Cyberespionage | SC Media

Cyberespionage

APT33 sics small, elusive botnets on U.S. and global targets

Reputed Iranian threat actor APT33 has been employing more than a dozen secret botnets to infiltrate and spy on the networks of various Middle Eastern, U.S. and Asian organizations, and are even setting up their own VPN networks to conceal their operations, according to researchers. Trend Micro described these findings in a blog post this…

Report: Influential manufacturing trade group targeted by Chinese hackers

Chinese hackers this past summer infiltrated and potentially stole information from the National Association of Manufacturers (NAM), a trade organization and advocacy group that has helped the Trump administration set trade policies with China, Reuters reported this week, citing sources. A cybersecurity firm hired by NAM made the connection to China based on observed tools…

Feds warn against Hidden Cobra’s Hoplight malware

A consortium of U.S. federal agencies released a notification on Hoplight, a new data collector malware being used by the North Korean cyberespionage group Hidden Cobra (aka Lazuras). The Department of Homeland Security, FBI, and Department of Defense in its malware analysis report on Hoplight noted it obfuscation plays a large role in the malware’s…

HTTPS

New ‘Reductor’ malware compromises machines’ encrypted TLS traffic

Cyber espionage actors have developed a malware that can mark victims’ TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later. Dubbed Reductor, the malware appears to share similar code to the COMpfun trojan, which was first documented in 2014 and is closely associated with suspected Russian APT group Turla, aka…

Attackers trojanize Windows Narrator tool to spy on Asian tech firms

Threat actors have been targeting Southeast Asian tech companies with an open-source backdoor that helps establish a foothold in infected machines, and a weaponized text-to-speech application that lets attackers gain SYSTEM-level access. BlackBerry Cylance’s research and intelligence team said in a Sept. 25 blog post that attackers behind the two-year-old campaign are using the malicious…

Report: Dutch agency recruited Iranian mole to help U.S. and Israel plant Stuxnet virus

The 2007 Stuxnet virus attack perpetrated against Iran’s then-budding nuclear program was made possible after U.S. and Israeli intelligence coordinated with Dutch intelligence agency AIVD to recruit an Iranian engineer as a mole who could infect Iran’s enrichment plant near Natanz, Yahoo News reported this week. The engineer initially provided data that helped Stuxnet’s authors…

Reports say China devised iPhone malware campaign to track Muslims; Android and Windows devices also targeted

A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also…

Next post in APTs/cyberespionage