Advanced Persistent Threat

October 9, 2018

Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today. All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd.(Xiongmai hereinafter), a Chinese company based in the city of Hangzhou. But end users won’t be able to tell that ...

October 9, 2018

A zero-day vulnerability tied to the Window’s Win32k component is under active attack, warns Microsoft. Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day (CVE-2018-8453), found by Kaspersky ...

October 5, 2018

This week, news broke that a well-known Saudi dissident has been targeted by the notorious Pegasus spyware – after he gained permanent citizen status in Canada. While this fits into pattern of ongoing attacks on “civil society” members (i.e., journalists, social justice activists, dissidents and human rights organizations), the larger pool of threats against this ...

October 4, 2018

The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...

October 4, 2018

The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for an APT best-known for deploying a complex rootkit called Snake, traditionally focused on ...

October 3, 2018

The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and ...

October 1, 2018

Newly discovered malware from the world of cyberespionage connects the dots between the tools and operations of the little-known Reaper group believed to act on behalf of the North Korean government. The latest findings indicate that the remote access Trojans (RAT) in the KONNI and DOGCALL families are the work of the same operator, tasked with ...

September 27, 2018

Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...

September 13, 2018

The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an ...

September 10, 2018

The LuckyMouse advanced persistent threat (APT) is back with a twist in tactics that harnesses LeagSoft certificates to spread Trojans by way of malicious NDISProxy drivers. It was back in June that researchers discovered that LuckyMouse, also known as EmissaryPanda and APT27, had targeted a national data center containing Asian government resources. In this previous campaign, LuckyMouse used ...