LuckyMouse uses malicious NDISProxy Windows driver to target gov’t entities

The LuckyMouse advanced persistent threat (APT) is back with a twist in tactics that harnesses LeagSoft certificates to spread Trojans by way of malicious NDISProxy drivers. It was back in June that researchers discovered that LuckyMouse, also known as EmissaryPanda and Read More …

‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets

Spreading via fake Android apps, the malware lifts a range of sensitive information from victims’ devices. A mobile spyware campaign against mainly Iranian citizens has been spotted – with evidence that the Iranian government might be involved. The operation is Read More …

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world.” The Justice Department has charged a North Korean man in the hacking of Sony Pictures Entertainment (SPE) in 2014 Read More …

APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security

n advanced threat actor has been associated with China’s Ministry of State Security via two individuals and a Chinese firm. Researchers claim that APT10, a likely China-based threat actor, is believed directly connected to the Chinese Ministry of State Security’s Read More …

A First Look at the North Korean Malware Family Tree

Security researchers have analyzed malware samples from threat actors associated with North Korea and discovered connections with tools from older unattributed campaigns. The research is spread over several months and connects a diverse range of operations from cyberespionage to financially-motivated campaigns. The Read More …

APT15 Pokes Its Head Out With Upgraded MirageFox RAT

The elusive APT15 cyber-espionage group, believed to be affiliated with the Chinese government, has been spotted for the first time in many months, mounting a highly targeted spy campaign using an upgraded version of the Mirage remote access trojan. This Read More …

FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users

Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations Read More …