Advanced Persistent Threat

August 23, 2018

If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges. And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus. In ...

August 9, 2018

Security researchers have analyzed malware samples from threat actors associated with North Korea and discovered connections with tools from older unattributed campaigns. The research is spread over several months and connects a diverse range of operations from cyberespionage to financially-motivated campaigns. The campaigns analyzed by the researchers and a timeline of their release can be shown below. Read more: Source: ...

August 9, 2018

DarkHydrus uses the open-source Phishery tool to create two of the known Word documents used in the attacks. Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source ...

July 25, 2018

Active attack group is eager to make use of available tools, research, and the work of other threat actors. Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017. The group tends ...

June 19, 2018

The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This is the first evidence of the China-linked actor’s activity since hacking the U.K. government and military ...

June 19, 2018

Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published ...

June 14, 2018

Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a ...

May 18, 2018

A sophisticated and targeted mobile espionage campaign has been found targeting North Korean defectors. Mounted by a relatively new APT actor known as Sun Team, the offensive used Google Play and Facebook as attack vectors; and overall, it shows how quickly the mobile threat landscape is evolving as APTs shift tactics to focus on this ...

May 15, 2018

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over 30 gigabytes of compromised data on attacker infrastructure, including call records, audio recordings, device ...

April 27, 2018

Thailand’s Computer Emergency Response Team (ThaiCERT) has seized a server operated by the North Korea-linked Hidden Cobra APT, which is used to control the global GhostSecret espionage campaign. The campaign is still ongoing. ThaiCERT said in an alert on Wednesday that it is working with McAfee and law enforcement to analyze the control server, which was located at ...