Advanced Persistent Threat


NEWS 
  • Lazarus malware strikes South Korean supply chains

    November 16, 2020

    Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. On Monday, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups — including offshoot entities ...

  • Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

    November 13, 2020

    Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the ongoing assaults. According to Tom Burt, corporate vice president of Customer Security and Trust ...

  • Operation North Star: Behind The Scenes

    November 5, 2020

    It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed earlier this year ...

  • New APT hacking group leverages ‘KilllSomeOne’ DLL side-loading

    November 5, 2020

    A new, Chinese advanced persistent threat (APT) group making the rounds performs DLL side-loading attacks including the phrase “KilllSomeOne.” According to Sophos researcher Gabor Szappanos, the group — suspected to be of Chinese origin — is targeting corporate organizations in Myanmar using poorly-written English messages relating to political subjects. Side-loading utilizes DLL spoofing to abuse legitimate Windows ...

  • APT trends report Q3 2020

    November 3, 2020

    For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ...

  • SMS Phishing Attempts Are Riding the Presidential Election Wave

    October 30, 2020

    SMS-based outreach has become a standard in the political playbook, with candidates and their supporters soliciting financial support, opinions, and votes through texting with increasing frequency and sophistication. In the course of protecting enterprise endpoints, Symantec, a division of Broadcom, has turned up evidence of an increasingly prevalent scam tactic in the run-up to the ...

  • CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

    October 29, 2020

    The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat (APT) actor Turla. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and ...

  • North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

    October 28, 2020

    The North Korean advanced persistent threat (APT) group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Kimsuky (a.k.a. Hidden Cobra) has been operating as a cyberespionage group since 2012 under the auspices of the regime in ...

  • APT groups aren’t all from Russia, China, and North Korea

    October 28, 2020

    Advance persistent threat (APT) hacker groups are often assumed to be state-supported organisations such as China’s APT10 aka Stone Panda, Russia’s APT28 aka Fancy Bear, or Vietnam’s APT32 aka Ocean Lotus. However, these and other groups are often identified and named by cyber intelligence firms with strong links to their national government. FireEye and Crowdstrike in ...

  • US Treasury sanctions Russian research institute behind Triton malware

    October 23, 2020

    The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment. Sanctions were levied today against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM). A FireEye report ...

  • EU sanctions Russian hackers over 2015 German parliament attack

    October 22, 2020

    The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag). EU’s sanctions include both travel bans and asset freezes and also block EU organizations and individuals from ...

  • Russian state hackers stole data from US government networks

    October 22, 2020

    DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. Energetic Bear (also tracked as Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala), a hacking group active since ...

  • Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East

    October 21, 2020

    The Iran-linked espionage group Seedworm (aka MuddyWater) has been highly active in recent months, attacking a wide range of targets, including a large number of government organizations in the Middle East. Many of the organizations attacked by Seedworm in recent months have also been targeted by a recently discovered tool called PowGoop (Downloader.Covic), suggesting that it ...

  • Phishing for secrets: Russian cyber experts believe defense industry is being attacked by North Korea

    October 19, 2020

    A hacker group from North Korea has been attacking Russian military and industrial organizations by sending fraudulent emails, according to cybersecurity experts, who believe that Pyongyang is beginning to cast its net wider. This may come as a surprise to some, as Russia is one of very few countries with no hostility towards Pyongyang, which has ...

  • NSA: Top 25 vulnerabilities actively abused by Chinese hackers

    October 19, 2020

    The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of targeted attacks by Chinese state-sponsored hackers against National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and the Department of ...

  • US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks

    October 19, 2020

    The US Department of Justice has unsealed charges today against six Russian nationals believed to be members of one of Russia’s elite hacking and cyberwar units — known as Sandworm. In court documents today, US officials said all six suspects are officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency ...

  • MontysThree: Industrial espionage with steganography and a Russian accent on both sides

    October 8, 2020

    In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at ...

  • BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

    October 7, 2020

    A cyberespionage group known as BAHAMUT has been linked to a “staggering” number of ongoing attacks against government officials and private-sector VIPs in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. That’s according to BlackBerry researchers, who said that the highly resourced group is probably operating on a mercenary basis, offering ...

  • XDSpy cyber-espionage group operated discretely for nine years

    October 2, 2020

    Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Going largely unnoticed for this long is a rare occurrence these days as malicious campaigns from long-standing adversaries overlap at one point or give sufficient clues for researchers to ...

  • APT-C-23 Android Spyware Variant Snoops on WhatsApp, Telegram Messages

    September 30, 2020

    Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. The malware, Android/SpyC32.A, is currently being used in active campaigns targeting victims in the Middle East. It is a new variant of an existing malware operated by ...