23 matches found
Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector
Organizations in the Defense Industrial Base DIB sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach...
Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U....
Oil and Gas Cybersecurity: Recommendations Part 3
In the final part of our series, we look at the APT33 case study and several recommendations from our expert team...
Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint
The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...
Iran-Backed APTs Collaborate on 3-Year 'Fox Kitten' Global Spy Campaign
Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain,...
Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed "Fox Kitten," the cyber-espionage campaign is said to have been directed at...
Oil-and-Gas APT Pivots to U.S. Power Plants.
A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part...
IT threat evolution Q3 2019
Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed 'Operation ViceLeaker' involving the spread of malicious Android samples via instant messaging. The campaign affected several...
Iran’s APT33 Hackers Are Targeting Industrial Control Systems
The recent focus on ICS raises the possibility that Iran's APT33 is exploring physically disruptive cyberattacks...
This Week in Security News: APT33 Botnets Used for Extreme Narrow Targeting and Microsoft’s Patch Tuesday Arrives with A Patch for An IE Zero-Day
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the APT33 threat group that is using live C&C servers for extremely narrow targeting. Also, read about Trend Micro’s complete...
Double Vision: Stealthy Malware Dropper Delivers Dual RATs
A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines. A FortiGuard Labs team recently captured a sample file that had been...
APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims
The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia. Each botnet, linked to its own...
‘Twas the night before
Recently, the United States Cyber Command USCYBERCOM Malware Alert @CNMFVirusAlert highlighted several VirusTotal uploads of theirs - and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it's important to restate y...
Iran-linked APT33 Shakes Up Cyberespionage Tactics
Following a recent report detailing APT33’s infrastructure and tactics, the Iranian state-sponsored threat actor shook up its cyberespionage efforts by adopting new tools and reassigning key domain infrastructure. The infrastructure overhaul stems from a March 2019 Symantec report exposing the...
Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms
An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday. Widely known as APT33, which Symantec...
OVERRULED: Containing a Potentially Destructive Adversary
Introduction FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions th...
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
ARCHIVED STORY Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems By Thomas Roccia · December 19, 2018 Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In...
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
ARCHIVED STORY Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems By Thomas Roccia · December 19, 2018 Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In...
New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection
Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. The Early Bird code injection technique, highlighted in a Wednesday report by Cyberbit,...
Iranian APT33 Targets U.S. Firms with Destructive Malware
The Iranian group known as APT33 is believed to be behind a cyberespionage campaign targeting aerospace, petrochemical and energy sector firms located in the United States, Saudi Arabia and South Korea. The group’s latest attack leverages a dropper called DropShot that is tied to the StoneDrill...