APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Florida Supreme Court rules warrants a must for real-time cell location tracking

DOJ asks Supreme Court to scuttle lower court order to turn over redacted Mueller grand jury docs

After the Supreme Court last month temporarily stopped a D.C. Circuit Court of Appeal order for the Justice Department to hand over redacted Mueller grand jury information to House Democrats, the department is asking SCOTUS to overturn the lower court’s ruling. “In light of the national prominence of this grand-jury investigation, the separation-of-powers concerns raised…

‘Sandworm Team’ hackers from Russia are exploiting Exim, warns NSA

The U.S. National Security Agency on Thursday issued an advisory alleging that hackers from Russia’s Main Intelligence Directorate (GRU) have been actively exploiting a remote code execution vulnerability in Exim Mail Transfer Agent (MTA) software, found in Unix-based systems. Researchers and analysts reacting to the agency’s warning say the announcement is an important reminder that…

Israel comes under cyber attack

Israeli websites defaced, as more offensive cyber activity flares up in Middle East

Following a month of cyberattacks involving Iran and Israel, experts are reluctant to predict all-out digital warfare between the nation states, despite the obvious recent tit for tat that underscores age-old, religion-based tensions. The latest possible salvo came May 21, when approximately 1,000 corporate and manufacturing targets within Israel were afflicted with defacements and denial…

vulnerability

Modular backdoor sneaked into video game developers’ servers

A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build orchestration server and at least one other company’s game servers, researchers have reported. Although these attacks appear to have taken place prior to March, such incidents are now more important than ever to detect and…

FBI cracks Pensacola shooter’s iPhone without Apple’s help, discovers al Qaeda connection

Attorney General William Barr slammed Apple for not helping the FBI cracking the encryption on iPhones belonging to a Saudi airman who waged an attack on the Pensacola Naval Station last year and was discovered to be connected to al Qaeda. “Apple has made a business and marketing decision to design its phones in a…

Ramsay spy framework built to subvert air-gapped defenses

Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and other removable media, and conducting side-channel attacks are all techniques malicious actors can employ to spread malware to isolated systems. Indeed, researchers at ESET are reporting the discovery of a new cyber espionage framework designed…

CISA releases analysis of three Hidden Cobra malware variants

The Cybersecurity and Infrastructure Security Agency (CISA) and two other federal agencies issued malware analysis reports (MAR) for three North Korean-government operated APTs and trojans. The malware analyzed by CISA, the Department of Defense and the FBI are code-named Copperhedge, Taintedscribe and Pebbledash, all three of which are believed to be operated by the North…

FBI, CISA warn China targeting orgs conducting Covid-19-related vaccine, treatment research

China is looking to lift American research on coronavirus vaccines and treatments through cyberattacks, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned health care, pharmaceutical, and research sectors working on COVID-19 response. “China’s efforts to target these sectors pose a significant threat to our nation’s response to COVID-19,” the alert said.  The…

2FA app weaponized to infect Mac users with Dacls RAT

MacOS users who think they have protected themselves by downloading a particular two-factor authentication application may have actually infected their machines with a new variant of the Dacls remote access trojan. When Dacls was originally discovered in late 2019, it was known to target Windows and Linux platforms, but now it appears Macs are no…

PluginPhantom

PhantomLance campaign slipped trojanized apps into marketplaces for years

A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces. Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with medium confidence to the…

Next post in APTs/cyberespionage