APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Legacy ICS puts critical infrastructure at risk

By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren’t built with security in mind. American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs…

Leaked videos offer rare behind-the-scenes look at Iranian APT operation

Threat analysts hit the cyber intel mother lode after uncovering a 40GB data leak that included training videos shedding light on the activities of an Iranian advanced persistent threat group. In a company blog post this week, IBM X-Force Incident Response Intelligence Services (IRIS) said that the leaked assets were the result of an OPSEC error on…

Covid-19 vaccines, economies in peril after Russian APT29 attacks

Warnings by officials in the U.S., U.K. and Canada that Russia’s Cozy Bear, APT29, is actively trying to steal Covid-19 vaccine research by hacking vaccine trials and dropping WellMess and WellMail malware proves at least two things: Russia military intelligence is still going hard against U.S. targets, and the health care industry, particularly during the…

Huawei ban driven by security, trade considerations

The recent U.K. ban on the use of Huawei technology in its 5G wireless network is likely as much about salvaging the deteriorating U.S.-U.K. Sino relationship and restoring trade normalcy as it is about security. “There are clearly legitimate security concerns around Huawei, particularly given that as a result of the trade ban, equipment will…

Trump approved 2018 retaliatory cyberattack on Russia’s IRA

Despite past assertions that he believed Russian President Vladimir Putin over his own intelligence community that Russia does not tamper with the U.S. electoral process, President Donald Trump last week admitted in an interview with a Washington Post columnist that he approved a 2018 retaliation to take out Russia’s Internet Research Agency (IRA) for precisely…

Sentencing begins for four LulzSec members in London

Trump commutes Roger Stone’s sentence stemming from Mueller probe

President Trump has commuted the sentence of long-time confidante Roger Stone who was to report to prison on July 14 to serve 40 months after being found guilty of seven counts, including obstruction, witness tampering and lying to Congress. During Stone’s trial, which stemmed from Special Counsel Robert Mueller’s probe into Russia’s interference in the…

Report accuses China of extensive mobile spyware use to track ethnic minority group

A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle —…

‘GoldenSpy’ tax software campaign tries to erase evidence of malware

The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software…

Geopolitical targets figuring in latest StrongPity attacks

StrongPity, aka Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it from trying to install malware around the world, particularly in warzones such as Syria. Two separate reports this week from Cisco Talos and Bitdefender suggest the attackers are getting more aggressive in their geo-targeted malicious…

Tax software used by Chinese bank clients installs GoldenSpy backdoor

A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers SYSTEM-level privileges, researchers warn. In a company blog post and more detailed threat report, Trustwave and its SpiderLabs team identified the accounting software as Intelligent Tax, which was reportedly developed by the…

Next post in Security News