Cyberespionage | SC Media

Cyberespionage

Feds warn against Hidden Cobra’s Hoplight malware

A consortium of U.S. federal agencies released a notification on Hoplight, a new data collector malware being used by the North Korean cyberespionage group Hidden Cobra (aka Lazuras). The Department of Homeland Security, FBI, and Department of Defense in its malware analysis report on Hoplight noted it obfuscation plays a large role in the malware’s…

HTTPS

New ‘Reductor’ malware compromises machines’ encrypted TLS traffic

Cyber espionage actors have developed a malware that can mark victims’ TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later. Dubbed Reductor, the malware appears to share similar code to the COMpfun trojan, which was first documented in 2014 and is closely associated with suspected Russian APT group Turla, aka…

Attackers trojanize Windows Narrator tool to spy on Asian tech firms

Threat actors have been targeting Southeast Asian tech companies with an open-source backdoor that helps establish a foothold in infected machines, and a weaponized text-to-speech application that lets attackers gain SYSTEM-level access. BlackBerry Cylance’s research and intelligence team said in a Sept. 25 blog post that attackers behind the two-year-old campaign are using the malicious…

Report: Dutch agency recruited Iranian mole to help U.S. and Israel plant Stuxnet virus

The 2007 Stuxnet virus attack perpetrated against Iran’s then-budding nuclear program was made possible after U.S. and Israeli intelligence coordinated with Dutch intelligence agency AIVD to recruit an Iranian engineer as a mole who could infect Iran’s enrichment plant near Natanz, Yahoo News reported this week. The engineer initially provided data that helped Stuxnet’s authors…

Reports say China devised iPhone malware campaign to track Muslims; Android and Windows devices also targeted

A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also…

APT-hunting group claims China’s Security Ministry is behind APT17

Researchers at Intrusion Truth are claiming the cyberespionage group APT17 is operated by the Jinan bureau of the Chinese Ministry of State Security (MSS). Intrusion Truth is an online anonymous group of cybersecurity analysts who investigate and expose APT groups linked to the Chinese government.    APT17 is believed to have been behind a series of…

APT10

APT34 spread malware via LinkedIn invites

FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.  Researchers noticed the campaign in late June 2019 using LinkedIn professional network invitations to deliver the malicious documents that included the use of three new malware families…

Russian-based misinformation campaign sends fake news from spoofed accounts

A Russian-based information operations campaign used fake social media accounts across multiple platforms to attack western interests.  Researchers from the Center for Strategic & International Studies detailed a report on a  Russian-based misinformation operations campaign that used fake social media accounts across multiple platforms, at times impersonating real individuals who were politically active in their home…

Next post in Executive Insight