Advanced Persistent Threat

October 5, 2017

VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other’s infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence ...

September 21, 2017

Cybersecurity firm FireEye has identified a new group of hackers, known as APT33, that it says has been working on behalf of the Iranian government since 2013. The group has “potential destructive capabilities,” FireEye warned. “The campaigns that were laid out were not just aligned with the Iranian government but with the Iranian military,” said Stuart ...

September 7, 2017

The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...

August 8, 2017

Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres Guerrero-Saade and Brian Bartholomew, members of Kaspersky Lab’s Global Research and Analysis Team, described ...

July 27, 2017

Meet Mia Ash, a 20-something London-based photographer, amateur model, social media butterfly with a keen interest in tech-savvy guys with ties to the oil and gas industry. You guessed it. Mia Ash doesn’t exist. Ash, according to Dell SecureWorks Counter Threat Unit, is a virtual persona stitched together by the APT known as Cobalt Gypsy, OilRig, ...

July 21, 2017

If two is a coincidence and three is a trend, maybe we’re not quite there yet in officially calling WannaCry and ExPetr a new movement among APT attacks. But for now, it’s close enough. Researchers are starting to examine the real motivations behind each global outbreak and whether these attacks truly signal a shift of direction ...

July 3, 2017

Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. According to researchers at Kaspersky Lab, there are strong similarities between older versions of BlackEnergy’s KillDisk ransomware compared to ExPetr code. Parallels were first identified in targeted extensions used by both BlackEnergy and ExPetr, ...

May 30, 2017

Infamous hacking group Shadow Brokers has promised to release more zero-day exploits, such as the one that has made life a misery for some 300,000 people across the world via WannaCry. Now, the group isn’t just after wreaking havoc, but also after making some money, since the releases will be made for a special club ...

May 27, 2017

Hackers from Fancy Bear, the espionage hacker group with Russian ties, reportedly snuck false information in the data trove they leaked from the Democratic National Committee during the American elections. According to a report from Citizen Lab, an organization with ties to the University of Toronto, the hackers planted information inside emails belonging to a journalist ...

April 25, 2017

A phishing campaign is targeting the emails of French presidential candidate Emmanuel Macron’s campaign staff. All fingers are pointing towards Russia once more. According to security firm Trend Micro who published a new report today, there are signs of a phishing attack targeting Macron, in what feels like deja-vu. The sites that are trying to trick ...