APT News, Articles and Updates

U.K. intel director discloses offensive cyber campaign against ISIS, lambastes Russia

In his first public speech, the U.K.'s GCHQ Director Jeremy Fleming acknowledged that the agency recently coordinated a major cyber offensive operation against ISIS, significantly crippling the terrorist group's ability to recruit and coordinate attacks online.

Justice was overdue: Indicted Iranian hackers phished targets using library account lures

The nine Iranian hackers who were indicted last Friday for allegedly exfiltrating 31 terabytes of research documents and credentials from academics, companies and government agencies phished many of their targets using lures intended to trick them into thinking their library accounts were cancelled.

Top Trump campaign officials urged Papadopoulos to meet with Russians

In an email sent in September 2016 Deputy Communications Director Bryan Lanza told Papadopoulos to do an interview with the news organization, the Washington Post reported.

Kaspersky research on Slingshot APT campaign reportedly exposes U.S. counterterrorism operation

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber espionage campaign targeting the Middle East and Africa disrupted an active counterterrorism operation, according to an article this week by CyberScoop, citing current and former U.S. intelligence officials.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

MuddyWater APT campaign flowing again

The MuddyWater APT campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan.

Slingshot APT campaign exposed after six years of sophisticated spying

A cyber espionage campaign bearing all of the hallmarks of an extremely advanced nation-state actor used malware to spy on international targets for six years before it was finally detected and exposed, Kaspersky Lab reported on Friday.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to at least a select few of the 2.27 million computers that had downloaded the tainted utility program.

NSA chief hasn't been give the authority to battle Russian interference

Rogers told lawmakers that Russia has not been deterred from interfering in part because they haven't felt the consequences of their past actions.

North Korea's APT37 hacking group expands its reach and ups its game, warns researchers

Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.

North Korea blamed for yet another cryptocurrency-focused phishing campaign

In other cryptocurrency news, attackers were discovered exploiting a recently patched Oracle flaw in order to secretly deploy a Monero cryptominer in organizations' WebLogic application servers.

DETER Act aimed at punishing Russia, other nation-states for election interference

The senators that introduced the bill said that election integrity is not a party issue.

Apparent Korean actor 'Group123' linked to six phishing campaigns, including 'Evil New Year' scam

Researchers have attributed six separate phishing campaigns targeting South Koreans in either 2017 or 2018 to a single threat actor called "Group123," including multiple operations designed to infect victims with the remote administration tool ROKRAT.

Mole on Trump team fed FBI info, Steele worried about political influence on FBI, Fusion GPS head says

Defying her GOP counterparts on the Senate Judiciary Committee, Sen. Dianne Feinstein made public the testimony of the CEO of Fusion GPS, the firm that hired former British spy Christopher Steele, author of the controversial Trump dossier.

Papadopoulos drunken revelations to Australian diplomat sparked Trump-Russia probe, report

During a night at London's Kensington Wine Rooms in May 2016, George Papadopoulos told Australian Alexander Downer that Russia had damaging information on Trump opponent Hillary Clinton.

More evidence emerges of North Korea targeting cryptocurrency industry

Several new reports have surfaced detailing North Korean state interest in targeting and attacking cryptocurrency exchanges as a means of enriching itself.

StrongPity2 spyware takes over for FinFisher

The cybergang behind the now defunct FinFisher man -in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 and is now using a several popular websites to conduct watering hole attacks to help install this malware.

Researchers: Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.

Hello, Charming Kitten: Alleged HBO hacker, two others possibly linked to Iranian APT group

Researchers with ClearSky Cyber Security believe with medium-level confidence that they have linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking and extorting HBO.

Chinese nationals affiliated with Boyusec indicted

The trio, Wu Yingzhuo, Dong Hao and Xia Lei, worked together to hack corporations and steal sensitive documents and communications, according to a Justice Department release.

Microsoft issues warning on Dynamic Data Exchange vulnerability

With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.

Sowbug APT uses Felismus backdoor to for cyberespionage operations

A previously unknown cyberespionage group called Sowbug has been found using the Felismus backdoor to spy on several South American and Pacific Rim national governments for the last several years.

Russian hackers altered Clinton campaign email, part of broader initiative

The altered missive came from Campaign Chairman John Podesta's email. Podesta was netted in a phishing campaign.