Cyber Espionage | SC Media

Cyber Espionage

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information. Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26…

Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor

A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…

Microsoft demos vote verification tool, warns of ongoing foreign meddling

Microsoft Corporation yesterday began publicly demonstrating its free and open-source secure electronic voting solution, ElectionGuard, warning that such innovations are necessary as adversarial nations continue to target the American people and U.S. businesses. In a blog post announcing the demo, Microsoft Corporate Vice President of Customer Security and Trust Tom Burt said that in the…

Sea Turtle DNS hijackers linked to breach of Greece’s ccTLD organization

Despite being publicly exposed earlier this year, the actors behind the malicious Sea Turtle DNS hijacking campaign continue to unabashedly rack up new victims, and apparently added a new technique to their repertoire, a new report states. The group made waves last April when researchers at Cisco’s Talos unit reported that the attackers have been…

Fake Facebook political pages tricked Libyans into downloading RATs

A mysterious hacker has for years been tricking Libyan citizens into infecting themselves with mobile and desktop malware by luring them to weaponized Facebook pages that impersonate key local figures and purport to deliver news of interest to the civil war-torn nation’s people. Researchers from Check Point Software Technologies have traced the campaign – dubbed…

Bouncing Golf campaign takes swing at Android users with info-stealing malware

A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…

New Hawkball backdoor attacks government sector in Central Asia

A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author…

APT10 campaign debuts two new loaders for distributing PlugX and Quasar RATs

The reputed Chinese state-sponsored threat group APT10 appears to be the culprit behind a campaign this past April that sought to distribute PlugX and Quasar RAT malware via one of two newly discovered downloader variants. Researchers from enSilo uncovered the campaign after samples were collected from one or more targets based in the Philippines. PlugX and…

ScarCruft ATP campaign leverages ‘rare’ data-harvesting tool for Bluetooth devices

A recent malware campaign targeting investment companies and diplomatic agencies has shed light on some of the newest practices and tools of reputed North Korean APT group ScarCruft. While investigating this campaign, researchers from Kaspersky Lab observed a tool for harvesting Bluetooth device data and were able to analyze the group’s multistage binary infection procedure.…

U.S. intel agencies issue analysis of North Korea’s ELECTRICFISH tunneling tool

The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report (MAR) warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by the North Korea government hacking group Hidden Cobra. The 32-bit Windows executable file is a command-line utility that establishes a connection between a…

Next post in APTs/cyberespionage