Advanced Persistent Threat

NEWS 
  • A Secret Hacking Group Is Using Android Malware to Spy on Thousands of People in 21 Countries, Research Finds

    January 19, 2018

    A shadowy hacking campaign has been operating out of a Beirut building owned by the Lebanese General Directorate of General Security for the last six years, stealing text messages, call logs, and files from journalists, military members, corporations, and other targets in 21 countries, according to a joint report released today by cybersecurity firm Lookout and digital ...

  • Trisis has the security world spooked, stumped and searching for answers

    January 16, 2018

    More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the ...

  • Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

    November 8, 2017

    Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device ...

  • Sowbug: Cyber espionage group targets South American and Southeast Asian governments

    November 7, 2017

    Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates. Symantec saw ...

  • Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers say

    October 26, 2017

    Despite early reports that there was no use of National Security Agency-developed exploits in this week’s crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as “Bad Rabbit” did in fact use a stolen Equation Group exploit  revealed by Shadowbrokers to spread across victims’ networks. The attackers used EternalRomance, an exploit that bypasses security over ...

  • Latest Sofacy Campaign Targeting Security Researchers

    October 23, 2017

    Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also known as Fancy Bear and APT 28 among other names, using a decoy document related to the CyCon ...

  • Mysterious cyber espionage campaign uses ‘torpedo’ lure to trick you into downloading malware

    October 18, 2017

    An espionage group is launching cyber attacks against organisations in the maritime and defence sectors in what’s highly likely to be an effort to steal confidential information and research data. Dubbed Leviathan, the group has been active since at least 2014 and takes particular interest in maritime industries, naval defence contractors and associated university research institutions ...

  • Newly Discovered Iranian APT Group Brings State-sponsored Cyber Espionage into Focus

    October 17, 2017

    State-sponsored cyber espionage has been rising steadily in recent years. Whether it’s high-profile attacks such as North Korea’s hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, the stories are mounting. Iran has also been in the cyber espionage news, with major ...

  • Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

    October 16, 2017

    FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis. The critical ...

  • Cyberespionage Group Steps Up Campaigns Against Japanese Firms

    October 14, 2017

    Researchers are learning more about the cyberespionage group Bronze Butler. While the gang has been targeting Japanese heavy industry since 2012, not much is known about the group’s current modus operandi. In a report released Thursday by the Counter Threat Unit at SecureWorks, a subsidiary of Dell Technologies, researchers paint the most complete picture yet of ...