Cyber Espionage | SC Media

Cyber Espionage

PluginPhantom

PhantomLance campaign slipped trojanized apps into marketplaces for years

A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces. Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with medium confidence to the…

Nation-state hackers reportedly hunting for COVID-19 research

Foreign state-sponsored hackers are reportedly targeting companies tasked with researching COVID-19, in some cases intruding into systems and performing reconnaissance. FBI Deputy Assistant Director Tonya Ugoretz acknowledged the cyber espionage activity in an online panel discussion organizations by the Aspen Institute, Reuters has reported. Ugoretz reportedly said that when companies publicly disclose that they are…

Former federal CIO: Efforts to ban Huawei ‘don’t make any sense to me’

Recent U.S. efforts to ban the federal use of telecommunications equipment from Huawei Technologies and other Chinese companies are “malaligned” and “don’t make any sense to me,” said former Federal CIO Tony Scott in a podcast interview with SC Media. Scott, who served under former President Barack Obama and now operates as chairman of his own…

Pic: Epic Games

Lokibot now using fake Epic Games installer to fool victims

The data harvesting malware Lokibot has again been upgraded by its creators, this time to impersonate a popular online game launcher in order to trick victims into mistakenly downloading the malware. Trend Micro researchers say Lokibot now presents itself as an installer of the Epic Games store. The threat actors used Nullsoft Scriptable Install System…

Fox Kitten APT campaign exploits VPN flaws hours after public disclosure

Iranian APT actors have engaged in a long-running cyber espionage and data theft campaign that has victimized dozens of companies around the world, typically compromising them via virtual private network and Remote Desktop Protocol services, according to a new research report. Vulnerable VPNs have been such a favorite attack vector of choice among these actors…

U.S. indicts four Chinese military members over Equifax breach

The U.S. Department of Justice has charged four members of the Chinese People’s Liberation Army with nine criminal counts, accusing them of orchestrating and carrying out the 2017 hack of credit reporting agency Equifax. An indictment returned by a federal grand jury in Atlanta and unveiled today by the DOJ alleges that Beijing residents Wu…

Report: United Nations withheld news of systems hack in European offices

Officials at the United Nations reportedly discovered last August that hackers had compromised its IT systems in Geneva and Vienna last summer, but the cyber espionage attack remained undisclosed until it was revealed on Wednesday in an exposé by The New Humanitarian (TNH). TNH, which once operated under the auspices of the UN Office for…

Mitsubishi Electric discloses June 2019 breach; Tick hacking group reportedly blamed

Japanese manufacturer Mitsubishi Electric has acknowledged its discovery last June of a data breach perpetrated by an unauthorized third party that accessed both personal employee information and corporate materials. The public disclosure came amid multiple English and Japanese news sources publishing details on the incident [1, 2, 3, 4, 5], which experts believe may be…

Report: FBI issues alert after two municipalities hacked via SharePoint

The FBI this month reportedly issued an alert to its private industry partners, warning that a probable nation-state hacking group had recently compromised the networks of two U.S. municipalities via unpatched, vulnerable Microsoft SharePoint servers. According to the report, from ZDNet, the flaw the hackers reportedly abused was CVE-2019-0604, a remote code execution bug caused by…

APT40 hacking group linked to 13 alleged front companies in Hainan, China

The mysterious research group Intrusion Truth has unleashed a new series of reports claiming that 13 businesses based in the southern island province of Hainan, China are collectively a front for reputed Chinese state-sponsored hacking group APT40. The alleged front companies all purport to be science and technology businesses seeking to hire pen testers, software development…

Next post in APTs/cyberespionage