- Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
December 14, 2018
Organizations in Saudi Arabia and the UAE have been hit in latest attacks that involve new wiper malware. After a two-year absence, the destructive malware Shamoon (W32.Disttrack.B) re-emerged on December 10 in a new wave of attacks against targets in the Middle East. These latest Shamoon attacks are doubly destructive, since they involve a new wiper (Trojan.Filerase) ...
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
December 13, 2018
On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...
- Operation Sharpshooter Uses Fileless Malware to Attack Global Infrastructure
December 12, 2018
The McAfee Advanced Threat Research team detected a malware campaign dubbed Operation Sharpshooter which attacked nuclear, defense, energy, and financial targets from all over the world. As detailed by McAfee’s research team, the campaign dubbed “Operation Sharpshooter” makes use of an in-memory essential to download and execute a second stage payload named Rising Sun. Moreover, the Rising Sun implant ...
- Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure
December 11, 2018
Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. When events of geopolitical significance hit the papers, researchers look for parallel signs of sub rosa cyber activity carried out by state-sponsored threat actors—espionage, sabotage, coercion, information operations—to complete the picture. After all, behind every story may lurk ...
- New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
November 30, 2018
MuddyWater is a well-known threat actor group that has been active since 2017. They target groups across Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. Most recently they were connected to a campaign in March that targeted organizations in Turkey, Pakistan, and Tajikistan. The group has been quite visible since the initial 2017 Malwarebytes ...
- GreyEnergy APT Delivers Malware via Phishing Attacks and Multi-Stage Dropper
November 27, 2018
The highly complex backdoor malware payload designed by the GreyEnergy advanced persistent threat (APT) group is being dropped on targeted machines using the common phishing infection vector as detailed by Nozomi Networks’ Alessandro Di Pinto. GreyEnergy attacked and infiltrated the networks of multiple critical infrastructure targets from Eastern Europe, from Poland and Ukraine, with other objectives ...
- Threat Actor Uses DNS Redirects, DNSpionage RAT to Attack Government Targets
November 27, 2018
Cisco Talos discovered a new malware campaign targeting a commercial Lebanese airline company, as well as United Arab Emirates (UAE) and Lebanon government domains. According to Cisco Talos’ findings, the recently observed campaign could not be connected to other threat actors or attacks based on the used infrastructure and its Tactics, Techniques, and Procedures (TTP). The actor ...
- 500K Italian Public Administration Email Accounts Compromised By Targeted Attack
November 21, 2018
500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza. Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the ...
- Lazarus APT Uses Modular Backdoor to Target Financial Institutions
November 21, 2018
The advanced persistent threat group Lazarus with North Korean links has been observed using a modular backdoor during last week to compromise a series of Latin American financial institutions by Trend Micro’s Lenart Bermejo and Joelson Soares. As unearthed by the Trend Micro research team, the APT38 threat group successfully compromised a number of computing systems ...
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
November 20, 2018
The group is best-known for hacking the DNC ahead of the 2016 presidential election. A phishing campaign bent on espionage, believed to be launched by the nation-state threat group known as APT29, is targeting high-value targets across the think-tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government and defense contracting sectors. It’s the first large-scale ...