Cyberespionage | SC Media

Cyberespionage

Hidden Cobra adds to its malware arsenal: CISA

The DHS Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation have released a report on six new or upgraded malware variants being used by North Korea. The malware types included are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, Buffetline and Hoplight. Hoplight is a previously recorded malware believed to be used by the…

Cybersecurity concerns ground Dept. of Interior drones

The U.S. Department of the Interior has grounded its fleet of non-emergency drones and halted the use of their associated equipment and software while it checks for cybersecurity issues. The Chinese made drones, which number about 800 according to published reports, are being grounded not for any specific cybersecurity vulnerability, but to give the Interior…

APT33 sics small, elusive botnets on U.S. and global targets

Reputed Iranian threat actor APT33 has been employing more than a dozen secret botnets to infiltrate and spy on the networks of various Middle Eastern, U.S. and Asian organizations, and are even setting up their own VPN networks to conceal their operations, according to researchers. Trend Micro described these findings in a blog post this…

Report: Influential manufacturing trade group targeted by Chinese hackers

Chinese hackers this past summer infiltrated and potentially stole information from the National Association of Manufacturers (NAM), a trade organization and advocacy group that has helped the Trump administration set trade policies with China, Reuters reported this week, citing sources. A cybersecurity firm hired by NAM made the connection to China based on observed tools…

Feds warn against Hidden Cobra’s Hoplight malware

A consortium of U.S. federal agencies released a notification on Hoplight, a new data collector malware being used by the North Korean cyberespionage group Hidden Cobra (aka Lazuras). The Department of Homeland Security, FBI, and Department of Defense in its malware analysis report on Hoplight noted it obfuscation plays a large role in the malware’s…

HTTPS

New ‘Reductor’ malware compromises machines’ encrypted TLS traffic

Cyber espionage actors have developed a malware that can mark victims’ TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later. Dubbed Reductor, the malware appears to share similar code to the COMpfun trojan, which was first documented in 2014 and is closely associated with suspected Russian APT group Turla, aka…

Next post in APTs/cyberespionage