Advanced Persistent Threat


NEWS 
  • Mysterious cyber espionage campaign uses ‘torpedo’ lure to trick you into downloading malware

    October 18, 2017

    An espionage group is launching cyber attacks against organisations in the maritime and defence sectors in what’s highly likely to be an effort to steal confidential information and research data. Dubbed Leviathan, the group has been active since at least 2014 and takes particular interest in maritime industries, naval defence contractors and associated university research institutions ...

  • Newly Discovered Iranian APT Group Brings State-sponsored Cyber Espionage into Focus

    October 17, 2017

    State-sponsored cyber espionage has been rising steadily in recent years. Whether it’s high-profile attacks such as North Korea’s hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, the stories are mounting. Iran has also been in the cyber espionage news, with major ...

  • Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

    October 16, 2017

    FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis. The critical ...

  • Cyberespionage Group Steps Up Campaigns Against Japanese Firms

    October 14, 2017

    Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group’s current modus operandi. In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of Dell Technologies, researchers paint the most complete picture yet of ...

  • Spy vs spy vs hacker vs… who is THAT? Everyone’s hacking each other

    October 5, 2017

    VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other’s infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence ...

  • Security experts: Iran-backed hackers targeting U.S. and Saudi Arabia

    September 21, 2017

    Cybersecurity firm FireEye has identified a new group of hackers, known as APT33, that it says has been working on behalf of the Iranian government since 2013. The group has “potential destructive capabilities,” FireEye warned. “The campaigns that were laid out were not just aligned with the Iranian government but with the Iranian military,” said Stuart ...

  • Dragonfly 2.0: Hacking Group Infiltrated European and US Power Facilities

    September 7, 2017

    The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...

  • Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

    August 8, 2017

    Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres Guerrero-Saade and Brian Bartholomew, members of Kaspersky Lab’s Global Research and Analysis Team, described ...

  • APT Group Uses Catfish Technique To Ensnare Victims

    July 27, 2017

    Meet Mia Ash, a 20-something London-based photographer, amateur model, social media butterfly with a keen interest in tech-savvy guys with ties to the oil and gas industry. You guessed it. Mia Ash doesn’t exist. Ash, according to Dell SecureWorks Counter Threat Unit, is a virtual persona stitched together by the APT known as Cobalt Gypsy, OilRig, ...

  • Motivation Mystery Behind WannaCry, ExPetr

    July 21, 2017

    If two is a coincidence and three is a trend, maybe we’re not quite there yet in officially calling WannaCry and ExPetr a new movement among APT attacks. But for now, it’s close enough. Researchers are starting to examine the real motivations behind each global outbreak and whether these attacks truly signal a shift of direction ...

  • Researchers Find BlackEnergy APT Links in ExPetr Code

    July 3, 2017

    Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. According to researchers at Kaspersky Lab, there are strong similarities between older versions of BlackEnergy’s KillDisk ransomware compared to ExPetr code. Parallels were first identified in targeted extensions used by both BlackEnergy and ExPetr, ...

  • Group Behind NSA Dump That Led to WannaCry Opens 0-Day Exploit Subscription

    May 30, 2017

    Infamous hacking group Shadow Brokers has promised to release more zero-day exploits, such as the one that has made life a misery for some 300,000 people across the world via WannaCry. Now, the group isn’t just after wreaking havoc, but also after making some money, since the releases will be made for a special club ...

  • Fancy Bear Hackers Tainted Dumped Emails with False Data

    May 27, 2017

    Hackers from Fancy Bear, the espionage hacker group with Russian ties, reportedly snuck false information in the data trove they leaked from the Democratic National Committee during the American elections. According to a report from Citizen Lab, an organization with ties to the University of Toronto, the hackers planted information inside emails belonging to a journalist ...

  • Fancy Bear Hackers Target French Presidential Candidate

    April 25, 2017

    A phishing campaign is targeting the emails of French presidential candidate Emmanuel Macron’s campaign staff. All fingers are pointing towards Russia once more. According to security firm Trend Micro who published a new report today, there are signs of a phishing attack targeting Macron, in what feels like deja-vu. The sites that are trying to trick ...

  • Callisto Group hackers targeted Foreign Office data

    April 13, 2017

    The UK’s Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016. The BBC understands the government has investigated the previously unreported attack that began in April last year. The UK’s National Cyber Security Centre would not say whether data was stolen. But a source told the BBC that the most sensitive Foreign ...

  • Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks

    April 10, 2017

    Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...

  • Russian-Speaking Turla Joins APT Elite

    April 3, 2017

    In the waning moments of his 2016 talk at the Security Analyst Summit, Thomas Rid had a drop-the-mic moment when he disclosed there were likely links between the infamous Moonlight Maze cyberespionage operation of the mid- and late-1990s and the modern-day Turla APT. Today during this year’s annual Kaspersky Lab conference, Rid, along researchers Costin Raiu and ...

  • Lazarus APT Spinoff Linked to Banking Hacks

    April 3, 2017

    The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted ...

  • Espionage Group Turla Tweaks Carbon Backdoor Malware with New Variants

    March 30, 2017

    Russian espionage group Turla has been working on various tools for years, including several new versions of Carbon, a second stage backdoor malware.  The discovery was made by researchers from ESET who claim that this malware is still under active development. Since the group is well known for changing its tools once they are exposed, it’s ...

  • Germany Fought Off Two Fancy Bear Cyber Attacks in 2016

    March 27, 2017

    Fears about Russian involvement in European elections, especially after last year’s US election, aren’t exactly unfounded or born out of paranoia. In fact, Germany says it fended off two cyber attacks coming from the same cybercriminals that targeted Hillary Clinton’s campaign. Arne Schoenbohm, a top German official, told Reuters they managed to fight off two attacks ...