APT

Pierluigi Paganini August 04, 2020
US govt agencies share details of the China-linked espionage malware Taidoor

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. “The Cybersecurity and Infrastructure Security […]

Pierluigi Paganini July 31, 2020
EU has imposed sanctions on foreign actors for the first time ever

For the first-ever time, the EU has imposed economical sanctions on Russia, China, and North Korea following cyber-attacks aimed at the EU and its member states. The Council of the European Union announced sanctions imposed on a Russia-linked military espionage unit, as well as companies operating for Chinese and North Korean threat actors that launched […]

Pierluigi Paganini July 29, 2020
North Korea-Linked Lazarus APT is behind the VHD ransomware

Security experts from Kaspersky Lab reported that North Korea-linked hackers are attempting to spread a new ransomware strain known as VHD. North Korean-linked Lazarus APT Group continues to be very active, the state-sponsored hackers are actively employing new ransomware, tracked as VHD, in attacks aimed at enterprises. The activity of the Lazarus Group surged in 2014 and […]

Pierluigi Paganini July 23, 2020
New MATA Multi-platform malware framework linked to NK Lazarus APT

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors to distribute ransomware (i.e. VHD […]

Pierluigi Paganini July 17, 2020
Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Iran-linked APT35 group accidentally exposed one of its servers, leaving online roughly 40 GB of videos and other files associated with its operations. Researchers at IBM X-Force Incident Response Intelligence Services (IRIS) discovered an unsecured server belonging to Iran-linked APT35 group (aka ITG18, Charming Kitten, Phosphorous, and NewsBeef) containing data for many domains managed by […]

Pierluigi Paganini July 16, 2020
CIA covert operations likely behind attacks against APT34 and FSB

CIA orchestrated dozens of hacking operations against targets worldwide, including APT34 and FSB hacks, states an exclusive report from Yahoo News. In 2018, US President Trump gave to the Central Intelligence Agency (CIA) more powers to conduct covert offensive cyber operations against hostile threat actors, including Iranian and Russian APT groups and intelligence agencies. In […]

Pierluigi Paganini July 06, 2020
North Korean Lazarus APT stole credit card data from US and EU stores

North Korea-linked Lazarus APT has been stealing payment card data from customers of large retailers in the U.S. and Europe for at least a year. Sansec researchers reported that North Korea-linked Lazarus APT group has been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a year. […]

Pierluigi Paganini June 19, 2020
AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at […]

Pierluigi Paganini June 18, 2020
InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. […]

Pierluigi Paganini June 17, 2020
Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Experts uncovered a new cyber-espionage campaign, dubbed “Operation In(ter)reception,” aimed at aerospace and military organizations in Europe and the Middle East. Security experts from ESET uncovered a new sophisticated cyber-espionage campaign, dubbed “Operation In(ter)reception,” aimed at aerospace and military organizations in Europe and the Middle East. The attackers were attempting to spy on key employees […]