APT28 – Page 6 – WindowsTechs.com

Russian Hacker Group APT28 Used UEFI Rootkit on Select Targets

Posted on September 28, 2018 by Lucian Constantin

Security researchers have found malicious versions of the LoJack anti-theft software on computers belonging to government agencies from the Balkans and Central and Eastern Europe. They attribute the attacks to the a notorious Russian cyberespionage gr… Continue reading Russian Hacker Group APT28 Used UEFI Rootkit on Select Targets→

Russians’ stealthy ‘LoJax’ malware can infect on the firmware level

Posted on September 27, 2018 by Zaid Shoorbajee

Researchers with cybersecurity company ESET have discovered a malware campaign that is able to compromise a device’s firmware component, which they say in a report published Thursday is the first known instance of such an attack in the wild. ESET says that it found attributes in the malware that link it to the prominent Russian hacking group APT28. The malware, dubbed LoJax, can “serve as a key to the whole computer” by infecting the Unified Extensible Firmware Interface (UEFI) of a device, according to the report. ESET explains that firmware rootkits like LoJax have in the past been demonstrated in theory and are suspected to be in use by some governments, but haven’t been observed in the wild. This kind of malware is hard to detect and has advanced persistence properties, as it’s able to survive a complete operating system reinstall and even a hard drive replacement. If LoJax sounds […]

The post Russians’ stealthy ‘LoJax’ malware can infect on the firmware level appeared first on Cyberscoop.

Continue reading Russians’ stealthy ‘LoJax’ malware can infect on the firmware level→

VPNFilter now has ‘even greater capabilities,’ research shows

Posted on September 26, 2018 by Sean Lyngaas

VPNFilter, the malware framework that co-opted half a million routers into a botnet earlier this year, has “even greater capabilities” than previously documented, new research shows. Talos, Cisco’s threat intelligence unit, said it recently found seven more VPNFilter modules that “add significant functionality to the malware,” whose botnet loomed over Ukraine ahead of a key soccer match in late May as well as an important public holiday in that country. Among the newly discovered capabilities of VPNFilter are the ability to exploit endpoint devices via compromised network gear, plus “data filtering and multiple encrypted tunneling capabilities to mask command and control and data exfiltration traffic,” Talos researcher Edmund Brumaghin wrote in a blog post Wednesday. The VPNFilter-enabled botnet had the ability to “brick” or disable thousands of devices, so researchers and U.S. law enforcement urgently sought to raise awareness of and mitigate the threat. The same week that Talos exposed VPNFilter, […]

The post VPNFilter now has ‘even greater capabilities,’ research shows appeared first on Cyberscoop.

Continue reading VPNFilter now has ‘even greater capabilities,’ research shows→

8/27/19 – Dtex, Insider Threat, Privacy News: Microsoft APT28 Shut Downs Highlight Insider Threat Risks, Tech Heavyweights Seek to Sidestep California Privacy Law

Posted on August 27, 2018 by Dtex Systems

Last week, Microsoft reported that it detected six internet domains that were set up by cyberattack groups associated with the Russian government. According to Microsoft: Last Week, Microsoft’s Digital Crimes Unit (DCU) successfully executed a co… Continue reading 8/27/19 – Dtex, Insider Threat, Privacy News: Microsoft APT28 Shut Downs Highlight Insider Threat Risks, Tech Heavyweights Seek to Sidestep California Privacy Law→

Security Boulevard’s 5 Most Read Stories for the Week, August 20-24

Posted on August 27, 2018 by Saleem Padani

A new week, a new crop of security stories. Last week, malware complacency, Russian cyberspies, GDPR compliance and Mirai IoT malware made the headlines. In addition, we analyzed top security threats for web apps. Be sure to check Security Boulevard d… Continue reading Security Boulevard’s 5 Most Read Stories for the Week, August 20-24→

Google tells senator that nation-state hackers probed his old campaign email accounts

Posted on August 24, 2018 by Sean Lyngaas

Google has informed Sen. Pat Toomey, R-Pa., that nation-state hackers may have tried to breach old email accounts associated with his campaign, according to Toomey spokesman Steve Kelly. The probing involved phishing emails to accounts over a year old, and there is no evidence of a breach, according to Kelly. Based on scans of the emails, they did not appear to contain malware, he added. Toomey, who won re-election in 2016, is not up for re-election again until 2022. “This underscores the cybersecurity threats our government, campaigns, and elections are currently facing,” Kelly said in a statement Friday. “It is essential that Congress impose tough penalties on any entity that undermines our institutions.” Kelly’s statement did not say whether the hackers have been tied to a particular country. Google did not respond to a request for comment by press time. Toomey is the latest politician to draw the attention of […]

The post Google tells senator that nation-state hackers probed his old campaign email accounts appeared first on Cyberscoop.

Continue reading Google tells senator that nation-state hackers probed his old campaign email accounts→

DNC ‘spearphishing attack’ was actually a test

Posted on August 24, 2018 by Lisa Vaas

A fake login page turned out to be a test phishing attack from the Michigan Democratic Party, which hadn’t told the DNC or the ISP about it. Continue reading DNC ‘spearphishing attack’ was actually a test→

Microsoft Seizes Domains Set Up by Russian Cyberspies

Posted on August 22, 2018 by Lucian Constantin

Microsoft has seized six domains that were registered by Russian cyberespionage group Fancy Bear and mimicked the websites of U.S. political organizations and think tanks. “One appears to mimic the domain of the International Republican Institut… Continue reading Microsoft Seizes Domains Set Up by Russian Cyberspies→

DHS, Microsoft to brief states on latest Russian intelligence activity

Posted on August 22, 2018 by Sean Lyngaas

The Department of Homeland Security will hold a conference call for Microsoft representatives to brief state election officials on new evidence showing Russian hackers have targeted the U.S. Senate and conservative think tanks, according to senior DHS cybersecurity adviser Matthew Masterson. The goal will be to turn Microsoft’s observations into actionable security advice for state officials as the November midterms approach. The conference call, which Masterson said had not been scheduled yet, will be an opportunity for state officials to study the latest techniques from the Russian hacking group, often known as Fancy Bear, that breached Democratic Party organizations in the 2016 U.S. presidential campaign. Speaking to reporters Tuesday, Masterson said Microsoft’s takedown of internet domains allegedly set up by Fancy Bear showed “a growing interaction and relationship that we have with industry.” Asked if he anticipated that private companies would need to take similar action in the future, Masterson said the Russian […]

The post DHS, Microsoft to brief states on latest Russian intelligence activity appeared first on Cyberscoop.

Continue reading DHS, Microsoft to brief states on latest Russian intelligence activity→

Microsoft disrupts Fancy Bear election meddlers

Posted on August 22, 2018 by John E Dunn

In a new skirmish, Microsoft took control of six internet domains that were about to be used by the group to spoof US political organisations. Continue reading Microsoft disrupts Fancy Bear election meddlers→