Cyber Espionage News, Articles and Updates

Apparent Korean actor 'Group123' linked to six phishing campaigns, including 'Evil New Year' scam

Researchers have attributed six separate phishing campaigns targeting South Koreans in either 2017 or 2018 to a single threat actor called "Group123," including multiple operations designed to infect victims with the remote administration tool ROKRAT.

Turla cyber-espionage group fakes Adobe Flash Player to drop malware on embassies

Cyberespionage group Turla is reported to be targeting embassies and consulates in the post-Soviet states using a new tool to dupe potential victims into installing malware to exfiltrate data.

Jailed Russian says he left poison pill in Kremlin-directed DNC hack

A imprisoned Russian who claimed the Kremlin ordered him to hack the Democratic National Committee (DNC) computers now says he has the evidence to prove it, asserting that he left behind a "poison pill" in case Russian intelligence betrayed him.

Report: Vietnamese cyber military unit formed to fight controversial ideas on internet

The Vietnamese government has reportedly deployed a military cyber warfare unit compromised of more than 10,000 digital soldiers to combat and censor views on the internet that it finds threatening or "wrong."

Report: Chinese cyberspies targeted Western think tanks with spy tools, DDos attacks in Q4

At least four Western think tanks and two non-government organizations were targeted in Chinese cyber espionage activities this past October and November, according to a new report from CrowdStrike.

Researchers: Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.

Hello, Charming Kitten: Alleged HBO hacker, two others possibly linked to Iranian APT group

Researchers with ClearSky Cyber Security believe with medium-level confidence that they have linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking and extorting HBO.

Report: Phase two of U.S. government's Kaspersky ban complete

The U.S. government's effort to purge its systems of anti-virus software from Kaspersky Lab has reached the final stage, according to a new report from Nextgov.

New Kaspersky report offers alternate theory for how NSA hacking tools were stolen

Seeking to prove its anti-virus software did not help Russian cyber spies steal U.S. hacking tools from an NSA contractor's laptop, Kaspersky Lab has released findings from an internal probe, including apparent evidence that said laptop had been infected with malware.

UK cyber chief fingers Russia for cyberattacks

The UK's GCHQ's National Cyber Security Centre (NCSC) head accused Russia of having staged attacks on critical infrastructure and other sectors in the past year.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

Defense minister says Poland fended off Russian cyberattack on businesses

Poland's defense minister reportedly disclosed that his country successfully stopped a recent Russian cyberattack targeting companies based in Ukraine that also operate offices in other countries, including Poland.

Report: Congressman seeks pardon for Assange in exchange for docs vindicating Russian hackers

Rep. Dana Rohrabacher (R-Calif.) has reportedly taken steps to broker a deal between the White House and Julian Assange, in which the WikiLeaks founder would turn over materials that he claims exonerates Russia from hacking Democratic officials in exchange for a pardon or some form of clemency.

Turla APT group linked to Gazer backdoor that spies on embassies

A previously undocumented backdoor program used to spy on foreign embassies and consulates appears to be the work of suspected Russian APT group Turla, researchers from ESET have reported.

Chinese national arrested in relation to OPM breach

U.S. officials arrested a Chinese national who is accused of being involved in the 2015 OPM breach.

Proposed legislation discourages Russia-U.S. cyber pact, while prioritizing election security

A U.S. intelligence bill that recently passed committee in the Senate contains key provisions designed to defend the electoral process from Russian meddling and other foreign interference, as well as curtail any possible White House effort to form a joint cybersecurity unit with the Kremlin.

'ShadowPad' attack sabotaged NetSarang software with backdoor

Attackers secretly modified at least five software packages distributed by NetSarang in order to infect its business users with modular backdoor spyware, Kaspersky Lab has reported.

Ukrainian malware author is key witness against Russia in DNC hack investigation

A Ukrainian man who authored malware that U.S. intelligence said was used to hack the DNC has become a witness for the FBI after turning himself in early this year, the New York Times has reported.

U.S. Military vows to tweak and fling malware back at creators

U.S. military hackers are by throwing the proverbial malware grenade back at the enemy

Lazarus Group tied to new phishing campaign targeting defense industry workers

The Lazarus Group appears to be targeting individuals associated with U.S. defense contractors, including prospective employees, with phishing emails that display fake job listings and companies' internal policies.

Informed and tech savvy North Korean ruling elite regularly online

There are four million 3G-capable mobile devices in North Korea, but only the small group of the most senior leaders and ruling elite are granted direct access to the worldwide internet.

Tick threat group linked to multiple malware families

The Tick hacking group known infecting Japanese and South Korean targets with its malicious backdoor "Daserf" has been linked to other campaigns leveraging an eclectic assortment of malware, including two additional backdoors, two remote access trojans and a downloader.

Tables turned: Researcher reportedly creates C&C server to spy on Fruitfly Mac malware

A security researcher looking into a variant of the Mac spyware Fruitfly uncovered a pool of roughly 400 infected victims, after reportedly registering a back-up C&C server that was coded in a sample of the malware and taking it over.

CIA Director Pompeo says WikiLeaks will 'take down America'

CIA Director Mike Pompeo continued to expressed disdain for WikiLeaks a day after the organization published more Vault7 documents.