APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Report: Iran claims to have thwarted a U.S. cyberespionage operation

Iran is reportedly claiming that it successfully uprooted a CIA-led cyberespionage operation and arrested several U.S. spies in the process. “One of the most complicated CIA cyberespionage networks that had an important role in the CIA’s operations in different countries was exposed by the Iranian intelligence agencies a while ago and was dismantled,” said Ali…

Bouncing Golf campaign takes swing at Android users with info-stealing malware

A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…

twitterbirds

Twitter takes down thousands of state-affiliated malicious accounts

Twitter shutdown nearly 5,000 accounts tied to the Iranian government and is archiving the tweets from the accounts in a public database. The social media platform also took down four Russian accounts linked to the Internet Research Agency (IRA) troll farm, 130 Spanish accounts linked to the Catalan independence movement and 33 Venezuelan accounts also…

Russia accused of hacking EU embassy in Moscow

Russia is believed to have hacked the Europian Union’s embassy in Moscow in a sophisticated cyberespionage attack designed to steal highly sensitive material from the mission’s internal network just weeks before the European Parliament elections. The initial attack took place in February 2017, but wasn’t detected until April of this year. European officials aren’t yet…

APT10

MuddyWater, Fin8 and Platinum threat actors back in action

Researchers have spotted the MuddyWater, Fin8 and Platinum cybergangs all making an unwanted comeback following an observed increase in malicious activity over the last few weeks. Trend Micro came across several campaigns its researchers believe contain the hallmarks of MuddyWater. But this time around the group apparently deployed a new multi-stage PowerShell-based backdoor called POWERSTATS…

Mueller confirms Russian interference, declines to clear president of obstruction, steps down as special counsel

Special Counsel Robert Mueller reiterated Wednesday the findings of his nearly two-year probe, confirming that Russia, in “multiple, systematic efforts,” interfered in the 2016 U.S. presidential election in an effort to damage former Secretary of State Hillary Clinton’s bid for the White House by hacking systems associated with the Democratic Party, coordinating the steady release…

APT10 campaign debuts two new loaders for distributing PlugX and Quasar RATs

The reputed Chinese state-sponsored threat group APT10 appears to be the culprit behind a campaign this past April that sought to distribute PlugX and Quasar RAT malware via one of two newly discovered downloader variants. Researchers from enSilo uncovered the campaign after samples were collected from one or more targets based in the Philippines. PlugX and…

Julian Assange

Assange indicted on 17 counts under Espionage Act

WikiLeaks founder Julian Assange was indicted Tuesday on 17 counts of violating the rarely invoked Espionage Act for the 2010 procurement and publication of classified documents nicked by former Army Private and intelligence officer Chelsea Manning. The charges leveled against Assange, seen as courageous whistleblower by proponents and a criminal by critics, have raised concerns…

Huawei responds to allegations of NSA hacking

Trump national emergency on info security allows ban on Huawei

Amid escalating trade war tensions with China and a lengthy dispute over Huawei Technologies over espionage allegations, President Trump declared a national emergency that bans U.S. telecommunications companies from using equipment from foreign firms that could threaten national security. The Commerce Department followed up immediately by placing Huawei Technologies and 70 affiliates on the Bureau…

ScarCruft ATP campaign leverages ‘rare’ data-harvesting tool for Bluetooth devices

A recent malware campaign targeting investment companies and diplomatic agencies has shed light on some of the newest practices and tools of reputed North Korean APT group ScarCruft. While investigating this campaign, researchers from Kaspersky Lab observed a tool for harvesting Bluetooth device data and were able to analyze the group’s multistage binary infection procedure.…

Next post in APTs/cyberespionage