Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices.
Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to obtain login credentials for services such as Microsoft 365. They also steal sensitive documents and whatever else they can get their hands on. The goal of the campaign is cyber-espionage.
Read more…
Source: TechRadar News
Related:
- Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks
April 10, 2017
Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...
- Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits
April 8, 2017
A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to “Equation ...
- Federal Agencies Face A New Era Of Cybersecurity Threats
April 6, 2017
Federal agencies should implement new procedures to ensure their workforce is prepared for new cybersecurity threats, warned a federal report Tuesday. The current digital era has brought about technologies that have radically changed society, and allowed for a more convenient way to complete tasks and share information. They’ve also brought new threats that make cybersecurity an ...
- WikiLeaks’ latest release of CIA cyber tools could blow cover on agency hacking operations
April 1, 2017
WikiLeaks’ latest disclosure of CIA cyber tools reveals a technique used by the agency to hide its digital tracks, potentially blowing the cover on current and past hacking operations aimed at gathering intelligence on terrorists and other foreign targets. The release on Friday of the CIA’s “Marble Framework” comes less than a month after the anti-secrecy ...
- New Mirai Variant Carries Out 54-Hour DDoS Attacks
March 30, 2017
A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. The IoT botnet behind the DDoS attacks ...
- The WikiLeaks Hacking Dump Exposed a Big Disconnect Over Cyber Security
March 29, 2017
When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems swung into action. The WikiLeaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s ...