APT | SC Media

APT

Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit

By

Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…

‘Cannon’ downloader tool added to Fancy Bear’s APT arsenal

By

A new cyber espionage campaign from the Russian APT group Fancy Bear has added some firepower in the form of a new malicious first-stage downloader tool called Cannon. Cannon diverges from Fancy Bear’s (aka Sofacy, APT28) usual downloader trojan, Zebrocy, in that it leverages email protocols for C2 communication as opposed to HTTP or HTTPS.…

fancy-bear

Cozy Bear tracks: Phishing campaign looks like work of Russian APT group

By

Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become officially operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…

Suspected Chinese TEMP.Periscope phishing campaign adopts Russian APT techniques

By

The Chinese threat actor TEMP.Periscope is being blamed for a phishing-based malware campaign last July against a U.K.-based engineering company, only researchers say the perpetrators exhibited Russian APT techniques to carry out their mission. A company blog post from Recorded Future’s Insikt Group division reports that the attackers used known, published tactics from reputed Russian…

Lazarus FASTCash ATM attack details discovered

By

Symantec researchers have uncovered several crucial details behind how the cybergang Lazarus, (AKA Hidden Cobra) has successfully conducted dozens of ATM hacks resulting in the machines literally spewing money out on the group’s command. The FBI and DHS have issued warnings on FASTCash. What was already known is that the bank robbers inject a malicious…

Researchers: Backdoor malware connects NotPetya culprits to Industroyer attack against Ukraine’s grid

By

Researchers are pointing to a recently discovered malicious backdoor as a key piece of evidence that apparently links the actors who launched the 2017 NotPetya ransomware attacks with the malicious hackers who disrupted Ukraine’s power grid the year before. The finding potentially helps to confirm ongoing suspicions among cyber experts that these notorious cyber incidents…

Researchers: Turla and Zebrocy APT actors shared code, targets in 2018

By

Researchers have identified several shared commonalities between reputed Russian APT outlets Turla and Zebrocy, both known for their global, malware-based cyber espionage operations. Such discoveries help bolster the efforts of cyber investigators who seek to map out malicious ecosystems or attribute attacks to foreign actors. In this case, researchers from Kaspersky Lab are reporting that…

U.S. Deputy ADA: Indictments of alleged foreign hackers have merit, even without an arrest

By

On the same day the Department of Justice issued federal indictments against seven Russian military officers for alleged hacking offenses, U.S. Deputy Assistant District Attorney Adam Hickey of the National Security Division defended the practice of charging foreign cybercrime suspects, even when the likelihood of bringing them to justice is low. “There are some who…

Burgerville discloses year-long data breach, courtesy of FIN7 cybergang

By

Add fast-casual restaurant chain Burgerville to the list of retail and hospitality companies victimized by the Eastern European cybercrime group FIN7. The Vancouver, Wash.-based restaurant operator disclosed in an online security alert and FAQ page that it was infected with malware by FIN7, aka the Carbanak Group, resulting in a data breach that compromised customers’…

RussiaHack

U.S. indicts GRU officers over anti-doping agency hacks; Western allies condemn Russia

By

The U.S. and several key Western Allies have leveled an array of new and damning hacking allegations against Russia, with the Department of Justice announcing federal indictments against seven officers in Russia’s Main Intelligence Directorate (GRU) military intelligence agency. Officials from America, the UK, Australia, New Zealand and the Netherlands over last 24 hours have publicly…

Next post in APTs/cyberespionage