APT News, Articles and Updates

Report: Congressman seeks pardon for Assange in exchange for docs vindicating Russian hackers

Rep. Dana Rohrabacher (R-Calif.) has reportedly taken steps to broker a deal between the White House and Julian Assange, in which the WikiLeaks founder would turn over materials that he claims exonerates Russia from hacking Democratic officials in exchange for a pardon or some form of clemency.

Turla APT group linked to Gazer backdoor that spies on embassies

A previously undocumented backdoor program used to spy on foreign embassies and consulates appears to be the work of suspected Russian APT group Turla, researchers from ESET have reported.

Judge rules Fancy Bear APT must forfeit malicious domains to Microsoft

A federal district court judge in Virginia has granted Microsoft Corporation permission to seize domains that Russian APT group Fancy Bear has historically used to target the software giant and its users.

Ukrainian malware author is key witness against Russia in DNC hack investigation

A Ukrainian man who authored malware that U.S. intelligence said was used to hack the DNC has become a witness for the FBI after turning himself in early this year, the New York Times has reported.

Lazarus Group tied to new phishing campaign targeting defense industry workers

The Lazarus Group appears to be targeting individuals associated with U.S. defense contractors, including prospective employees, with phishing emails that display fake job listings and companies' internal policies.

Tick threat group linked to multiple malware families

The Tick hacking group known infecting Japanese and South Korean targets with its malicious backdoor "Daserf" has been linked to other campaigns leveraging an eclectic assortment of malware, including two additional backdoors, two remote access trojans and a downloader.

Reports: Feds issue alert after adversary breaches power plant business networks

Since May, foreign hackers have breached computer networks at 12 or more U.S. power plants, including nuclear facilities, prompting the FBI and DHS to issue an urgent amber warning to utility companies, according to reports.

Senators grill intel community on 702 incidental collection

Committee Chairman Sen. Chuck Grassley, R-Iowa, repeatedly asked IC representatives to answer senators' questions regarding the number of Americans incidentally caught up in IC surveillance

WikiLeaks: CIA's Brutal Kangaroo toolset lets malware hop onto closed networks

WikiLeaks dumped more leaked CIA documents, publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.

DHS and FBI dish out details on North Korea's APT group Hidden Cobra

The DHS and FBI on Tuesday jointly released a technical alert detailing IP addresses, infrastructure and tools used by Hidden Cobra, a North Korean advanced persistent threat group better known as the Lazarus Group.

Fake news allegedly planted by Russian hackers helped trigger Qatar crisis

A controversial report seemingly published last month by Qatar's state news agency may be fake news planted by Russian hackers who allegedly broke into the agency's systems, according to an exclusive CNN report, citing U.S. officials.

Experts surprised by extent of Russian election meddling, demand voting security for 2018

The leak of a classified NSA document confirming that Russia interfered with the 2016 U.S. presidential race has reinforced the need to fix vulnerabilities in America's voting infrastructure before the next election cycle.

Putin says 'patriotic hackers,' may have interfered in U.S. election

"Patriotic hackers," akin to "artists," may have come to the defense of Russia, President Vladmir Putin said at the St. Petersburg Economic Forum.

Shadow Brokers post details of 'monthly dump service'

Those who pay in Zcash and provide "a 'delivery email address' in the 'encrypted memo field'" will receive a confirmation email and then a mass email between July 1-17 with a link and password for the June dump.

Florida GOP blogger received DCCC docs from Guccifer 2.0

Aaron Nevins sent a message to the hacker, believed to be a front for the Russian APT groups that hacked Democratic interests, including the Democratic National Committee (DNC), asking for information of interest in Florida.

Revised 'Hack Back' bill encourages 'active-defense' techniques, sets parameters

The bill would give cyberattack victims the go-ahead to retaliate against their attackers within certain parameters.

Goddess of cyberwar: Athena CIA tool subject of latest WikiLeaks Vault 7 dump

WikiLeaks on Friday published materials related to a malware implant called Athena, which enables remote beacon and loader capabilities on targeted computers running on Microsoft Windows versions XP through 10.

WannaCry code prompts North Korean APT theories, but attribution remains iffy

Analysis of the WanaCrypt0r 2.0 ransomware that bedeviled enterprise across the globe this past weekend has reportedly turned up potential links to the alleged North Korean hacking institution known as the Lazarus Group.

WannaCry fallout: is hoarding exploits, delaying fixes ever justified?

With the lethality of WannaCry being blamed on the NSA's EternalBlue exploit, we asked the cyber-security industry about the wisdom of allowing intelligence agencies to stockpile zero days.

OceanLotus APT acting in accordance with Vietnamese interests, researchers report

An APT group whose actions appear to align with Vietnamese state interests has been actively compromising private corporations and targeting foreign governments, dissidents and media since at least 2014, according to researchers at FireEye.

Senate Intel committee grills FBI's McCabe on election hack investigation

A U.S. Senate Intelligence Committee hearing today scheduled to discuss worldwide threats to America was essentially hijacked with the vast majority of questions focusing on whether James Comey's firing by President Trump will negatively impact the FBI's investigation into Russian influence in the 2016 election.

Report: Pentagon removed online ISIS propaganda in secret Operation Glowing Symphony

U.S. cyber forces conducted a secret global operation to remove ISIS propaganda and videos from their host services, including those physically located in allied countries, the Washington Post reported on Tuesday.

Researchers link new backdoor and Mac-based rootkit to Turla spy group

The Turla advanced persistent threat group appears to have recently created both a new multiplatform backdoor malware program called Kazuar, and a MacOS version of its Uroburos espionage rootkit.

Microsoft bug linked to spy campaigns, bank thefts reportedly took 6 months to fix

A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.

SentinelOne: In memory attacks loom large, leave little trace

In-memory attacks are on the rise according to Sentinel One, and being increasingly adopted by cyber-crime authors to evade security software.