APT News, Articles and Updates

Tick threat group linked to multiple malware families

The Tick hacking group known infecting Japanese and South Korean targets with its malicious backdoor "Daserf" has been linked to other campaigns leveraging an eclectic assortment of malware, including two additional backdoors, two remote access trojans and a downloader.

Reports: Feds issue alert after adversary breaches power plant business networks

Since May, foreign hackers have breached computer networks at 12 or more U.S. power plants, including nuclear facilities, prompting the FBI and DHS to issue an urgent amber warning to utility companies, according to reports.

Senators grill intel community on 702 incidental collection

Committee Chairman Sen. Chuck Grassley, R-Iowa, repeatedly asked IC representatives to answer senators' questions regarding the number of Americans incidentally caught up in IC surveillance

WikiLeaks: CIA's Brutal Kangaroo toolset lets malware hop onto closed networks

WikiLeaks dumped more leaked CIA documents, publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.

DHS and FBI dish out details on North Korea's APT group Hidden Cobra

The DHS and FBI on Tuesday jointly released a technical alert detailing IP addresses, infrastructure and tools used by Hidden Cobra, a North Korean advanced persistent threat group better known as the Lazarus Group.

Fake news allegedly planted by Russian hackers helped trigger Qatar crisis

A controversial report seemingly published last month by Qatar's state news agency may be fake news planted by Russian hackers who allegedly broke into the agency's systems, according to an exclusive CNN report, citing U.S. officials.

Experts surprised by extent of Russian election meddling, demand voting security for 2018

The leak of a classified NSA document confirming that Russia interfered with the 2016 U.S. presidential race has reinforced the need to fix vulnerabilities in America's voting infrastructure before the next election cycle.

Putin says 'patriotic hackers,' may have interfered in U.S. election

"Patriotic hackers," akin to "artists," may have come to the defense of Russia, President Vladmir Putin said at the St. Petersburg Economic Forum.

Shadow Brokers post details of 'monthly dump service'

Those who pay in Zcash and provide "a 'delivery email address' in the 'encrypted memo field'" will receive a confirmation email and then a mass email between July 1-17 with a link and password for the June dump.

Florida GOP blogger received DCCC docs from Guccifer 2.0

Aaron Nevins sent a message to the hacker, believed to be a front for the Russian APT groups that hacked Democratic interests, including the Democratic National Committee (DNC), asking for information of interest in Florida.

Revised 'Hack Back' bill encourages 'active-defense' techniques, sets parameters

The bill would give cyberattack victims the go-ahead to retaliate against their attackers within certain parameters.

Goddess of cyberwar: Athena CIA tool subject of latest WikiLeaks Vault 7 dump

WikiLeaks on Friday published materials related to a malware implant called Athena, which enables remote beacon and loader capabilities on targeted computers running on Microsoft Windows versions XP through 10.

WannaCry code prompts North Korean APT theories, but attribution remains iffy

Analysis of the WanaCrypt0r 2.0 ransomware that bedeviled enterprise across the globe this past weekend has reportedly turned up potential links to the alleged North Korean hacking institution known as the Lazarus Group.

WannaCry fallout: is hoarding exploits, delaying fixes ever justified?

With the lethality of WannaCry being blamed on the NSA's EternalBlue exploit, we asked the cyber-security industry about the wisdom of allowing intelligence agencies to stockpile zero days.

OceanLotus APT acting in accordance with Vietnamese interests, researchers report

An APT group whose actions appear to align with Vietnamese state interests has been actively compromising private corporations and targeting foreign governments, dissidents and media since at least 2014, according to researchers at FireEye.

Senate Intel committee grills FBI's McCabe on election hack investigation

A U.S. Senate Intelligence Committee hearing today scheduled to discuss worldwide threats to America was essentially hijacked with the vast majority of questions focusing on whether James Comey's firing by President Trump will negatively impact the FBI's investigation into Russian influence in the 2016 election.

Report: Pentagon removed online ISIS propaganda in secret Operation Glowing Symphony

U.S. cyber forces conducted a secret global operation to remove ISIS propaganda and videos from their host services, including those physically located in allied countries, the Washington Post reported on Tuesday.

Researchers link new backdoor and Mac-based rootkit to Turla spy group

The Turla advanced persistent threat group appears to have recently created both a new multiplatform backdoor malware program called Kazuar, and a MacOS version of its Uroburos espionage rootkit.

Microsoft bug linked to spy campaigns, bank thefts reportedly took 6 months to fix

A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.

SentinelOne: In memory attacks loom large, leave little trace

In-memory attacks are on the rise according to Sentinel One, and being increasingly adopted by cyber-crime authors to evade security software.

Report: Chinese APT compromised trade association's website to keep tabs on members

A Chinese APT is accused of compromising the website of the National Foreign Trade Council in an attempt to spy on the trade association's members.

'Carbon' copies: ESET continues to find new variants of backdoor used by Turla Group

Carbon, a second-stage backdoor used in campaigns executed by the Turla group, continues to be actively updated regularly, according to ESET, which recently observed new variations in the malware's processes, file names and mutexes.