APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Mueller report details Russian interference in 2016 election, interactions with Trump team, WikiLeaks

By

Russian military intelligence apparently successfully penetrated an unnamed Florida county election system and gained “access to the network of at least one Florida county government.” And that’s just one of the findings in Special Counsel Robert Mueller’s much-anticipated report released Thursday. In the sprawling 448-page, partially redacted report, Mueller methodically laid out Russia’s efforts to…

APT34 hacked back by Lab Dookhtegan

By

A hacking group going by the name Lab Dookhtegan has posted the tools used by the infamous Iranian APT34 cyberespionage group. APT34, also known as HelixKitten and OilRig has purportedly been behind many attacks, but this time was victimized when a data dump of tools was posted on a Telegram channel, reported Bleeping Computer. The…

‘Brazen’ nation-state actors behind ‘Sea Turtle’ DNS hijacking campaign

By

State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…

Kaspersky Labs

European Commission: No evidence Kaspersky software is malicious

By

The European Commission yesterday acknowledged in a public document that it possesses no evidence to support the notion that software from Russia-based Kaspersky Lab software is malicious. The admission comes about 10 months after the European Parliament passed a resolution calling for the European Union to ban dangerous software, naming Kaspersky products as specific example.…

Ukraine-Map

Five-year cyber espionage campaign targeting Ukraine potentially linked to Luhansk People’s Republic

By

Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…

Bernie Sanders

Russia targeted Sanders supporters on Twitter to sway support to Trump

By

“Bernie bros” weren’t the only ones who tweeted furiously about Bernie Sanders during the 2016 presidential campaign. Russian trolls on Twitter targeted Sanders supporters in an effort to sway them toward candidate Donald Trump, according to researchers at Clemson University.  Pointing out that the tweets occurred at a “higher volume than people thought,” Darren Linvill,…

U.S. agencies issue report on Hidden Cobra threat group’s HOPLIGHT malware

By

The U.S. Department of Homeland Security and FBI have jointly released an official Malware Analysis Report detailing several variants of HOPLIGHT, a trojan malware program used by hackers from Hidden Cobra, an APT group that’s been widely linked to the North Korean government. Upon execution, HOPLIGHT allows attackers to collect victim machine information, connect to…

Assange arrested on hacking charge and removed from embassy, to be extradited to U.S.

By

After seven years holed up in the Ecuadorian Embassy in London, WikiLeaks founder Julian Assange was arrested on behalf of the U.S. on conspiracy to conduct computer intrusion on the United States, according to an indictment unsealed this morning. U.K. special police entered the embassy and forcibly removed a bedraggled Assange, who shouted and resisted…

Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign

By

Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…

Flame

Stuxnet research reveals possible 4th accomplice, newly discovered versions of Flame and Duqu malware

By

Recent research into old malware threats associated with the Stuxnet attacks against Iran’s nuclear program roughly one decade ago turned up several new discoveries, including a possible fourth collaborator in the clandestine operation, as well as previously unknown versions of Flame and Duqu malware. Today, Alphabet’s cybersecurity subsidiary Chronicle revealed the findings of its researchers…

Next post in Security News