APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information. Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26…

Russian hacking group STRONTIUM attacking corporate IoT devices, Microsoft says

A state-backed Russian hacking group, dubbed STRONTIUM, has been attacking corporate IoT devices, according to a blog post recounting the finds of researchers at Microsoft Threat Intelligence Center. In April, the researchers “discovered infrastructure of a known adversary communicating to several external devices as well as “attempts by the actor to compromise popular IoT devices (a…

Report: North Korea funded WMD programs with $2B stolen via cyberattacks

North Korea’s rampant and repeated cyberattacks on financial institutions and cryptocurrency exchanges over the years has generated $2 billion in stolen funds, which the nation allocated toward developing weapons of mass destruction programs, according to a confidential UN document, Reuters reported yesterday. “Democratic People’s Republic of Korea cyber actors, many operating under the direction of…

Mueller’s testimony clear: Russian election meddling ongoing

Despite Special Counsel Robert Mueller’s slow, halting cadence, and apparent difficulty hearing or understanding some questions put to him by members of the House Judiciary and Intelligence Committees, the former FBI director delivered a clear message – Russia engaged in a sweeping campaign to me the 2016 U.S. election and those efforts will intensify in 2020…

APT-hunting group claims China’s Security Ministry is behind APT17

Researchers at Intrusion Truth are claiming the cyberespionage group APT17 is operated by the Jinan bureau of the Chinese Ministry of State Security (MSS). Intrusion Truth is an online anonymous group of cybersecurity analysts who investigate and expose APT groups linked to the Chinese government.    APT17 is believed to have been behind a series of…

Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor

A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…

APT10

APT34 spread malware via LinkedIn invites

FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.  Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families…

Next post in APTs/cyberespionage