Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
A new cyber espionage campaign from the Russian APT group Fancy Bear has added some firepower in the form of a new malicious first-stage downloader tool called Cannon. Cannon diverges from Fancy Bear’s (aka Sofacy, APT28) usual downloader trojan, Zebrocy, in that it leverages email protocols for C2 communication as opposed to HTTP or HTTPS.…
Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become officially operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…
The Chinese threat actor TEMP.Periscope is being blamed for a phishing-based malware campaign last July against a U.K.-based engineering company, only researchers say the perpetrators exhibited Russian APT techniques to carry out their mission. A company blog post from Recorded Future’s Insikt Group division reports that the attackers used known, published tactics from reputed Russian…
Symantec researchers have uncovered several crucial details behind how the cybergang Lazarus, (AKA Hidden Cobra) has successfully conducted dozens of ATM hacks resulting in the machines literally spewing money out on the group’s command. The FBI and DHS have issued warnings on FASTCash. What was already known is that the bank robbers inject a malicious…
Researchers are pointing to a recently discovered malicious backdoor as a key piece of evidence that apparently links the actors who launched the 2017 NotPetya ransomware attacks with the malicious hackers who disrupted Ukraine’s power grid the year before. The finding potentially helps to confirm ongoing suspicions among cyber experts that these notorious cyber incidents…
Researchers have identified several shared commonalities between reputed Russian APT outlets Turla and Zebrocy, both known for their global, malware-based cyber espionage operations. Such discoveries help bolster the efforts of cyber investigators who seek to map out malicious ecosystems or attribute attacks to foreign actors. In this case, researchers from Kaspersky Lab are reporting that…
On the same day the Department of Justice issued federal indictments against seven Russian military officers for alleged hacking offenses, U.S. Deputy Assistant District Attorney Adam Hickey of the National Security Division defended the practice of charging foreign cybercrime suspects, even when the likelihood of bringing them to justice is low. “There are some who…
Add fast-casual restaurant chain Burgerville to the list of retail and hospitality companies victimized by the Eastern European cybercrime group FIN7. The Vancouver, Wash.-based restaurant operator disclosed in an online security alert and FAQ page that it was infected with malware by FIN7, aka the Carbanak Group, resulting in a data breach that compromised customers’…
The U.S. and several key Western Allies have leveled an array of new and damning hacking allegations against Russia, with the Department of Justice announcing federal indictments against seven officers in Russia’s Main Intelligence Directorate (GRU) military intelligence agency. Officials from America, the UK, Australia, New Zealand and the Netherlands over last 24 hours have publicly…
