APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

How to leverage artificial intelligence.

‘Woefully lax’ security led to WikiLeaks Vault 7 dump

Sen. Ron Wyden, D-Ore., pressed new Director of National Intelligence John Ratcliffe to detail security measures taken to safeguard sensitive intelligence after an internal CIA report said “woefully lax security” at the Center for Cyber Intelligence led to the “largest data loss in CIA history” – the leak of hacking tools to WikiLeaks. Wyden had…

Russian hacker releases at least 14,000 Mexican taxpayer IDs

Researchers at Lucy Security recently discovered that a Russian hacker named m1x breached a Mexican government web portal and three days later once the government refused to pay a ransom, publicly-released some 14,000 Mexican taxpayer ID numbers. Colin Bastable, CEO of Lucy Security, said the researchers discovered the case on a hacking forum on the dark web…

VBA macro, remote template injectors included in Gamaredon post-compromise tool kit

The Gamaredon threat group has built a post-compromise tool arsenal that includes remote template injectors for Word and Excel documents as well as a unique Outlook mass-mailing macro, researchers recently discovered. The tools, previously undocumented, boast a VBA macro aimed at Outlook that sends spearphishing emails to a victim’s Microsoft address book contacts, according to…

Florida Supreme Court rules warrants a must for real-time cell location tracking

DOJ asks Supreme Court to scuttle lower court order to turn over redacted Mueller grand jury docs

After the Supreme Court last month temporarily stopped a D.C. Circuit Court of Appeal order for the Justice Department to hand over redacted Mueller grand jury information to House Democrats, the department is asking SCOTUS to overturn the lower court’s ruling. “In light of the national prominence of this grand-jury investigation, the separation-of-powers concerns raised…

‘Sandworm Team’ hackers from Russia are exploiting Exim, warns NSA

The U.S. National Security Agency on Thursday issued an advisory alleging that hackers from Russia’s Main Intelligence Directorate (GRU) have been actively exploiting a remote code execution vulnerability in Exim Mail Transfer Agent (MTA) software, found in Unix-based systems. Researchers and analysts reacting to the agency’s warning say the announcement is an important reminder that…

Israel comes under cyber attack

Israeli websites defaced, as more offensive cyber activity flares up in Middle East

Following a month of cyberattacks involving Iran and Israel, experts are reluctant to predict all-out digital warfare between the nation states, despite the obvious recent tit for tat that underscores age-old, religion-based tensions. The latest possible salvo came May 21, when approximately 1,000 corporate and manufacturing targets within Israel were afflicted with defacements and denial…

vulnerability

Modular backdoor sneaked into video game developers’ servers

A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build orchestration server and at least one other company’s game servers, researchers have reported. Although these attacks appear to have taken place prior to March, such incidents are now more important than ever to detect and…

FBI cracks Pensacola shooter’s iPhone without Apple’s help, discovers al Qaeda connection

Attorney General William Barr slammed Apple for not helping the FBI cracking the encryption on iPhones belonging to a Saudi airman who waged an attack on the Pensacola Naval Station last year and was discovered to be connected to al Qaeda. “Apple has made a business and marketing decision to design its phones in a…

Ramsay spy framework built to subvert air-gapped defenses

Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and other removable media, and conducting side-channel attacks are all techniques malicious actors can employ to spread malware to isolated systems. Indeed, researchers at ESET are reporting the discovery of a new cyber espionage framework designed…

CISA releases analysis of three Hidden Cobra malware variants

The Cybersecurity and Infrastructure Security Agency (CISA) and two other federal agencies issued malware analysis reports (MAR) for three North Korean-government operated APTs and trojans. The malware analyzed by CISA, the Department of Defense and the FBI are code-named Copperhedge, Taintedscribe and Pebbledash, all three of which are believed to be operated by the North…

Next post in APTs/cyberespionage