APT

Pierluigi Paganini January 10, 2020
North Korea-linked Lazarus APT continues to target cryptocurrency exchanges

In the last 18 months, North Korea-linked Lazarus APT group has continued to target cryptocurrency exchanges evolving its TTPs. Kaspersky researchers have analyzed the attacks carried out by North Korea-linked Lazarus APT group in the past 18 months and confirmed their interest in banks and cryptocurrency exchanges. In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency […]

Pierluigi Paganini January 07, 2020
China-based Bronze President APT targets South and East Asia

A cyber-espionage group tracked as Bronze President has been targeting countries in South and East Asia, Secureworks experts warn. Researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a cyber espionage campaign carried out by an APT group tracked as Bronze President, The Bronze President group is targeting political and law enforcement organizations and NGOs […]

Pierluigi Paganini December 30, 2019
Microsoft sued North Korea-linked Thallium group

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. The hackers target Microsoft users impersonating the company, according to a lawsuit unsealed Dec. 27 in […]

Pierluigi Paganini December 29, 2019
A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Security experts from Fortinet’s enSilo have discovered a new loader, dubbed BIOLOAD, associated with the financially-motivated group FIN7. The group that has been active since late 2015 targeted businesses worldwide […]

Pierluigi Paganini December 23, 2019
Op Wocao – China-linked APT20 was able to bypass 2FA

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA. The attacks aimed at government entities and […]

Pierluigi Paganini December 18, 2019
Gangnam Industrial Style APT campaign targets industrial firms worldwide

Experts discovered that at least 200 companies were the victims of a campaign, dubbed Gangnam Industrial Style, carried out by an advanced persistent threat (APT) group.  Experts from the CyberX’s threat intelligence team Section 52 uncovered an ongoing cyberespionage campaign, tracked as Gangnam Industrial Style, that targeted industrial, engineering, and manufacturing organizations, most of them in South […]

Pierluigi Paganini December 17, 2019
Dacls RAT, the first Lazarus malware that targets Linux devices

Researchers spotted a new Remote Access Trojan (RAT), dubbed Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. Experts at Qihoo 360 Netlab revealed that the North-Korea Lazarus APT group used a new Remote Access Trojan (RAT), dubbed Dacls, to target both Windows and Linux devices. The activity […]

Pierluigi Paganini December 15, 2019
Iran announced to have foiled a second cyber-attack in a week

Iran telecommunications minister announced that for the second time in a week Iran has foiled a cyber attack against its infrastructure. Iran has foiled a new cyber-attack, the country’s telecommunications minister Mohammad Javad Azari-Jahromi says. A few days ago, the Iranian telecommunications minister Mohammad Javad Azari Jahromi, announced that the Islamic Republic had recently thwarted […]

Pierluigi Paganini December 12, 2019
Trickbot gang and Lazarus APT, the hidden link behind an epochal phenomena

For the first time, experts shed the light on the link between the TrickBot gang and the North Korea-linked APT group Lazarus. Security experts Sentinelone have published a report that for the first time sheds the light on the link between the TrickBot crimeware and the North Korea-linked APT group Lazarus. For the first time, experts shed the light on the link between […]

Pierluigi Paganini December 08, 2019
Security Affairs newsletter Round 243

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Data of 21 million Mixcloud users available for sale on the dark web Google warned 12K+ users targeted by state-sponsored hackers Twitter account of Huawei Mobile Brazil hacked Clop Ransomware attempts to disable Windows Defender and Malwarebytes Europol […]