Cyber Espionage | SC Media

Cyber Espionage

Bouncing Golf campaign takes swing at Android users with info-stealing malware

A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…

New Hawkball backdoor attacks government sector in Central Asia

A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author…

APT10 campaign debuts two new loaders for distributing PlugX and Quasar RATs

The reputed Chinese state-sponsored threat group APT10 appears to be the culprit behind a campaign this past April that sought to distribute PlugX and Quasar RAT malware via one of two newly discovered downloader variants. Researchers from enSilo uncovered the campaign after samples were collected from one or more targets based in the Philippines. PlugX and…

ScarCruft ATP campaign leverages ‘rare’ data-harvesting tool for Bluetooth devices

A recent malware campaign targeting investment companies and diplomatic agencies has shed light on some of the newest practices and tools of reputed North Korean APT group ScarCruft. While investigating this campaign, researchers from Kaspersky Lab observed a tool for harvesting Bluetooth device data and were able to analyze the group’s multistage binary infection procedure.…

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool

The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra. ELECTRICFISH is attributed to North Korea. The 32-bit Windows executable file is a command-line utility…

Researchers: Chinese APT group used stolen NSA tools prior to Shadow Brokers leak

Some of the U.S. government-linked exploit tools that were published online by the Shadow Brokers hacking group in 2016 and 2017 were actually employed by Chinese actors well before that infamous leak occurred, researchers say. In a blog post yesterday, Symantec reported that its threat research team discovered evidence that cyber espionage actor APT3, aka…

‘LightNeuron’ backdoor receives secret commands via Microsoft Exchange email servers; Russian link suspected

Researchers have uncovered what they say is the very first malware to achieve persistence in Microsoft Exchange email servers, which allows attackers to secretly execute commands via malicious emails featuring attachments with hidden code. Dubbed LightNeuron, the furtive backdoor has been targeting Exchange servers since at least 2014, according to a blog post from ESET,…

Amnesty Intl. says cyberattack on Hong Kong office appears linked to known APT group

The Hong Kong division of human rights organization Amnesty International said yesterday that its offices were recently targeted by a sophisticated cyberattack that bore the hallmarks of Chinese state-sponsored actors. A press release issued by the non-governmental organization’s Hong Kong chapter said that suspicious activity was detected on March 15, although it does not state…

DNSpionage actors adjust tactics, debut new remote administration tool

The actors responsible for the DNSpionage DNS hijacking campaign have altered some of their tactics, techniques and procedures (TTPs), introducing a new reconnaissance phase as well as a new malicious remote administration tool called Karkoff. Discovered last November, the operation primarily targets Lebanon- and United Arab Emirates-affiliated .gov domains, commandeering the websites’ DNS servers so…

‘Brazen’ nation-state actors behind ‘Sea Turtle’ DNS hijacking campaign

State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…

Next post in Security News