31 matches found
Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers
Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which...
The sound of you typing on your keyboard could reveal your password
As if password authentications coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate...
The Bug Report - July 2023 Edition
The Bug Report – July 2023 Edition By Trellix · August 02, 2023 This story was also written by John Dunlap. A Storm is Brewing! Why am I here? Summer is now in full swing, and our July Bug Report is similarly coming out swinging. This month comes with a red-hot list of software vulnerabilities...
Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions
Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed...
Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack
An advanced persistent threat APT group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a...
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
Main facts Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Operators of these campaigns hunt for corporate credentials, aiming to commit financial fraud or to sell them to other malicious actors. Spearphishing emails with malicious attachments sent...
The ‘Groove’ Ransomware Gang Was a Hoax
A number of publications in September warned about the emergence of "Groove," a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists...
MontysThree APT Takes Unusual Aim at Industrial Targets
SAS@Home 2020 – A series of highly targeted attacks by an APT group called MontysThree against industrial targets has been uncovered, with evidence that the campaign dates back to 2018. That’s according to researchers from Kaspersky, who noted that the group uses a variety of techniques to evade...
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no...
Hackers-for-hire using malicious 3Ds Max plugin for industrial espionage
By Deeba Ahmed This hackers-for-hire group is carrying out espionage operations against businesses across the globe. This is a post from HackRead.com Read the original post: Hackers-for-hire using malicious 3Ds Max plugin for industrial espionage...
APT Hackers Exploit Autodesk 3ds Max Software for Industrial Espionage
It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information. Bitdefender's Cyber Threat Intelligence Lab...
Vital infrastructure: securing our food and agriculture
I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector? Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That...
Feds accuse Chinese firm of stealing trade secrets of US tech giant
By Uzair Amir The US Justice Department has accused China to be involved in industrial espionage. According to a press release from the department, the Chinese government has made memory chips that store data its centralized science and technology strategy only to cover its espionage activities. ...
Phishing Campaign Steals Money From Industrial Companies
Industrial production companies are the targets in a large-scale spear-phishing email campaign aimed at installing legitimate remote administration software on victims’ systems. Researchers with Kaspersky Lab said that emails purporting to be commercial offers were the conduit to enabling attacke...
Dan Geer: Cybersecurity, Humanity's Future "Conjoined"
Given the intertwinement of technology with communication, politics, economies and overall human progress, it seems to go hand-in-hand that cybersecurity must be elevated in parallel. Dan Geer, considered atop the food chain of security thinkers, said during last week’s Source Boston conference...
Detecting threat actors in recent German industrial attacks with Windows Defender ATP
When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, givin...
German Industrial Giant Victim of Cyber Espionage
German industrial conglomerate ThyssenKrupp disclosed last week that technical trade secrets were stolen in a cyberattack that dates back to February. Adversaries, ThyssenKrupp said, engaged in “organized, highly professional hacker activities” and launched their attack from the Southeast Asian...
Hill Debates Course of Action on China Cyberespionage
Lawmakers and experts on the U.S.-China Economic and Security Review Commission today debated with and quizzed security and legal experts on the best course of action against cyberespionage attributed to China. The Senate committee heard pros and cons related to a number of possible scenarios...
China Finally Admits It Has Army of Hackers
China finally admits it has special cyber warfare units — and a lot of them. From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has...
New Variant of Havex Malware Scans for OPC Servers at SCADA Systems
At the beginning of the month, we have reported about the new surge of a Stuxnet-like malware “Havex”, which was previously targeting organizations in the energy sector, had been used to carry out industrial espionage against a number of companies in Europe and compromised over 1,000 European and...