APT | SC Media

APT

Report: North Korea funded WMD programs with $2B stolen via cyberattacks

North Korea’s rampant and repeated cyberattacks on financial institutions and cryptocurrency exchanges over the years has generated $2 billion in stolen funds, which the nation allocated toward developing weapons of mass destruction programs, according to a confidential UN document, Reuters reported yesterday. “Democratic People’s Republic of Korea cyber actors, many operating under the direction of…

APT-hunting group claims China’s Security Ministry is behind APT17

Researchers at Intrusion Truth are claiming the cyberespionage group APT17 is operated by the Jinan bureau of the Chinese Ministry of State Security (MSS). Intrusion Truth is an online anonymous group of cybersecurity analysts who investigate and expose APT groups linked to the Chinese government.    APT17 is believed to have been behind a series of…

APT10

APT34 spread malware via LinkedIn invites

FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.  Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families…

Microsoft demos vote verification tool, warns of ongoing foreign meddling

Microsoft Corporation yesterday began publicly demonstrating its free and open-source secure electronic voting solution, ElectionGuard, warning that such innovations are necessary as adversarial nations continue to target the American people and U.S. businesses. In a blog post announcing the demo, Microsoft Corporate Vice President of Customer Security and Trust Tom Burt said that in the…

Sea Turtle DNS hijackers linked to breach of Greece’s ccTLD organization

Despite being publicly exposed earlier this year, the actors behind the malicious Sea Turtle DNS hijacking campaign continue to unabashedly rack up new victims, and apparently added a new technique to their repertoire, a new report states. The group made waves last April when researchers at Cisco’s Talos unit reported that the attackers have been…

APT10

MuddyWater, Fin8 and Platinum threat actors back in action

Researchers have spotted the MuddyWater, Fin8 and Platinum cybergangs all making an unwanted comeback following an observed increase in malicious activity over the last few weeks. Trend Micro came across several campaigns its researchers believe contain the hallmarks of MuddyWater. But this time around the group apparently deployed a new multi-stage PowerShell-based backdoor called POWERSTATS…

APT10 campaign debuts two new loaders for distributing PlugX and Quasar RATs

The reputed Chinese state-sponsored threat group APT10 appears to be the culprit behind a campaign this past April that sought to distribute PlugX and Quasar RAT malware via one of two newly discovered downloader variants. Researchers from enSilo uncovered the campaign after samples were collected from one or more targets based in the Philippines. PlugX and…

ScarCruft ATP campaign leverages ‘rare’ data-harvesting tool for Bluetooth devices

A recent malware campaign targeting investment companies and diplomatic agencies has shed light on some of the newest practices and tools of reputed North Korean APT group ScarCruft. While investigating this campaign, researchers from Kaspersky Lab observed a tool for harvesting Bluetooth device data and were able to analyze the group’s multistage binary infection procedure.…

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool

The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra. The 32-bit Windows executable file is a command-line utility that establishes a connection between a…

Researchers: Chinese APT group used stolen NSA tools prior to Shadow Brokers leak

Some of the U.S. government-linked exploit tools that were published online by the Shadow Brokers hacking group in 2016 and 2017 were actually employed by Chinese actors well before that infamous leak occurred, researchers say. In a blog post yesterday, Symantec reported that its threat research team discovered evidence that cyber espionage actor APT3, aka…

Next post in Security News