76 matches found
Russian APTs Furiously Phish Ukraine – Google
While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat APT groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. Researchers from...
North Korean APTs Stole ~$400M in Crypto in 2021
Vast amounts of cash sloshing around in cryptocurrency markets are proving irresistible for cybercriminals and scammers of all kinds. From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors – often with dubious understanding o...
‘Lone Wolf’ APT Uses Commodity RATs
An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...
Keep Attackers Out of VPNs: NSA, CISA Offer Guidance
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline which got pwned by the REvil ransomware crooks with an old VPN password or the 87,000 at least Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. Vulnerabilities in VPN servers are like...
CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug
The FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned today that state-backed advanced persistent threat APT actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is...
Zuthaka - An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools
A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2. Explore the docs » About the project Problem Statement The current C2s ecosystem has rapidly grown in order to adapt to modern red team...
Data Exfiltration: What You Should Know to Prevent It
In today’s digitally driven era, data is the most critical component of a business. Companies are collecting more data than ever before, and constantly enhancing their operations through data-driven decisions. As a result, data leaks are a serious concern for companies of all sizes; if one occurs...
Threat Source newsletter (May 27, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We're used to referring to attackers as either APTs or not APTs. And when something is an APT, it sounds a lot scarier and sexier. But it's our belief that that isn't going to cut it anymore. Therefore, we propose in a... This is...
New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations
An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspec...
State-sponsored Threat Groups Target Telcos, Steal 5G Secrets
Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. The campaigns, dubbed “Operation Diànxùn”, target and lure victims working in the telecom industry. A typical ploy...
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromis...
Threat Source newsletter (Feb. 25, 2021)
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We’ve spotted this actor carrying out several...
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs...
Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack
Four nation-state-backed advanced persistent threats APTs hacked Al Jazeera journalists, producers, anchors and executives, in an espionage attack leveraging a zero-day exploit for Apple iPhone, researchers said. The attack, carried out in July and August, compromised 36 personal phones belonging...
Think-Tanks Under Attack by Foreign APTs, CISA Warns
The Cybersecurity and Infrastructure Security Agency CISA and the FBI have issued a warning on what they say are persistent, continued cyberattacks by advanced persistent threat APT actors targeting U.S. think-tanks. The attackers are looking to steal sensitive information, acquire user credentia...
Purgalicious VBA: Macro Obfuscation With VBA Purging
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency NSA, which released a “top 25”...
Microsoft Exchange, Outlook Under Siege By APTs
New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access OWA and Outlook on the Web – in order to steal business credentials and other sensitive data. Both Microsoft’s Exchange mail server and...
Why master YARA: from routine to extreme threat hunting cases. Follow-up
On 3rd of September, we were hosting our "Experts Talk. Why master YARA: from routine to extreme threat hunting cases", in which several experts from our Global Research and Analysis Team and invited speakers shared their best practices on YARA usage. At the same time, we also presented our new...
Iranian hackers used RDP to hit businesses with Dharma ransomware
By Waqas The hackers using Dharma ransomware are "far behind the level of sophistication of big-league Iranian APTs." This is a post from HackRead.com Read the original post: Iranian hackers used RDP to hit businesses with Dharma ransomware...