Cyber Espionage | SC Media

Cyber Espionage

DNSpionage actors adjust tactics, debut new remote administration tool

The actors responsible for the DNSpionage DNS hijacking campaign have altered some of their tactics, techniques and procedures (TTPs), introducing a new reconnaissance phase as well as a new malicious remote administration tool called Karkoff. Discovered last November, the operation primarily targets Lebanon- and United Arab Emirates-affiliated .gov domains, commandeering the websites’ DNS servers so…

‘Brazen’ nation-state actors behind ‘Sea Turtle’ DNS hijacking campaign

State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…

Kaspersky Labs

European Commission: No evidence Kaspersky software is malicious

The European Commission yesterday acknowledged in a public document that it possesses no evidence to support the notion that software from Russia-based Kaspersky Lab software is malicious. The admission comes about 10 months after the European Parliament passed a resolution calling for the European Union to ban dangerous software, naming Kaspersky products as specific example.…

Ukraine-Map

Five-year cyber espionage campaign targeting Ukraine potentially linked to Luhansk People’s Republic

Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…

U.S. agencies issue report on Hidden Cobra threat group’s HOPLIGHT malware

The U.S. Department of Homeland Security and FBI have jointly released an official Malware Analysis Report detailing several variants of HOPLIGHT, a trojan malware program used by hackers from Hidden Cobra, an APT group that’s been widely linked to the North Korean government. Upon execution, HOPLIGHT allows attackers to collect victim machine information, connect to…

Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign

Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…

Flame

Stuxnet research reveals possible 4th accomplice, newly discovered versions of Flame and Duqu malware

Recent research into old malware threats associated with the Stuxnet attacks against Iran’s nuclear program roughly one decade ago turned up several new discoveries, including a possible fourth collaborator in the clandestine operation, as well as previously unknown versions of Flame and Duqu malware. Today, Alphabet’s cybersecurity subsidiary Chronicle revealed the findings of its researchers…

The DOJ to investigate Uber breach

Report: Uber employee used data-scraping tool to gather info on Australian competitor

An Uber employee used a data-scraping tool to round up online data concerning an Australian competitor in order to poach drivers from its business, according to a report this week from ABC News in Australia. Reportedly created in 2015, the tool, called Surfcam, was previously reported to have been used against a rival ride-service company…

Reports: Israeli officials’ devices hacked; data possessed by Iran

Hackers stole information from former Israeli prime minister Ehud Barak’s computer and phone months ago and sold it to Iran, according to multiple news outlets, citing a TV report by Israel’s Channel 12 this past weekend. The news reportedly broke several days after a separate Channel 12 story that said Iranian intelligence directly hacked the…

Next post in Government/Defense