Advanced Persistent Threat

October 19, 2020

A hacker group from North Korea has been attacking Russian military and industrial organizations by sending fraudulent emails, according to cybersecurity experts, who believe that Pyongyang is beginning to cast its net wider. This may come as a surprise to some, as Russia is one of very few countries with no hostility towards Pyongyang, which has ...

October 19, 2020

The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of targeted attacks by Chinese state-sponsored hackers against National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and the Department of ...

October 19, 2020

The US Department of Justice has unsealed charges today against six Russian nationals believed to be members of one of Russia’s elite hacking and cyberwar units — known as Sandworm. In court documents today, US officials said all six suspects are officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency ...

October 8, 2020

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at ...

October 7, 2020

A cyberespionage group known as BAHAMUT has been linked to a “staggering” number of ongoing attacks against government officials and private-sector VIPs in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. That’s according to BlackBerry researchers, who said that the highly resourced group is probably operating on a mercenary basis, offering ...

October 2, 2020

Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Going largely unnoticed for this long is a rare occurrence these days as malicious campaigns from long-standing adversaries overlap at one point or give sufficient clues for researchers to ...

September 30, 2020

Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. The malware, Android/SpyC32.A, is currently being used in active campaigns targeting victims in the Middle East. It is a new variant of an existing malware operated by ...

September 25, 2020

In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks. Microsoft refers to the actor by the name Gadolinium and says that it’s been active for about a decade targeting organizations in the maritime and health industry; more recently, the ...

September 24, 2020

Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6%. The number was highest in Algeria (58.1%), ...

September 21, 2020

Last year I got a parking ticket for lingering too long in a limited zone. Parking tickets are not sufficient reason to declare war on a city’s thinly veiled vehicular taxation scheme for the absentminded. And yet I wanted to. So instead of dutifully filling out the online payment form, I started searching for ways to ...