New UAC-0056 activity: There’s a Go Elephant in the room

This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in...

Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

Footage of opposition leaders calling for the assassination of Iran’s Supreme Leader ran on several of the nation’s state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB. The incident – one of a series of politically motivated attacks in Iran...

The Top 30 Vulnerabilities Include Plenty of Usual Suspects

Plus: A sneaky iOS app, a wiper attack in Iran, and more of the week’s top security news...

Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation

Several different events in the Middle East ME region have escalated in the last several weeks between Iran and the United States. After a series of military operations between the two countries, several alerts were released from the U.S. government of a potential for cyberattacks. Traditionally...

Devilish ONI Attacks in Japan Use Wiper to Cover Tracks

NotPetya has shown the way for attackers who want use ransomware as a cover for a deeper incursion. The latest example is a wave of wiper attacks hitting organizations in Japan for possibly as long as the last nine months. Researchers at Cybereason this week said they had detected targeted attack...

Ukrainian Man Arrested, Charged in NotPetya Distribution

The Cyber Police of Ukraine arrested a suspect they allege distributed the destructive NotPetya/ExPetr malware resulting in the infection of 400 computers. NotPetya/ExPetr was the malware behind a massive global cyberattack that took place earlier this year. It infected computers worldwide with...

On This Week's NotPetya, ExPetr Outbreak

Mike Mimoso and Chris Brook discuss this week’s ExPetr global ransomware outbreak, how it was distributed, the wiper aspect, and similarities to 2016’s Petya ransomware. Download: ThreatpostNewsWrapJune302017.mp3 Music by Chris Gonsalves Show notes: ExPetr Called a Wiper Attack, Not Ransomware Ne...

Petya Is Not Ransomware, It's a 'Wiper'

The outbreak of the ExPetr malware isn’t a ransomware attack, but more precisely, it’s a wiper attack that sabotaged PCs globally, overwriting their Master Boot Record forever. That’s the analysis of security experts from Kaspersky Lab and Comae Technologies who shared their latest research on th...

Grid Utilities Critical Infrastructure Protection Lacking

It would seem that what spurs private and public electric grid utility operators to action with regard to cybersecurity isn’t the Chinese or Iranians attacking them, but the word “mandatory”. A paper published yesterday by two U.S. legislators revealed that when there are mandatory cybersecurity...