APT News, Articles and Updates

Microsoft issues warning on Dynamic Data Exchange vulnerability

With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.

Sowbug APT uses Felismus backdoor to for cyberespionage operations

A previously unknown cyberespionage group called Sowbug has been found using the Felismus backdoor to spy on several South American and Pacific Rim national governments for the last several years.

Russian hackers altered Clinton campaign email, part of broader initiative

The altered missive came from Campaign Chairman John Podesta's email. Podesta was netted in a phishing campaign.

Justice Dept. has enough evidence to charge Russian officials with DNC hack, report

The department has gathered enough evidence against the unnamed officials and the case could be brought before a U.S. court by early 2018.

NSA worker infected computer provided access to Equation Group surveillance code, Kaspersky says

An internal review showed that Kaspersky detected Win32.Mokes.hvl malware in the file on a computer used by an NSA worker who had downloaded and installed a pirate copy of Microsoft Office at home.

APT28 joins BlackOasis in exploiting latest Adobe Flash vulnerability

APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

FBI's Wray says nat'l security, crime all have cybersecurity element

Wray said the FBI is increasing its efforts to intertwine intelligence and operations, asking Congress to renew Section 702 of the Foreign Intelligence Surveillance Act (FISA) without a sunset provision.

Report: Congressman seeks pardon for Assange in exchange for docs vindicating Russian hackers

Rep. Dana Rohrabacher (R-Calif.) has reportedly taken steps to broker a deal between the White House and Julian Assange, in which the WikiLeaks founder would turn over materials that he claims exonerates Russia from hacking Democratic officials in exchange for a pardon or some form of clemency.

Turla APT group linked to Gazer backdoor that spies on embassies

A previously undocumented backdoor program used to spy on foreign embassies and consulates appears to be the work of suspected Russian APT group Turla, researchers from ESET have reported.

Judge rules Fancy Bear APT must forfeit malicious domains to Microsoft

A federal district court judge in Virginia has granted Microsoft Corporation permission to seize domains that Russian APT group Fancy Bear has historically used to target the software giant and its users.

Ukrainian malware author is key witness against Russia in DNC hack investigation

A Ukrainian man who authored malware that U.S. intelligence said was used to hack the DNC has become a witness for the FBI after turning himself in early this year, the New York Times has reported.

Lazarus Group tied to new phishing campaign targeting defense industry workers

The Lazarus Group appears to be targeting individuals associated with U.S. defense contractors, including prospective employees, with phishing emails that display fake job listings and companies' internal policies.

Tick threat group linked to multiple malware families

The Tick hacking group known infecting Japanese and South Korean targets with its malicious backdoor "Daserf" has been linked to other campaigns leveraging an eclectic assortment of malware, including two additional backdoors, two remote access trojans and a downloader.

Reports: Feds issue alert after adversary breaches power plant business networks

Since May, foreign hackers have breached computer networks at 12 or more U.S. power plants, including nuclear facilities, prompting the FBI and DHS to issue an urgent amber warning to utility companies, according to reports.

Senators grill intel community on 702 incidental collection

Committee Chairman Sen. Chuck Grassley, R-Iowa, repeatedly asked IC representatives to answer senators' questions regarding the number of Americans incidentally caught up in IC surveillance

WikiLeaks: CIA's Brutal Kangaroo toolset lets malware hop onto closed networks

WikiLeaks dumped more leaked CIA documents, publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.

DHS and FBI dish out details on North Korea's APT group Hidden Cobra

The DHS and FBI on Tuesday jointly released a technical alert detailing IP addresses, infrastructure and tools used by Hidden Cobra, a North Korean advanced persistent threat group better known as the Lazarus Group.

Fake news allegedly planted by Russian hackers helped trigger Qatar crisis

A controversial report seemingly published last month by Qatar's state news agency may be fake news planted by Russian hackers who allegedly broke into the agency's systems, according to an exclusive CNN report, citing U.S. officials.

Experts surprised by extent of Russian election meddling, demand voting security for 2018

The leak of a classified NSA document confirming that Russia interfered with the 2016 U.S. presidential race has reinforced the need to fix vulnerabilities in America's voting infrastructure before the next election cycle.

Putin says 'patriotic hackers,' may have interfered in U.S. election

"Patriotic hackers," akin to "artists," may have come to the defense of Russia, President Vladmir Putin said at the St. Petersburg Economic Forum.

Shadow Brokers post details of 'monthly dump service'

Those who pay in Zcash and provide "a 'delivery email address' in the 'encrypted memo field'" will receive a confirmation email and then a mass email between July 1-17 with a link and password for the June dump.

Florida GOP blogger received DCCC docs from Guccifer 2.0

Aaron Nevins sent a message to the hacker, believed to be a front for the Russian APT groups that hacked Democratic interests, including the Democratic National Committee (DNC), asking for information of interest in Florida.

Revised 'Hack Back' bill encourages 'active-defense' techniques, sets parameters

The bill would give cyberattack victims the go-ahead to retaliate against their attackers within certain parameters.

Goddess of cyberwar: Athena CIA tool subject of latest WikiLeaks Vault 7 dump

WikiLeaks on Friday published materials related to a malware implant called Athena, which enables remote beacon and loader capabilities on targeted computers running on Microsoft Windows versions XP through 10.

WannaCry code prompts North Korean APT theories, but attribution remains iffy

Analysis of the WanaCrypt0r 2.0 ransomware that bedeviled enterprise across the globe this past weekend has reportedly turned up potential links to the alleged North Korean hacking institution known as the Lazarus Group.