APT

Pierluigi Paganini August 21, 2019
China-linked APT41 group targets US-Based Research University

Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based research university. Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based research university. The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks […]

Pierluigi Paganini August 21, 2019
Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Experts from Group-Ib that exposed the most recent campaigns carried out by Silence reported that damage from the APT group operations increases fivefold. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. […]

Pierluigi Paganini August 13, 2019
Recently Cloud Atlas used a new piece of polymorphic malware

Cloud Atlas threat actors used a new piece of polymorphic malware in recent attacks against government organizations. The Cloud Atlas cyberespionage group, aka Inception, continues to carry out attacks against government organizations and was observed using a new piece of polymorphic malware dubbed VBShower. The Cloud Atlas was first observed by researchers at Kaspersky Lab […]

Pierluigi Paganini August 07, 2019
OilRig APT group: the evolution of attack techniques over time

Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I’d like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..)  and more personal thoughts. I would define this group […]

Pierluigi Paganini August 06, 2019
Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […]

Pierluigi Paganini August 05, 2019
Machete cyber-espionage group targets Latin America military

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military. The group has been active since 2010 and hit military organizations and other high-profile targets worldwide. […]

Pierluigi Paganini August 02, 2019
Nation-state actor uses new LookBack RAT to target US utilities

Experts warn of a phishing campaign targeting US companies in the utility sector aimed at infecting systems with a new LookBack RAT. Security experts at Proofpoint uncovered a phishing campaign targeting US companies in the utility sector aimed at infecting systems with a new LookBack RAT. “Between July 19 and July 25, 2019, several spear-phishing […]

Pierluigi Paganini August 01, 2019
Recently discovered Hexane group targets the oil and gas industry

Security researchers at Dragos Inc have tracked the activity of a threat actor recently discovered and dubbed Hexane. Security experts at Dragos Inc. have discovered a new threat actor, tracked as Hexane, that is targeting organizations in the oil and gas industry and telecommunication providers. The Hexane group has been active since at least the […]

Pierluigi Paganini July 25, 2019
German firms BASF, Siemens, Henkel hit by cyber attacks

A new wave of cyber attacks carried out by a China-linked APT group hit German blue-chip companies BASF, Siemens, Henkel and others. On Wednesday, German blue-chip companies BASF, Siemens, Henkel along with a host of others confirmed they had been targeted by a wave of cyber attacks. German media reported that the cyber attacks were […]

Pierluigi Paganini July 24, 2019
China-Linked APT15 group is using a previously undocumented backdoor

ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years. APT15 has been active […]