Advanced Persistent Threat


NEWS 
  • U.S. Charges Chinese Military Officers in 2017 Equifax Hacking

    February 10, 2020

    Four members of China’s military were charged on Monday with hacking into Equifax, one of the nation’s largest credit reporting agencies, and stealing trade secrets and the personal data of about 145 million Americans in 2017. The charges underscored China’s quest to obtain Americans’ data and its willingness to flout a 2015 agreement with the United States to refrain from ...

  • Gamaredon APT Improves Toolset to Target Ukraine Government, Military

    February 5, 2020

    The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. ...

  • Threat Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations

    February 3, 2020

    On September 10, 2019, we observed unknown threat actors exploiting a vulnerability in SharePoint described in CVE-2019-0604 to install several webshells on the website of a Middle East government organization. One of these webshells is the open source AntSword webshell freely available on Github, which is remarkably similar to the infamous China Chopper webshell. On January 10, 2020, we ...

  • U.S. Government Agency Targeted With Malware-Laced Emails

    January 23, 2020

    A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,” involved six unique malicious document lures being sent as attachments from four different Russian email addresses to 10 ...

  • European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019

    January 23, 2020

    Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting IT networks to physical control systems used in electric utilities, manufacturing, and oil refineries. We ...

  • Mitsubishi Electric discloses security breach, China is main suspect

    January 20, 2020

    In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi ...

  • Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided

    January 17, 2020

    On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Microsoft has acknowledged that it is aware of limited targeted attacks exploiting the flaw. All ...

  • Zeppelin: Russian Ransomware Targets High Profile Users in the U.S. and Europe

    January 11, 2020

    Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware. Vega samples were first ...

  • Oil-and-Gas APT Pivots to U.S. Power Plants

    January 10, 2020

    A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part of a broader trend in which cybercriminals focused on critical infrastructure are branching ...

  • Operation AppleJeus Sequel

    January 10, 2020

    The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in order to deliver their manipulated application and exploit ...

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

    January 6, 2020

    Trend Micro found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that ...

  • Microsoft Takes Control Of ‘Thallium’ Hacking Domains

    December 31, 2019

    Microsoft has scored a victory against a North Korean cybercrime group called “Thallium”, the company has revealed. Redmond said that it had taken control of web domains used by Thallium to steal information. The software giant has history in taking on cybercrime and hacking groups through the courts. In August 2018 for example, it foiled a cyber attack that ...

  • Chinese hacker group caught bypassing 2FA

    December 23, 2019

    Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a ...

  • Lazarus pivots to Linux attacks through Dacls Trojan

    December 17, 2019

    Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and malware outbreaks including the infamous WannaCry rampage, the $80 million Bangladeshi bank heist, and a new campaign impacting financial institutions worldwide. Recent reports ...

  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

    December 12, 2019

    The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to ...

  • APT review: what the world’s threat actors got up to in 2019

    December 4, 2019

    What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach ...

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign

    December 4, 2019

    In November 2019, Trend Micro published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristics: notably that these samples were making use of ...

  • IT threat evolution Q3 2019

    November 29, 2019

    Targeted attacks and malware campaigns, Mobile espionage targeting the Middle East At the end of June Kaspersky reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May ...

  • Extensive hacking operation discovered in Kazakhstan

    November 23, 2019

    Chinese cyber-security vendor Qihoo 360 published a report on Friday exposing an extensive hacking operation targeting the country of Kazakhstan. Targets included individuals and organizations involving all walks of life, such as government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, the educational sector, religious figures, government dissidents, and foreign diplomats alike. The campaign, Qihoo 360 ...

  • DePriMon downloader uses novel ways to infect your PC with ColoredLambert malware

    November 21, 2019

    A malware downloader has been spotted using novel “Port Monitor” methods that have not been detected before in active campaigns. Dubbed DePriMon, the malicious downloader is used to deploy malware used by Lambert — also known as the Longhorn advanced persistent threat (APT) group — which specializes in attacks against European and Middle Eastern companies. Kaspersky estimates ...