APT News, Articles and Updates

Report: Chinese APT compromised trade association's website to keep tabs on members

A Chinese APT is accused of compromising the website of the National Foreign Trade Council in an attempt to spy on the trade association's members.

'Carbon' copies: ESET continues to find new variants of backdoor used by Turla Group

Carbon, a second-stage backdoor used in campaigns executed by the Turla group, continues to be actively updated regularly, according to ESET, which recently observed new variations in the malware's processes, file names and mutexes.

FireEye says criminals now as sophisticated as nation states

FireEye's annual M-Trends report finds that financial attacks have reached nation-state level of sophistication.

CyberUK 2017: GCHQ director explains NCSC ethos in parting interview

Outgoing director of GCHQ, Robert Hannigan, tells the FT's Lionel Barber about the genesis of the National Cyber Security Centre and what he hopes it will achieve.

Kremlin seeks to sway British public opinion?

The head of the UK's National Cyber Security Centre has written to political parties warning of potential Russian-backed hacking to sway the British electorate.

Reports cast suspicion on Trump server, political consultant

One report suggests a possible computer server connection between the Trump organization and a Russian bank, while another alleges that a Trump advisor was in contact with Russian hackers during the presidential election.

WikiLeaks releases document trove allegedly containing CIA hacking tools

Hacking tools from the isolated, high-security network situated inside the CIA's Center for Cyber Intelligence have allegedly been released by WikiLeaks which hopes to instigate conversation around the moral use of cyberweapons.

RTM cyber gang targets Russian businesses that conduct remote banking

Preying on Russian businesses that rely on Remote Banking Systems, the cybercrime group RTM is using backdoor malware to first silently compromise systems, and then perform reconnaissance, swipe data and steal funds.

Analysis: Election hackers used many of the same techniques as Carbanak gang

An analysis of two DHS reports focusing on Russia's reputed interference in the 2016 U.S. election revealed common bonds between the infamous hacking campaign, dubbed Grizzly Steppe, and activity by the Carbanak cyber gang. However, an expert with ESET doesn't think the overlap is significant.

Operation BugDrop spies on mic recordings, uses Dropbox to exfiltrate data

A sophisticated cyber espionage operation focused primarily within Ukraine reportedly uses malware that leverages Dropbox to exfiltrate stolen data, including conversations recorded by infected computers' audio microphones.

XAgent malware linked to DNC hackers can now attack Macs

Macs are officially no longer immune to XAgent, a backdoor malware linked to the Russian threat group APT 28, as researchers have now discovered a version targeting machines running on OS X.

Congressional staffers eye response, future deterrents, in wake of Russian election interference

A trio of high-level Congressional staffers gathered at the 2017 RSA Conference this week in a joint session that sought to explore possible responses to Russia's interference in the 2016 U.S. presidential election, as well as future deterrents that might prevent future foreign cyberattacks.

Microsoft president calls for 'Digital Geneva Convention'

Governments should create a "Digital Geneva Convention" that lays out ground rules for defending civilians from cyberattacks, declared Brad Smith, president of Microsoft Corporation, today at the RSA Conference.

Websites of foreign embassies and ministries compromised to infect visitors

An unknown actor whose targets and tactics resemble those of a Russian advanced persistent threat group has been compromising the websites of foreign embassies, ministries and organizations, in an attempt to infect certain site visitors with malware.

Confusion, theories abound as Russia stays silent on cybersecurity treason arrests

Following the arrests of four cyber experts in Russia on treason charges, conflicting theories have emerged, as observers speculate if the case is connected to the hacking of U.S. political institutions in the run-up to the 2016 election.

Downeks and Quasar malware combine in attack linked to Gaza Cybergang

A recent spate of attempted malware attacks intended to infect government entities in the Middle East with a customized version of the Quasar remote access trojan appears to be linked to the Hamas-linked Gaza Cybergang.

Researchers tentatively link Greenbug cyberspy group to Saudi Shamoon attackers

Researchers may have found a tenuous link between a cyberespionage organization's credentials-stealing trojan and the Shamoon hacking group that's been targeting Saudi energy companies with Disttrack disk-wiping malware.

Report: malicious 'fake' news links used to socially engineer

A new report from the Institute of Critical Infrastructure Technology has shown that fake news links are often spread to aid the campaigns of APT groups

Declassified intelligence report says Putin, Russia meddled in U.S. presidential election

Russian President Vladimir Putin ordered a campaign of cyberespionage, hacking and propaganda to influence the 2016 U.S. presidential election and spoil candidate Hillary Clinton's chances of winning, according to a declassified joint intelligence assessment.

Intel officials: China still hacking U.S., albeit at reduced rate

According to testimony from top intelligence officials, more than 30 nations are developing offensive cyberattack capabilities as of late 2016, including China, which continues to conduct cyberespionage operations against U.S. assets.

Clapper testimony: U.S. intel more confident than ever Russia interfered with elections

In a hearing on Capitol Hill Thursday, U.S. intelligence leaders doubled down on their collective assertion that Russia intentionally interfered with the 2016 presidential election, even as President-elect Donald Trump continues to publicly cast doubt on these findings.

New variant of KillDisk wiper threatens industrial control networks with ransomware

The KillDisk disk-wiper program that was used in conjunction with BlackEnergy malware to attack Ukrainian energy utilities now includes a ransomware component, according to researchers at CyberX.

Malware in Ukraine armed forces app linked to DNC hackers

A proprietary spyware tool that was recently found infecting Ukrainian military forces battling Russian separatists is an Android version of the same malware that helped hackers steal files from the Democratic National Committee, CrowdStrike has reported.

Report: Russian hackers breached Joint Chiefs' email system in 2015

An unclassified e-mail system used by the U.S. Joint Chiefs of Staff, their chairman and his support staff was infiltrated by Russian hackers in August 2015, according to CBS News, citing former Joint Chiefs Chairman Martin Dempsey.

Sofacy APT doubles down on its 'DealersChoice' Flash exploit campaign

Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.

Stealing steel's secrets: Industrial conglomerate ThyssenKrupp breached by pro hackers

Professional hackers infiltrated the systems of Germany-based industrial conglomerate ThyssenKrupp earlier this year, stealing intellectual property, research and secrets.