APT News, Articles and Updates

North Korea blamed for yet another cryptocurrency-focused phishing campaign

In other cryptocurrency news, attackers were discovered exploiting a recently patched Oracle flaw in order to secretly deploy a Monero cryptominer in organizations' WebLogic application servers.

DETER Act aimed at punishing Russia, other nation-states for election interference

The senators that introduced the bill said that election integrity is not a party issue.

Apparent Korean actor 'Group123' linked to six phishing campaigns, including 'Evil New Year' scam

Researchers have attributed six separate phishing campaigns targeting South Koreans in either 2017 or 2018 to a single threat actor called "Group123," including multiple operations designed to infect victims with the remote administration tool ROKRAT.

Mole on Trump team fed FBI info, Steele worried about political influence on FBI, Fusion GPS head says

Defying her GOP counterparts on the Senate Judiciary Committee, Sen. Dianne Feinstein made public the testimony of the CEO of Fusion GPS, the firm that hired former British spy Christopher Steele, author of the controversial Trump dossier.

Papadopoulos drunken revelations to Australian diplomat sparked Trump-Russia probe, report

During a night at London's Kensington Wine Rooms in May 2016, George Papadopoulos told Australian Alexander Downer that Russia had damaging information on Trump opponent Hillary Clinton.

More evidence emerges of North Korea targeting cryptocurrency industry

Several new reports have surfaced detailing North Korean state interest in targeting and attacking cryptocurrency exchanges as a means of enriching itself.

StrongPity2 spyware takes over for FinFisher

The cybergang behind the now defunct FinFisher man -in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 and is now using a several popular websites to conduct watering hole attacks to help install this malware.

Researchers: Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.

Hello, Charming Kitten: Alleged HBO hacker, two others possibly linked to Iranian APT group

Researchers with ClearSky Cyber Security believe with medium-level confidence that they have linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking and extorting HBO.

Chinese nationals affiliated with Boyusec indicted

The trio, Wu Yingzhuo, Dong Hao and Xia Lei, worked together to hack corporations and steal sensitive documents and communications, according to a Justice Department release.

Microsoft issues warning on Dynamic Data Exchange vulnerability

With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.

Sowbug APT uses Felismus backdoor to for cyberespionage operations

A previously unknown cyberespionage group called Sowbug has been found using the Felismus backdoor to spy on several South American and Pacific Rim national governments for the last several years.

Russian hackers altered Clinton campaign email, part of broader initiative

The altered missive came from Campaign Chairman John Podesta's email. Podesta was netted in a phishing campaign.

Justice Dept. has enough evidence to charge Russian officials with DNC hack, report

The department has gathered enough evidence against the unnamed officials and the case could be brought before a U.S. court by early 2018.

NSA worker infected computer provided access to Equation Group surveillance code, Kaspersky says

An internal review showed that Kaspersky detected Win32.Mokes.hvl malware in the file on a computer used by an NSA worker who had downloaded and installed a pirate copy of Microsoft Office at home.

APT28 joins BlackOasis in exploiting latest Adobe Flash vulnerability

APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

FBI's Wray says nat'l security, crime all have cybersecurity element

Wray said the FBI is increasing its efforts to intertwine intelligence and operations, asking Congress to renew Section 702 of the Foreign Intelligence Surveillance Act (FISA) without a sunset provision.

Report: Congressman seeks pardon for Assange in exchange for docs vindicating Russian hackers

Rep. Dana Rohrabacher (R-Calif.) has reportedly taken steps to broker a deal between the White House and Julian Assange, in which the WikiLeaks founder would turn over materials that he claims exonerates Russia from hacking Democratic officials in exchange for a pardon or some form of clemency.

Turla APT group linked to Gazer backdoor that spies on embassies

A previously undocumented backdoor program used to spy on foreign embassies and consulates appears to be the work of suspected Russian APT group Turla, researchers from ESET have reported.

Judge rules Fancy Bear APT must forfeit malicious domains to Microsoft

A federal district court judge in Virginia has granted Microsoft Corporation permission to seize domains that Russian APT group Fancy Bear has historically used to target the software giant and its users.

Ukrainian malware author is key witness against Russia in DNC hack investigation

A Ukrainian man who authored malware that U.S. intelligence said was used to hack the DNC has become a witness for the FBI after turning himself in early this year, the New York Times has reported.

Lazarus Group tied to new phishing campaign targeting defense industry workers

The Lazarus Group appears to be targeting individuals associated with U.S. defense contractors, including prospective employees, with phishing emails that display fake job listings and companies' internal policies.

Tick threat group linked to multiple malware families

The Tick hacking group known infecting Japanese and South Korean targets with its malicious backdoor "Daserf" has been linked to other campaigns leveraging an eclectic assortment of malware, including two additional backdoors, two remote access trojans and a downloader.

Reports: Feds issue alert after adversary breaches power plant business networks

Since May, foreign hackers have breached computer networks at 12 or more U.S. power plants, including nuclear facilities, prompting the FBI and DHS to issue an urgent amber warning to utility companies, according to reports.

Senators grill intel community on 702 incidental collection

Committee Chairman Sen. Chuck Grassley, R-Iowa, repeatedly asked IC representatives to answer senators' questions regarding the number of Americans incidentally caught up in IC surveillance