APT | SC Media

APT

‘Brazen’ nation-state actors behind ‘Sea Turtle’ DNS hijacking campaign

By

State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…

U.S. agencies issue report on Hidden Cobra threat group’s HOPLIGHT malware

By

The U.S. Department of Homeland Security and FBI have jointly released an official Malware Analysis Report detailing several variants of HOPLIGHT, a trojan malware program used by hackers from Hidden Cobra, an APT group that’s been widely linked to the North Korean government. Upon execution, HOPLIGHT allows attackers to collect victim machine information, connect to…

Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign

By

Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…

Flame

Stuxnet research reveals possible 4th accomplice, newly discovered versions of Flame and Duqu malware

By

Recent research into old malware threats associated with the Stuxnet attacks against Iran’s nuclear program roughly one decade ago turned up several new discoveries, including a possible fourth collaborator in the clandestine operation, as well as previously unknown versions of Flame and Duqu malware. Today, Alphabet’s cybersecurity subsidiary Chronicle revealed the findings of its researchers…

Pharma firm Bayer hit with WINNTI malware

By

The German drug manufacturer Bayer reported it was hit with a cyberattack launched from China that used WINNTI malware that resided on its network for at least one year. The company told Reuters it found the malware in its system in early 2018 and then studied and analyzed until last month when it was removed.…

Microsoft researchers find NSA-style backdoor in Huawei laptops

By

The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a March 25 Microsoft security post. Upon investigation, researchers found a…

Elfin, aka APT33, targets U.S., Saudi Arabian firms in cyberespionage campaign

By

The cyberespionage group Elfin, aka APT33, has launched a heavily targeted campaign against multiple organization in Saudi Arabia and the United States. Researchers said the most recent targets include major corporations and despite 42 percent of observed attacks focusing heavily on Saudi Arabia. The U.S. has also been an area of interest for the group…

Panel: Laws to curb influence campaigns on social media should stress transparency, collaboration

By

Security and trust executives from social media platforms Facebook and Twitter said at a RSA 2019 keynote panel this week that their companies would welcome additional transparency regulations as a countermeasure against the weaponization of the internet by foreign adversaries. In addition, other experts on the panel suggested regulations that would require the identification of…

Former NSA Director: Public and private sectors must unite to prevail against advanced cyberattacks

By

At a public appearance this week in San Francisco, former NSA Director Mike Rogers called for the public and private sectors to form a united front against cybersecurity threats, noting that corporate and government cultures still “do not understand each other.” The former commander of the U.S. Cyber Command, Admiral Rogers is now an advisory…

IoT devices attacked faster than ever, DDoS attacks up dramatically: Netscout

By

Cybercriminals upped their game in a big way in 2018, dramatically increasing the number and severity of DDoS attacks and refining their IoT attacks to entirely new levels. The main takeaway from Netscout’s Threat Report that looked at the second half of 2018 was that cybercriminals built and used cheaper, easier-to-deploy and more persistent malware…

Next post in Cybercrime