22 matches found
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence AI technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their...
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)
Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud...
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East
An Iranian advanced persistent threat APT threat actor likely affiliated with the Ministry of Intelligence and Security MOIS is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster under the moniker...
Cardiologist moonlighted as successful ransomware developer
The US has charged a 55-year-old French-Venezuelan cardiologist from Venezuela with "attempted computer intrusions and conspiracy to commit computer intrusions". This was revealed in an unsealed complaint in a federal court in Brooklyn, New York. Moises Luis Zagala Gonzales worked as a ransomware...
Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware
At least three different advanced persistent threat APT groups from across the world have launched spear-phishing campaigns in mid-March 2022 using the ongoing Russo-Ukrainian war as a lure to distribute malware and steal sensitive information. The campaigns, undertaken by El Machete, Lyceum, and...
CISA warns of cyberespionage by Iranian APT “MuddyWater”
Cybersecurity agencies in the US and UK have issued a joint cybersecurity advisory CSA on MuddyWater, a government-sponsored Iranian advanced persistent threat APT actor. The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the US Cyber Command Cyber...
CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater
U.S. Cyber Command’s Cyber National Mission Force CNMF has identified multiple open-source tools used by an Iranian advanced persistent threat APT group known as MuddyWater. According to CNMF, “MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These...
A week in security (Nov 15 – Nov 21)
Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s boss Evasive manoeuvres: HTML smuggling explained FBI server hijacked to send up to 100,000 bogus attack mails New Mac malware raises more questions about Apple’s security patching SharkBot Android...
Iranian APT is targeting Middle Eastern Aerospace and Telecommunications companies
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. ShellClient is a powerful new Remote Access Trojan RAT that was used in highly targeted attacks on a select few Aerospace and Telecommunications firms, primarily in the Middle East, with other victims in the United States,...
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...
A week in security (January 11 – January 17)
Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some...
Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure...
CISA and FBI Release Joint Advisory on Iranian APT Actor Targeting Voter Registration Data
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released a joint cybersecurity advisory on an Iranian advanced persistent threat APT actor targeting U.S. state websites, including elections websites, to obtain voter registration data. Joi...
Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
Summary The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI are warning that Iranian advanced persistent threat APT actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public...
CISA and FBI Release Joint Advisories Regarding Russian and Iranian APT Actors
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released two joint cybersecurity advisories on widespread advanced persistent threat APT activity. Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat...
Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher for Malwarebytes, about Google Chrome extensions. These sometimes helpful online tools that work directly...
Iranian APT Group Targets Governments in Kuwait and Saudi Arabia
Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were conducted by Chafer APT also known as APT39 or Remix Kitten, a threat actor known fo...
Iranian APT Targets Govs With New Malware
SAN FRANCISCO – A never before seen credential-stealing malware, dubbed ForeLord, has been uncovered in recent spear phishing emails. Researchers have attributed the campaign to a known Iranian advanced persistence threat APT group. The emails distributing ForeLord were uncovered as part of a...
Turla Compromises, Infiltrates Iranian APT Infrastructure
The Turla APT group has been spotted co-opting two cyberweapons from an Iranian APT APT 34, according to one set of researchers, known as the Nautilus and Neuron implants, and deploying them against targets in the Middle East. The group also infiltrated the global operational infrastructure used ...
NSA and NCSC Release Joint Advisory on Turla Group Activity
The National Security Agency NSA and the United Kingdom National Cyber Security Centre NCSC have released a joint advisory on advanced persistent threat APT group Turla—widely reported to be Russian and also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug. The advisory provides an update to...