

Read More China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks

Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322. Microsoft said that the recent attacks against SolarWinds file transfer servers were carried out by a Chinese hacking group tracked as DEV-0322. This week SolarWinds addressed a zero-day remote code execution flaw (CVE-2021-35211) in Serv-U products which […]

The post China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks appeared first on Security Affairs.

Read More China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks

WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems. The WildPressure was spotted for the first time […]

The post WildPressure APT expands operations targeting the macOS platform appeared first on Security Affairs.

Read More WildPressure APT expands operations targeting the macOS platform

On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]

Read More Babuk Ransomware: The Builder

US and UK cybersecurity agencies said the Russia-linked APT28 group is behind a series of large-scale brute-force attacks.US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. US […]

The post UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT appeared first on Security Affairs.

Read More UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations. Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29, have conducted news cyber attacks against other organizations. Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts. […]

The post Microsoft: Russia-linked SolarWinds hackers breached three new entities appeared first on Security Affairs.

Read More Microsoft: Russia-linked SolarWinds hackers breached three new entities

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. The attribution of the attack to the APT31 grouo is based […]

The post Norway blames China-linked APT31 for 2018 government hack appeared first on Security Affairs.

Read More Norway blames China-linked APT31 for 2018 government hack

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. APWG: Phishing maintained near-record levels in the first quarter of 2021 BackdoorDiplomacy APT targets diplomats from Africa and […]

The post Security Affairs newsletter Round 319 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 319

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI). The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea […]

The post North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI appeared first on Security Affairs.

Read More North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010. Experts from Recorded Future’s Insikt Group linked a series of attacks, part of RedFoxtrot China-linked campaigns, to the PLA China-linked Unit 69010 The cyber-espionage campaigns dated back 2014 and focused on gathering military intelligence […]

The post RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec appeared first on Security Affairs.

Read More RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

TA402 APT group (aka Molerats and GazaHackerTeam) is back after two-month of silence and is targeting governments in the Middle East. The TA402 APT group (aka Molerats and Gaza Cybergang) is back after a two-month of apparent inactivity, it is targeting government institutions in the Middle East and global government entities with interest in the region. MoleRATs is […]

The post The return of TA402 Molerats APT after a short pause appeared first on Security Affairs.

Read More The return of TA402 Molerats APT after a short pause

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious Kitten, used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on […]

The post Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran appeared first on Security Affairs.

Read More Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

ESET researchers discovered an advanced persistent threat (APT) group, tracked as BackdoorDiplomacy, that is targeting diplomats across Africa and the Middle East.  ESET researchers spotted a new state-sponsored group, dubbed BackdoorDiplomacy, that was behind a series of cyberattacks against Ministries of Foreign Affairs aimed at numerous African countries, the Middle East, Europe, and Asia. The group […]

The post BackdoorDiplomacy APT targets diplomats from Africa and the Middle East appeared first on Security Affairs.

Read More BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […]

The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs.

Read More Russia-linked APT29 group changes TTPs following April advisories

Before getting in the following Blog Post I would suggest you to read the “Part 1” of MuddyWater Binder Project which is available HERE, where you might contestualize the Code Highlights. Source Code Highlights Now it’s time to get into more core pieces of code. Let’s start with the file ConnectionHandler.cswhich is implementing the logic […]

Read More MuddyWater: Binder Project (Part 2)

Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future’s Insikt Group have discovered six procurement documents from official People’s Liberation Army (PLA) military websites and other sources that demonstrate that PLA Unit 61419 has sought to purchase antivirus solutions from […]

The post Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage appeared first on Security Affairs.

Read More Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage

Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers from Flashpoint have uncovered a state-sponsored ransomware campaign conducted by Iran’s Islamic Revolutionary Guard Corps (IRGC) through an Iranian contracting company called “Emen Net Pasargard” (ENP) (aka “Imannet Pasargad,” “Iliant Gostar Iranian,” “Eeleyanet Gostar Iraniyan”). […]

The post Project Signal: a second Iranian State-Sponsored Ransomware Operation appeared first on Security Affairs.

Read More Project Signal: a second Iranian State-Sponsored Ransomware Operation

China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers reported that a China-linked APT group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. The state-sponsored hackers […]

The post China-linked APT uses a new backdoor in attacks at Russian defense contractor appeared first on Security Affairs.

Read More China-linked APT uses a new backdoor in attacks at Russian defense contractor

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection […]

The post Purple Lambert, a new malware of CIA-linked Lambert APT group appeared first on Security Affairs.

Read More Purple Lambert, a new malware of CIA-linked Lambert APT group

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region.  Organizations targeted by the […]

The post Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs appeared first on Security Affairs.

Read More Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […]

The post China-linked TA413 group target Tibetan organizations appeared first on Security Affairs.

Read More China-linked TA413 group target Tibetan organizations

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

Read More North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Ukraine ‘s government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine ‘s government blames a Russia-linked APT group for an attack on a government document management system, the System of Electronic Interaction of Executive Bodies (SEI EB). According to Ukrainian officials, the hackers aimed at disseminating malicious […]

The post Ukraine: nation-state hackers hit government document management system appeared first on Security Affairs.

Read More Ukraine: nation-state hackers hit government document management system

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

The post FIN11 cybercrime group is behind recent wave of attacks on FTA servers appeared first on Security Affairs.

Read More FIN11 cybercrime group is behind recent wave of attacks on FTA servers

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years […]

The post NSA Equation Group tool was used by Chinese hackers years before it was leaked online appeared first on Security Affairs.

Read More NSA Equation Group tool was used by Chinese hackers years before it was leaked online

The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […]

The post US DoJ charges three members of the North Korea-linked Lazarus APT group appeared first on Security Affairs.

Read More US DoJ charges three members of the North Korea-linked Lazarus APT group

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates […]

The post Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software appeared first on Security Affairs.

Read More Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

The post Hackers abusing the Ngrok platform phishing attacks appeared first on Security Affairs.

Read More Hackers abusing the Ngrok platform phishing attacks

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back […]

The post France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers appeared first on Security Affairs.

Read More France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of […]

The post The malicious code in SolarWinds attack was the work of 1,000+ developers appeared first on Security Affairs.

Read More The malicious code in SolarWinds attack was the work of 1,000+ developers

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius. Confucius is a pro-India APT group that has been active since […]

The post Experts spotted two Android spyware used by Indian APT Confucius appeared first on Security Affairs.

Read More Experts spotted two Android spyware used by Indian APT Confucius

Advanced and Persistent Threats are often inoculated by emails or by exploiting exposed vulnerabilities. Since vulnerability exploitation follows specific waves, it depends on vulnerability trends, the email vector become one of the most (ab)used and stable way to inoculate Malicious and unwanted software. A common way to attack victims is to make her open an […]

Read More Tracking PhishingKits for Hunting APT Evolution