Cyber Espionage | SC Media

Cyber Espionage

Layering EMV chip, tokenization, encryption bolsters card payment security

Chip and PIN protections may fall short as future threats materialize

By

The protections that chip and PIN payment card solutions offer may fall short as cybercriminals begin installing command-and-control malware on infected EMV device readers, a new report warns. Cybercriminals could begin repurposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV…

spyware

Cybercriminals secretly bundle anti-censorship app with spyware framework

By

A legitimate application that’s supposed to help users access censored or blocked websites was secretly bundled with Android spyware and made available for download on third-party marketplaces last year. The app, known as Psiphon and packaged as com.psiphon3, has been safely downloaded from the official Google Play Store over 50 million times. But users who attained…

Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign

By

The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients. An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the…

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list

By

Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

OceanLotus ATP group uses new Kerrdown downloader to deliver payloads

By

Researchers have discovered a previously unknown custom downloader family that reputed Vietnamese APT group OceanLotus has been using since at least early 2018 to infect victims with payloads such as Cobalt Strike Beacon. The ongoing campaign’s targets are either based in Vietnam or speak Vietnamese, which is in keeping with the m.o. of OceanLotus, which is known to…

No news on if Iran will retaliate yet...

Researchers: Remexi spyware campaign targeted diplomatic institutions based in Iran

By

A cyberespionage campaign targeted Iranian IP addresses late last year, with the goal of infecting victims with an updated version of Remexi backdoor malware, researchers have reported. Some of these IP addresses belong to foreign diplomatic entities located within Iran’s borders. Remexi is typically associated with a reputed Iranian APT group known as Chafer. Its…

Huawei responds to allegations of NSA hacking

U.S. criminally charges Huawei with stealing intellectual property and violating sanctions

By

U.S. federal prosecutors Monday filed criminal charges against Chinese telecommunications firm Huawei alleging the company stole intellectual property from T-Mobile and violated U.S. sanction orders. The 10-count indictment charges Huawei with conspiracy to steal trade secrets, wire fraud and obstruction of justice as the result of employees trying to steal trade secrets about a robot…

TEMP.MixMaster group infects with Trickbot and delayed Ryuk ransomware combo

By

Financially motivated threat actors,referred to as TEMP.MixMaster, are infecting victims with Trickbot malware before deploying the infamous Ryuk ransomware and so far have managed to make off with a reported $3.7 million worth of Bitcoin. The attacks are also unique as the threat actors often wait for extended periods after gaining access, often profiting from…

Candid Candiru: Report dredges up details on secretive spyware company

By

A report from Israeli news outlet Haaretz has ever so slightly lifted the veil on what may be Israel’s second largest commercial provider of offensive cyber tools and spyware, a clandestine company called Candiru. The candiru is South American parasitic catfish that, according to legend, invades swimmers’ urethras. Much like the fish after which it…

Shamoon disk wiper attack on Saipem signals new affront against energy sector, Middle Eastern interests

By

The malware used to disrupt the global operations of Italian energy contractor Saipem S.p.A. earlier this week was none other than Shamoon, a disk wiper that’s been used in two prior attacks against Saudi interests. Saipem identified Shamoon as the culprit in a Dec. 12 news release that updated its previously vague disclosure of the incident.…

Next post in Security News