119 matches found
APT28 exploits Follina to deploy CredoMap
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Google Chrome addresses nine vulnerabilities in its latest stable channel update for Windows, Mac, and Linux...
Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine
The Computer Emergency Response Team of Ukraine CERT-UA has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 aka Fancy Bea...
Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
This blog post was authored by Hossein Jazi and Roberto Santos. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 also known as Sofacy and Fan...
Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
The Computer Emergency Response Team of Ukraine CERT-UA has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-laced Microsoft Excel...
APT28 FancyBear Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt Contact: [email protected] Media: twitter.com/malvuln Threat: APT28 FancyBear Vulnerability: Code Execution Description: FancyBear looks for and execute...
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers
A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various...
Microsoft Takedown Domains Used in Cyberattack Against Ukraine
Microsoft seized seven domains it claims were part of ongoing cyberattacks by what it said are state-sponsored Russian advanced persistent threat actors that targeted Ukrainian-related digital assets. The company obtained court orders to take control of the domains it said were used by Strontium,...
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole...
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a...
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...
Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency
Threat actors are exploiting improperly-secured Google Cloud Platform GCP instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view cou...
Advanced threat predictions for 2022
Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. Based on the collective knowledge and insights of our experts, w...
Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries
Google's Threat Analysis Group TAG on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33%...
Google warns some users that FancyBear’s been prowling around
APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of Google services. Some 14,000 people have been notified about a spear phish attempt looking to compromise accounts and access their files. When did this happen? Sometime late...
IoT Piranhas Are Swarming Industrial Controls
Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat was. One day he got flooded over IRC and was fascinated: What just happened? And how did it happen? He’s since spent the vast...
Malware Makers Using ‘Exotic’ Programming Languages
Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...
Kubernetes Used in Brute-Force Attacks Tied to Russia’s APT28
U.S. and U.K. authorities are warning that the APT28 advanced-threat actor APT – a.k.a. Fancy Bear or Strontium, among other names – has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets...
NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers
An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency NSA, Cybersecurity and...
LazyScripter: From Empire to double RAT
Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth...