Lucene search
K

33 matches found

Securelist
Securelist
added 2024/11/25 10:0 a.m.69 views

Advanced threat predictions for 2025

We at Kaspersky's Global Research and Analysis Team monitor over 900 APT advanced persistent threat groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipat...

9.8CVSS8.1AI score0.95086EPSS
Exploits30
The Hacker News
The Hacker News
added 2023/04/19 3:41 p.m.27 views

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/09 3:5 p.m.91 views

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/09 3:5 p.m.5 views

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

5.8AI score
Exploits0
Securelist
Securelist
added 2020/07/15 10:0 a.m.96 views

GReAT Ideas follow-up

On June 17, we hosted our first "GReAT Ideas. Powered by SAS" session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to...

9CVSS8.9AI score0.99965EPSS
Exploits30
ThreatPost
ThreatPost
added 2019/10/29 2:57 p.m.76 views

Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom

At least 16 anti-doping authorities and sporting organizations around the world have been hit by cyberattacks as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020. The attacks, which began Sept. 16, have been linked to infamous Russian threat group Fancy Bea...

9.3CVSS0.2AI score0.99512EPSS
Exploits75References15
ThreatPost
ThreatPost
added 2019/09/24 3:10 p.m.66 views

Zebrocy Retools for New Political Attacks

The APT known as the Sednit threat group also known as Sofacy, APT28 and Fancy Bear has kicked off a fresh spearphishing campaign, that was spotted targeting government entities with the Zebrocy backdoor. The malware features a rewritten and newly-improved backdoor and downloader, indicating an...

7.8AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/06/04 6:48 p.m.84 views

Zebrocy: A Russian APT Specializing in Victim Profiling, Access

Zebrocy, the Russian speaking threat group that shares similarities and overlaps with both the Sofacy and BlackEnergy APTs, is once again roaming the wide plain of government, foreign-affairs and military targets. Researchers have spotted the group using a new first-stage malware dropper in recen...

0.2AI score
Exploits0References5
Securelist
Securelist
added 2019/06/03 2:0 p.m.104 views

Zebrocy’s Multilanguage Malware Salad

Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/05/23 10:0 a.m.3223 views

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

7.2CVSS7.8AI score0.96274EPSS
Exploits13
ThreatPost
ThreatPost
added 2019/04/10 3:11 a.m.161 views

Meet ‘TajMahal,’ A New and Highly Advanced APT Framework

SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...

7.5AI score
Exploits0References4
Securelist
Securelist
added 2019/01/11 10:0 a.m.140 views

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, "Masha and these Bears" included discussion of a subset of Sofacy activity and malware that we call "Zebrocy", and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/12/18 9:48 p.m.12 views

Sofacy Russia-Linked APT Debuts Fresh Zebrocy Variant

The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy a.k.a. APT28, Fancy Bear or Sednit – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language. The similarities between the new paylo...

0.2AI score
Exploits0References3
Securelist
Securelist
added 2018/12/05 2:0 p.m.79 views

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it's never possible to really understand the motivations of some attacks or the developments behind them...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2018/11/21 12:32 a.m.18 views

Sofacy APT Takes Aim with Novel 'Cannon' Trojan

The Sofacy APT group is back, with a new second-stage custom malware payload that researchers have dubbed “Cannon.” A campaign against several government entities around the globe, including in North America, Europe and a former Soviet state, came in waves during late October and early November,...

7.1AI score
Exploits0References2
Securelist
Securelist
added 2018/10/11 7:30 a.m.43 views

Threats in the Netherlands

Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2018/06/19 7:29 p.m.10 views

Olympic Destroyer Returns to Target Biochemical Labs

Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishi...

Exploits0References5
Schneier on Security
Schneier on Security
added 2018/06/11 11:19 a.m.59 views

Router Vulnerability and the VPNFilter Botnet

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming year...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/05/24 9:59 a.m.106 views

FBI seizes control of a massive botnet that infected over 500,000 routers

Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece ...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2018/03/23 11:52 a.m.17 views

A Closer Look at APT Group Sofacy’s Latest Targets

Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang. Research shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti...

2.1AI score
Exploits0References2
Rows per page
Query Builder