APTs/cyberespionage news & analysis | SC Media APTs/cyberespionage

APTs/cyberespionage

APT 41 using MessageTap malware to gather SMS traffic

A new malware that is being deployed by the Chinese hacking group APT 41 monitors SMS traffic and other mobile information en masse and is being used against a telecommunications firm to target specific customer phone numbers. The malware, called MessageTap, has been used in cyberespionage and financially motivated attacks, reported FireEye. MessageTap was first…

Officials preparing for cyber attacks, scams as Olympics nears

Microsoft: Russia again hacks anti-doping and sports agencies

Facing possible exclusion from the 2020 Summer Olympics in Tokyo and other major athletic events, Russia once again has been attempting to hack anti-doping agencies and sports organizations, Microsoft reported yesterday. In attacks that started on Sept. 16, the reputed Russian APT Fancy Bear targeted at least 16 national and international sports organizations across three…

Facebook moves to protect elections by flagging content from state-run media

Facebook might have decided to leave it up to the public whether political ads are truthful – or not – but the social media giant said it’s diligently trying to identify and flag content from media outlets run by nation-states to avoid a repeat of the 2016 election when Russia and other countries leveraged its…

Avast’s network penetrated, CCleaner targeted again

The Czech-based security firm Avast reported its internal network had been accessed through a temporary and loosely protected VPN profile with compromised credentials . The incident began on September 23 when the company noted suspicious behavior taking place on its network and started an investigation that included Czech national intelligence and cybersecurity assets. It was…

Russian Turla group masqueraded as Iranian hackers in attacks

The Russian hacker group Turla disguised itself as Iranians and stole state secrets from multiple countries, authorities from the U.S. and U.K. said Monday.  “Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign,” Paul Chichester, director of operations at GCHQ’s National Cyber Security…

New 'Rombertik' malware destroys master boot record if analysis function detected

Major software vendor compromised with previously undocumented PortReuse backdoor

A thorough investigation into reputed Chinese APT actor Winnti Group turned up a previously undocumented backdoor that was used to compromise a popular Asian mobile hardware and software vendor — perhaps as a prelude to launching a major supply chain attack against its users. Dubbed PortReuse, the modular malware is a passive network implant that…

DIA analyst arrested for disclosing classified info to two journalists

A U.S. Defense Intelligence Agency (DIA) analyst was arrested for supplying top secret national defense information (NDI) on a foreign country’s weapons systems to two journalists, one of whom he reportedly was engaged with romantically. Henry Kyle Frese, 30, of Alexandria, Va., accessed classified reports in April and May 2018 and passed them to the…

Second Senate Intel committee report confirms Russia social media campaign to influence 2016 election, skewer Clinton

In the wake of a controversial call between President Trump and President Volodymyr Zelensky of Urkaine and even as some of President Trump’s supporters in Congress push a narrative that corrupt forces in Ukraine were behind 2016 election meddling, the second of a five-part bipartisan report from the GOP-led Senate Intelligence Committee confirmed Russia was…

HTTPS

New ‘Reductor’ malware compromises machines’ encrypted TLS traffic

Cyber espionage actors have developed a malware that can mark victims’ TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later. Dubbed Reductor, the malware appears to share similar code to the COMpfun trojan, which was first documented in 2014 and is closely associated with suspected Russian APT group Turla, aka…

Iran hackers targeted presidential campaign, journalists

A threat group, dubbed Phosphorus, that Microsoft believes to be linked to Iran’s government targeted email accounts associated with a presidential campaign as well as government officials, journalists and prominent Iranians living outside the country. “In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700…

Next post in Security News