Cyber Espionage | SC Media

Cyber Espionage

Syrian Electronic Army claims it obtained U.S. Central Command docs via hack

Researchers: Syrian Electronic Army targeting secure messaging app users with spyware

By

The Syrian Electronic Army hacker group has reportedly been investing heavily in a scheme to infect Android device users with a spyware tool hidden inside fake app updates. Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular  users of secure messaging apps such as WhatsApp and Telegram. The SEA is…

Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit

By

Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…

‘Cannon’ downloader tool added to Fancy Bear’s APT arsenal

By

A new cyber espionage campaign from the Russian APT group Fancy Bear has added some firepower in the form of a new malicious first-stage downloader tool called Cannon. Cannon diverges from Fancy Bear’s (aka Sofacy, APT28) usual downloader trojan, Zebrocy, in that it leverages email protocols for C2 communication as opposed to HTTP or HTTPS.…

fancy-bear

Cozy Bear tracks: Phishing campaign looks like work of Russian APT group

By

Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become officially operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…

Suspected Chinese TEMP.Periscope phishing campaign adopts Russian APT techniques

By

The Chinese threat actor TEMP.Periscope is being blamed for a phishing-based malware campaign last July against a U.K.-based engineering company, only researchers say the perpetrators exhibited Russian APT techniques to carry out their mission. A company blog post from Recorded Future’s Insikt Group division reports that the attackers used known, published tactics from reputed Russian…

State of security: New Hampshire

By

Who’s in charge: Secretary of State William M. Gardner The state spent $250,000 of its nearly $3.2 million election security budget ($3.1 million in federal grant money and $155,000 in matching state funds) to improve systems for the 2018 midterm elections. Deputy Secretary of State David Scanlan said the state has hired firms to test…

Enigmatic cyber espionage campaign revives source code from old foe APT1

By

A newly discovered cyber espionage campaign targeting South Korea, the U.S. and Canada features malware that reuses old source code associated with the seemingly dormant or disbanded APT1 threat group. The findings raise the possibility that the reputed Chinese threat actor has resumed operations, especially because its source code was never released to the public, according to…

Clandestine ‘GreyEnergy’ APT group spawned from BlackEnergy, NotPetya actors

By

Researchers from ESET yesterday exposed a previously undisclosed threat group that descended from TeleBots, the APT group known for launching the BlackEnergy trojan and NotPetya attacks against Ukraine in recent years. Dubbed GreyEnergy, the actor is comparable to the BlackEnergy group (which later changed strategies and became known as TeleBots or Sandworm) in that it…

Researchers: Backdoor malware connects NotPetya culprits to Industroyer attack against Ukraine’s grid

By

Researchers are pointing to a recently discovered malicious backdoor as a key piece of evidence that apparently links the actors who launched the 2017 NotPetya ransomware attacks with the malicious hackers who disrupted Ukraine’s power grid the year before. The finding potentially helps to confirm ongoing suspicions among cyber experts that these notorious cyber incidents…

Researchers: Turla and Zebrocy APT actors shared code, targets in 2018

By

Researchers have identified several shared commonalities between reputed Russian APT outlets Turla and Zebrocy, both known for their global, malware-based cyber espionage operations. Such discoveries help bolster the efforts of cyber investigators who seek to map out malicious ecosystems or attribute attacks to foreign actors. In this case, researchers from Kaspersky Lab are reporting that…

Next post in APTs/cyberespionage