APTs/cyberespionage news & analysis | SC Media

APTs/cyberespionage

Bahraini oil company reportedly attacked by new ‘Dustman’ disk wiper

Bapco, the national oil company of the Persian Gulf island nation of Bahrain, was reportedly targeted in a Dec. 29 disk wiper attack that officials believe originated from Iran-backed hackers. Iran is historically associated with past disk wiper campaigns against energy companies, most notably the destructive Shamoon or Disttrack malware attack against the Saudi Arabian…

State actors may be behind ongoing cyberattack on Austria’s foreign ministry

An ongoing and “serious cyberattack” at Austria’s foreign ministry could be the work of nation-state actors, the country’s government said. The ministry has set up a “coordination committee” to respond to the attack, which started as the country’s Greens party okayed an alliance with conservatives. While the foreign ministry discovered the attack and responded quickly,…

No news on if Iran will retaliate yet...

Hackers claiming to be from Iran deface U.S. gov’t website

Just days after President Trump ordered an air strike that killed Iranian Maj. Gen. Qassem Soleimani, a U.S. government website was defaced by a hacking group claiming to be from Iran. The hackers defaced the Federal Depository Library Program, fdlp.gov, website with a picture of bleeding Trump as he’s being punched in the face for an…

DHS warns Iran retaliation could include cyberattacks

Although it stressed there is no evidence of a specific credible threat to the U.S. after the killing Iranian General Qasem Soleimani, the Department of Homeland Security Saturday issued a National Terrorism Advisory System Bulletin warning of retaliation, including cyberattacks. Previous homeland-based plots by Iran and its partners “have included, among other things, scouting and…

Army cyber troops

Army joins Navy in banning TikTok

The U.S. Army this week joined the Navy in banning soldiers from using TikTok, the popular Chinese-owned video app marred by troublesome data handling practices, pegging it as a national security risk. “The U.S. Army’s decision to ban TikTok is yet another sign of the growing suspicion and mistrust U.S. authorities feel towards the Chinese-developed…

Reputed Vietnamese APT group hacks BMW, Hyundai: report

The reputed Vietnamese APT group OceanLotus is believed responsible for recently hacking into the networks of German car manufacturer BMW, as well as South Korea’s Hyundai, presumably to spy on their automotive trade secrets. German broadcaster Bayerricscher Rundfunk, which broke the story, reported (in an article translated into English) that BMW caught the intrusion early…

Barr said to dispute Justice IG’s finding that FBI had legal basis for Trump campaign probe

Attorney William Barr reportedly has signaled that he’ll dispute the apparent finding in the much-anticipated Justice Department Inspector General (IG) report that in the summer of 2016 the FBI had enough evidence to pursue an investigation into Trump campaign members’ ties to and possible coordination with Russian operatives. IG Michael Horowitz is expected to conclude…

Ukraine-Map

Senate Intel Committee probed Ukraine theory, found no evidence to support

Republican lawmakers like Sen. John Kennedy, R-La., of late may have been pushing the narrative that Ukraine significantly interfered in the 2016 presidential election but a probe by the Senate Intelligence Committee found the widely debunked theory without merit. At one point during its investigation into election meddling and any collusion by either campaign, the…

spyware

CallerSpy spyware: Possibly the first phase of a targeted attack

A new cyberespionage tool called CallerSpy was revealed by Trend Micro, but exactly what the developer’s intentions are for the malware is still unknown. CallerSpy was first spotted in May on the typosquatted website https://gooogle[.]press/ where it was advertised as a chat app called Chatrious. Using the misspelled Google name in the URL appears to…

Law enforcement delivers knockout blow to Imminent Monitor RAT network

International law enforcement officials late last week announced a crackdown on a cybercriminal network responsible for the proliferation of the Imminent Monitor Remote Access Trojan (IM-RAT). The coordinated operation, executed by authorities based in Australia, Europe and Colombia, resulted in the takedown of IM-RAT web page and infrastructure, and the arrest of 13 people. Additionally,…

Next post in Cybercrime