Cyber Espionage | SC Media

Cyber Espionage

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list

Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

OceanLotus ATP group uses new Kerrdown downloader to deliver payloads

Researchers have discovered a previously unknown custom downloader family that reputed Vietnamese APT group OceanLotus has been using since at least early 2018 to infect victims with payloads such as Cobalt Strike Beacon. The ongoing campaign’s targets are either based in Vietnam or speak Vietnamese, which is in keeping with the m.o. of OceanLotus, which is known to…

Researchers: Remexi spyware campaign targeted diplomatic institutions based in Iran

A cyberespionage campaign targeted Iranian IP addresses late last year, with the goal of infecting victims with an updated version of Remexi backdoor malware, researchers have reported. Some of these IP addresses belong to foreign diplomatic entities located within Iran’s borders. Remexi is typically associated with a reputed Iranian APT group known as Chafer. Its…

Huawei responds to allegations of NSA hacking

U.S. criminally charges Huawei with stealing intellectual property and violating sanctions

U.S. federal prosecutors Monday filed criminal charges against Chinese telecommunications firm Huawei alleging the company stole intellectual property from T-Mobile and violated U.S. sanction orders. The 10-count indictment charges Huawei with conspiracy to steal trade secrets, wire fraud and obstruction of justice as the result of employees trying to steal trade secrets about a robot…

TEMP.MixMaster group infects with Trickbot and delayed Ryuk ransomware combo

Financially motivated threat actors,referred to as TEMP.MixMaster, are infecting victims with Trickbot malware before deploying the infamous Ryuk ransomware and so far have managed to make off with a reported $3.7 million worth of Bitcoin. The attacks are also unique as the threat actors often wait for extended periods after gaining access, often profiting from…

Candid Candiru: Report dredges up details on secretive spyware company

A report from Israeli news outlet Haaretz has ever so slightly lifted the veil on what may be Israel’s second largest commercial provider of offensive cyber tools and spyware, a clandestine company called Candiru. The candiru is South American parasitic catfish that, according to legend, invades swimmers’ urethras. Much like the fish after which it…

Shamoon disk wiper attack on Saipem signals new affront against energy sector, Middle Eastern interests

The malware used to disrupt the global operations of Italian energy contractor Saipem S.p.A. earlier this week was none other than Shamoon, a disk wiper that’s been used in two prior attacks against Saudi interests. Saipem identified Shamoon as the culprit in a Dec. 12 news release that updated its previously vague disclosure of the incident.…

‘Sharpshooter’ cyberespionage campaign scopes out defense, critical infrastructure sectors

A global phishing campaign called Operation Sharpshooter was discovered using fake job recruitment documents to infect defense, government and critical infrastructure organizations with a malicious backdoor implant, presumably for cyber espionage purposes. The implant, nicknamed Rising Sun, was observed in least 87 impacted organizations over the course of October and November, McAfee Labs reported today…

globe_955953

Researchers discover 40,000+ compromised credentials for global gov’t websites

Over the last year and a half, attackers compromised more than 40,000 credentials for various global government websites and portals, using a combination of spyware tools and phishing tactics. Portals hosts in more than 30 countries were affected by the campaign, with the majority of victimized users located in Italy (52 percent), Portugal (22 percent)…

Syrian Electronic Army claims it obtained U.S. Central Command docs via hack

Researchers: Syrian Electronic Army targeting secure messaging app users with spyware

The Syrian Electronic Army hacker group has reportedly been investing heavily in a scheme to infect Android device users with a spyware tool hidden inside fake app updates. Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular  users of secure messaging apps such as WhatsApp and Telegram. The SEA is…

Next post in Security News