APT News, Articles and Updates

US-CERT issues malware analysis on KEYMARBLE RAT, attributes threat to North Korea

Through its US-CERT division, the U.S. Department of Homeland Security yesterday issued a new analysis report on a remote access trojan called KEYMARBLE that the agency says has been attributed to Hidden Cobra, a suspected North Korean APT actor.

Worst of both words: 'Gorgon' hackers practice both general cybercrime and targeted government attacks

A hacking group apparently based in Pakistan has been straddling the fence between cybercriminal activity and nation-state espionage, leveraging the same malicious infrastructure to both launch email spam campaigns and target government agencies in U.S., UK, Russia and Spain.

Sen. McCaskill reportedly identified as Russian hacking target as mid-term elections approach

Sen. Claire McCaskill, D-Mo., an incumbent facing a tight race in the 2018 U.S. mid-term elections, has affirmed that Russian hackers are attempting to interfere with her reelection campaign, following an independent forensic analysis identifying her as a target.

Trump says Russia's no threat to U.S., after voicing support for IC's assessment of Russia election interference

Trump said he misspoke in remarks made a press conference in Helsinki with Vladimir Putin during which he appeared to accept the Russian president's denial that his government meddled in the U.S. presidential election.

Researchers detect fresh activity in Blackgear cyber espionage campaign

The long-running Blackgear cyber espionage campaign that has largely targeted Taiwanese, Japanese and South Korean targets recently commenced a new operation that abuses legitimate blog and social media sites to establish command-and-control infrastructure.

Researchers: 'Roman Holiday' malware campaign appears to be Russia targeting Italian navy

The Russian threat group Fancy Bear appears to be behind a recent campaign that may have targeted Italy's navy with an updated version of the APT group's XAgent backdoor malware, according to researchers.

Trump says Russia had no reason to interfere in 2016 election

Standing beside Vladimir Putin after a private one-on-one meeting in Helsinki, President Trump said the Russian president denied that his country interfered in the U.S. election process.

Report: Russia may be readying cyberattack against Ukraine

One year after the global NotPetya disk wiper incident that both the U.S. and UK have attributed to Russia, Moscow-backed hackers may be on the verge of launching another large-scale damaging cyberattack against Ukraine, according to a Tuesday Reuters report citing a Ukrainian law enforcement official.

Adobe issues critical patch after Flash zero-day bug actively exploited in Middle East

Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.

RAT campaign targets Koreans with phishing lures featuring U.S.-North Korea summit

A remote access trojan that apparently went undiscovered for at least two years was found targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure.

Hacker with Russian intel ties pleads guilty to gmail hacks

23-year-old Canadian citizen Karim Baratov pleaded guilty to federal conspiracy and identity theft in November.

Patch Tuesday: Microsoft mends RCE bug reportedly exploited by cyber espionage group

Microsoft Corporation's Patch Tuesday release today fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.

Secret no more: North Korea the likely culprit in complex GhostSecret cyber espionage campaign

What began as an aggressive phishing-based malware campaign against Turkish financial institutions earlier this year appears to have since burgeoned into a worldwide cyberspying and data theft operation targeting a wide range of industry sectors with at least two malicious implants.

New Desert Scorpion spyware found in malicious chat app aimed at Palestinians

A malicious chat app that was advertised on Facebook and sold in the Google Play store was discovered to execute a previously undiscovered spyware program linked to APT-C-23, an advanced persistent threat group allegedly with ties to Hamas.

U.K. intel director discloses offensive cyber campaign against ISIS, lambastes Russia

In his first public speech, the U.K.'s GCHQ Director Jeremy Fleming acknowledged that the agency recently coordinated a major cyber offensive operation against ISIS, significantly crippling the terrorist group's ability to recruit and coordinate attacks online.

Justice was overdue: Indicted Iranian hackers phished targets using library account lures

The nine Iranian hackers who were indicted last Friday for allegedly exfiltrating 31 terabytes of research documents and credentials from academics, companies and government agencies phished many of their targets using lures intended to trick them into thinking their library accounts were cancelled.

Top Trump campaign officials urged Papadopoulos to meet with Russians

In an email sent in September 2016 Deputy Communications Director Bryan Lanza told Papadopoulos to do an interview with the news organization, the Washington Post reported.

Kaspersky research on Slingshot APT campaign reportedly exposes U.S. counterterrorism operation

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber espionage campaign targeting the Middle East and Africa disrupted an active counterterrorism operation, according to an article this week by CyberScoop, citing current and former U.S. intelligence officials.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

MuddyWater APT campaign flowing again

The MuddyWater APT campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan.

Slingshot APT campaign exposed after six years of sophisticated spying

A cyber espionage campaign bearing all of the hallmarks of an extremely advanced nation-state actor used malware to spy on international targets for six years before it was finally detected and exposed, Kaspersky Lab reported on Friday.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to at least a select few of the 2.27 million computers that had downloaded the tainted utility program.