APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

DeSantis says Russians hacked two Florida county election info in 2016

Following a briefing by the FBI and the Department of Homeland Security (DHS) Florida Gov. Ron DeSantis confirmed that Russian hackers accessed election information in two of the state’s counties after successful spear phishing attempts, although the governor declined to name the counties at the behest of investigators. “I’m not allowed to name the counties.…

ChinaLaw

Members of China-based hacking firms indicted for Anthem breach, among other breaches

Members of China-based hacking group were indicted for series of computer intrusions, including the 2015 Anthem data breach that affected over 78 million people. The four-count indictment alleges that Fujie Wang, 32, and other members of the hacking group, including another individual charged as John Doe, conducted a campaign of intrusions into U.S.-based computer systems…

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool

The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra. ELECTRICFISH is attributed to North Korea. The 32-bit Windows executable file is a command-line utility…

Researchers: Chinese APT group used stolen NSA tools prior to Shadow Brokers leak

Some of the U.S. government-linked exploit tools that were published online by the Shadow Brokers hacking group in 2016 and 2017 were actually employed by Chinese actors well before that infamous leak occurred, researchers say. In a blog post yesterday, Symantec reported that its threat research team discovered evidence that cyber espionage actor APT3, aka…

‘LightNeuron’ backdoor receives secret commands via Microsoft Exchange email servers; Russian link suspected

Researchers have uncovered what they say is the very first malware to achieve persistence in Microsoft Exchange email servers, which allows attackers to secretly execute commands via malicious emails featuring attachments with hidden code. Dubbed LightNeuron, the furtive backdoor has been targeting Exchange servers since at least 2014, according to a blog post from ESET,…

Slack logo

Slack warns investors of future cybersecurity risks

Cloud-based work collaboration tool provider Slack warned investors of the risks posed by organized cybercrime and nation-state threat actors in a filing with the SEC. The company warned that threats from these organizations including advanced persistent threat intrusions are a strong possibility considering that more than 600,000 organizations use the platform making it a prime…

Amnesty Intl. says cyberattack on Hong Kong office appears linked to known APT group

The Hong Kong division of human rights organization Amnesty International said yesterday that its offices were recently targeted by a sophisticated cyberattack that bore the hallmarks of Chinese state-sponsored actors. A press release issued by the non-governmental organization’s Hong Kong chapter said that suspicious activity was detected on March 15, although it does not state…

DNSpionage actors adjust tactics, debut new remote administration tool

The actors responsible for the DNSpionage DNS hijacking campaign have altered some of their tactics, techniques and procedures (TTPs), introducing a new reconnaissance phase as well as a new malicious remote administration tool called Karkoff. Discovered last November, the operation primarily targets Lebanon- and United Arab Emirates-affiliated .gov domains, commandeering the websites’ DNS servers so…

Mueller report details Russian interference in 2016 election, interactions with Trump team, WikiLeaks

Russian military intelligence apparently successfully penetrated an unnamed Florida county election system and gained “access to the network of at least one Florida county government.” And that’s just one of the findings in Special Counsel Robert Mueller’s much-anticipated report released Thursday. In the sprawling 448-page, partially redacted report, Mueller methodically laid out Russia’s efforts to…

APT34 hacked back by Lab Dookhtegan

A hacking group going by the name Lab Dookhtegan has posted the tools used by the infamous Iranian APT34 cyberespionage group. APT34, also known as HelixKitten and OilRig has purportedly been behind many attacks, but this time was victimized when a data dump of tools was posted on a Telegram channel, reported Bleeping Computer. The…

Next post in APTs/cyberespionage