Cyber Espionage News, Articles and Updates

US-CERT issues malware analysis on KEYMARBLE RAT, attributes threat to North Korea

Through its US-CERT division, the U.S. Department of Homeland Security yesterday issued a new analysis report on a remote access trojan called KEYMARBLE that the agency says has been attributed to Hidden Cobra, a suspected North Korean APT actor.

Analysis of email address in Mueller indictments exposes 9M weaponized email accounts

GroupSense researchers investigating an email address affiliated with Russia's Internet Research Agency for evidence of a botnet meant to exert influence on public opinions.

Worst of both words: 'Gorgon' hackers practice both general cybercrime and targeted government attacks

A hacking group apparently based in Pakistan has been straddling the fence between cybercriminal activity and nation-state espionage, leveraging the same malicious infrastructure to both launch email spam campaigns and target government agencies in U.S., UK, Russia and Spain.

Sen. McCaskill reportedly identified as Russian hacking target as mid-term elections approach

Sen. Claire McCaskill, D-Mo., an incumbent facing a tight race in the 2018 U.S. mid-term elections, has affirmed that Russian hackers are attempting to interfere with her reelection campaign, following an independent forensic analysis identifying her as a target.

Iranian cyber activity on the rise with Leafminer, OilRig leading the way

Iran has once again found itself in the crosshairs of cybersecurity researchers with Palo Alto Networks' Unit 42, Symantec and the German intelligence all pointing accusatory fingers at Tehran over several recently revealed cyber campaigns.

Cyberattacks soared in Finland prior to Trump-Putin summit; IoT devices a major target

Cyberattacks against Finland skyrocketed in the days leading up to the July 16 Helsinki summit between Donald Trump and Vladimir Putin -- the majority of which were attempts to brute force IoT devices.

Researchers detect fresh activity in Blackgear cyber espionage campaign

The long-running Blackgear cyber espionage campaign that has largely targeted Taiwanese, Japanese and South Korean targets recently commenced a new operation that abuses legitimate blog and social media sites to establish command-and-control infrastructure.

Researchers: 'Roman Holiday' malware campaign appears to be Russia targeting Italian navy

The Russian threat group Fancy Bear appears to be behind a recent campaign that may have targeted Italy's navy with an updated version of the APT group's XAgent backdoor malware, according to researchers.

Israel indicts man for allegedly trying to sell spy company's secrets

Charges include trying to damage property in a way that would harm national security, theft by an employee, activities to market defense material without a permit, and obstruction and interfering with computer material.

Report: Russia may be readying cyberattack against Ukraine

One year after the global NotPetya disk wiper incident that both the U.S. and UK have attributed to Russia, Moscow-backed hackers may be on the verge of launching another large-scale damaging cyberattack against Ukraine, according to a Tuesday Reuters report citing a Ukrainian law enforcement official.

Symantec pegs Chinese group Thrip behind recent cyberespionage attacks

Symantec researchers spot three Chinese computers behind a string of cyberespionage attacks targeting private and defense-related targets in the United States and Southeast Asia, including attempting to infect a computer system that handled satellite operations.

Adobe issues critical patch after Flash zero-day bug actively exploited in Middle East

Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.

Sofacy rolls our Zebrocy toolkit to hit government targets

The Russian APT cybergang Sofacy has rolled out a new campaign based on a seldom used attack tool called Zebrocy and is using it to target government, diplomatic and other strategic organizations primarily in North America and Europe.

RAT campaign targets Koreans with phishing lures featuring U.S.-North Korea summit

A remote access trojan that apparently went undiscovered for at least two years was found targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure.

Turla cyberespionage group switched to open-source malware

The Turla cyberespionage group has implemented some new tactics over the last few months incorporating some open-source exploitation tools instead of relying solely on their own creations to run campaigns.

Patch Tuesday: Microsoft mends RCE bug reportedly exploited by cyber espionage group

Microsoft Corporation's Patch Tuesday release today fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.

Secret no more: North Korea the likely culprit in complex GhostSecret cyber espionage campaign

What began as an aggressive phishing-based malware campaign against Turkish financial institutions earlier this year appears to have since burgeoned into a worldwide cyberspying and data theft operation targeting a wide range of industry sectors with at least two malicious implants.

New Desert Scorpion spyware found in malicious chat app aimed at Palestinians

A malicious chat app that was advertised on Facebook and sold in the Google Play store was discovered to execute a previously undiscovered spyware program linked to APT-C-23, an advanced persistent threat group allegedly with ties to Hamas.

Terbium Labs CEO: We have the tools to curtail fake news, if we'd only use them

We already have the means to significantly curtail fake news campaigns emanating from Russia and elsewhere, but it is up security practitioners, and especially online content and advertising platforms, to meaningfully employ these measures, according to Dr. Daniel Rogers, CEO of Terbium Labs.

Operation Parliament targeting Middle East nations with cyberespionage malware

Kaspersky Labs has detailed a large scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions.

U.K. intel director discloses offensive cyber campaign against ISIS, lambastes Russia

In his first public speech, the U.K.'s GCHQ Director Jeremy Fleming acknowledged that the agency recently coordinated a major cyber offensive operation against ISIS, significantly crippling the terrorist group's ability to recruit and coordinate attacks online.

Justice was overdue: Indicted Iranian hackers phished targets using library account lures

The nine Iranian hackers who were indicted last Friday for allegedly exfiltrating 31 terabytes of research documents and credentials from academics, companies and government agencies phished many of their targets using lures intended to trick them into thinking their library accounts were cancelled.

New Sanny info-stealer campaign targets government agencies with evolved malware

Researchers this month discovered a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.

Kaspersky research on Slingshot APT campaign reportedly exposes U.S. counterterrorism operation

A recently published Kaspersky Lab report that exposed a sophisticated, six-year cyber espionage campaign targeting the Middle East and Africa disrupted an active counterterrorism operation, according to an article this week by CyberScoop, citing current and former U.S. intelligence officials.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.