36 matches found
Anduril Wants to Own the Future of War Tech. Mishaps, Delays, and Challenges Abound
From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned...
North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. "Some of these companies are heavily involved in the unmanned aerial vehicle UAV sector...
Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group
A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously...
North-Korean Cyber-Espionage Operations Grapples Defense Sector
Summary: There is an ongoing cyber-espionage campaign purportedly led by the North Korean threat actors, specifically targeting the global defense industry. The primary objective of these attacks is to acquire data pertaining to advanced military technology, with the intention of assisting North...
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps
The North Korea-linked Lazarus Group aka Hidden Cobra or TEMP.Hermit has been observed using trojanized versions of Virtual Network Computing VNC apps as lures to target the defense industry and nuclear engineers as part of a long-running campaign known as Operation Dream Job. "The threat actor...
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote. While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent...
APT Lazarus Targets Engineers with macOS Malware
North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malicious Mac executable used in the campaign targets both Apple and Intel chip-based systems. The campaign, identified by...
State-Sponsored Phishing Attack Targeted Israeli Military Officials
An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software. Targets of the campaign included a senior leadership in the Israeli defense industry, the...
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center MSTIC tracks as POLONIUM. The associated indicators and tactics were used by the OneDrive team to improve detection of attac...
Looking Over the Nation-State Actors’ Shoulders
Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes By Trellix and Marc Elias · Febraury 17, 2022 Have you ever been curious about how nation-state actors operate and what their day-to-day work looks like? This blog reveals some of these details observed base...
North Korean Hackers Using Windows Update Service to Infect PCs with Malware
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land LotL techniques leveraged by the APT group to further its objectives. The Lazarus Group, also kno...
Lazarus Attackers Turn to the IT Supply Chain
Lazarus – a North Korean advanced persistent threat APT group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework. The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used ...
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on...
Lazarus Targets Job-Seeking Engineers with Malicious Documents
The notorious Lazarus advanced persistent threat APT group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for...
IT threat evolution Q1 2021
Targeted attacks Putting the A into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The companys Orion IT, a solution for monitoring and managing customers IT infrastructure, was compromised by threat actors. This resulte...
Lazarus targets defense industry with ThreatNeedle
Lazarus targets defense industry with ThreatNeedle PDF We named Lazarus the most active group of 2020. Weve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a...
Russian Hacking Tools Codenamed WhiteBear Exposed
Kaspersky Labs exposed a highly sophisticated set of hacking tools from Russia called WhiteBear. From February to September 2016, WhiteBear activity was narrowly focused on embassies and consular operations around the world. All of these early WhiteBear targets were related to embassies and...
Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies
A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise. The tools, called WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and Sou...
A Cyber Revolution: Advanced Attacks Increasing in EMEA Reflect Political Tension
Financial, geopolitical and economical changes made 2015 a very busy year for the Europe, Middle East and Africa EMEA region, particularly in the cyber realm. FireEye has been monitoring these shifting cyber trends and has identified considerable evolutions to the EMEA threat landscape when...
A Cyber Revolution: Advanced Attacks Increasing in EMEA Reflect Political Tension
Financial, geopolitical and economical changes made 2015 a very busy year for the Europe, Middle East and Africa EMEA region, particularly in the cyber realm. FireEye has been monitoring these shifting cyber trends and has identified considerable evolutions to the EMEA threat landscape when...