APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Former Cambridge Analytica exec cooperating with Mueller probe

By

A former Cambridge Analytica executive is cooperating with Special Counsel Robert Mueller’s investigation into collusion between the Trump campaign and Russian operatives. A spokesperson for the data analytics firm’s former business development director, Brittany Kaiser, said she was subpoenaed by Mueller, according to a report in the Guardian, and was also assisting in ongoing Congressional investigations. “This…

Australian flag

Australian PM says parliament, political party hacks work of state actor

By

Australian Prime Minister Scott Morrison said Monday that “a sophisticated state actor” was behind the hacks of parliament and the country’s political parties first reported February 8. “Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity,” The Register cited Morrison as saying. “There are a limited number of countries but…

No news on if Iran will retaliate yet...

Defector/ex-U.S. spy charged with aiding Iranian cyberattack plan

By

A U.S. counterintelligence agent specializing in Middle Eastern affairs, who defected to Iran in 2013, was indicted by a federal grand jury for conducting espionage on behalf of her adopted country. Monica Elfriede Witt, an American citizen who served in the U.S. Air Force Office of Special Investigations from 1997 until 2008, was charged with…

Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign

By

The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients. An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the…

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list

By

Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

OceanLotus ATP group uses new Kerrdown downloader to deliver payloads

By

Researchers have discovered a previously unknown custom downloader family that reputed Vietnamese APT group OceanLotus has been using since at least early 2018 to infect victims with payloads such as Cobalt Strike Beacon. The ongoing campaign’s targets are either based in Vietnam or speak Vietnamese, which is in keeping with the m.o. of OceanLotus, which is known to…

No news on if Iran will retaliate yet...

Researchers: Remexi spyware campaign targeted diplomatic institutions based in Iran

By

A cyberespionage campaign targeted Iranian IP addresses late last year, with the goal of infecting victims with an updated version of Remexi backdoor malware, researchers have reported. Some of these IP addresses belong to foreign diplomatic entities located within Iran’s borders. Remexi is typically associated with a reputed Iranian APT group known as Chafer. Its…

Mueller Russian probe docs manipulated, leaked via Twitter

By

Non-public information gathered by Special Counsel Robert Mueller’s team in the investigation of Russian company Concord Management and Consulting and shared during discovery, was manipulated and made accessible by a pro-Russian Twitter account in an effort to discredit Mueller’s Russian probe, Justice Department court documents revealed Wednesday. The filing asked the court not to grant…

Intel community assessment: Cyberattacks threat to U.S. security

By

Cybersecurity threats are among the most troubling concerns to the U.S. intelligence community (IC), with Russia, China, Iran and North Korea (“the Big 4”) well-positioned – and motivated – to engage in cyberespionage and attacks particularly during the 2020 presidential election, according to the IC’s annual “Worldwide Threat Assessment” report. In a wide-ranging discussion of…

WikiLeaks requests information on staffers search warrant data requests

Stone indicted for lying about interactions with WikiLeaks, obstruction, witness tampering

By

President Trump’s colleague and former campaign adviser Roger Stone was indicted by a grand jury in Washington convened by Special Counsel Robert Mueller on seven counts, including making false statements about his interactions with WikiLeaks regarding its release during the 2016 presidential campaign of emails stolen from the DNC and Hillary Clinton Campaign Chairman John…

Next post in Security News