APT33 – Page 2 – WindowsTechs.com

Iran-linked APT33 Shakes Up Cyberespionage Tactics

Posted on June 26, 2019 by Lindsey O'Donnell

After a March report exposed Iran-linked APT33’s infrastructure and operations, the cyberespionage group has adopted new tactics and techniques. Continue reading Iran-linked APT33 Shakes Up Cyberespionage Tactics→

Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says

Posted on June 26, 2019 by Jeff Stone

A cyber-espionage group widely believed to be carrying out attacks on behalf of the Iranian government resorted to new hacking tools after its malicious activity was unveiled earlier this year, according to research scheduled to be published Wednesday. The threat intelligence company Recorded Future determined the hacking group APT33 or “a closely aligned threat actor” has used more than 1,200 web domains to conduct cyberattacks since March 28. That’s the date researchers from Symantec released findings exposing an APT33 operation that targeted 50 organizations in Saudi Arabia and the United States. But Recorded Future also found that in the months since, APT33 apparently has resorted to new remote access trojans, which is yet another indication that suspected Iranian hackers are ramping up their activity amid ongoing international tension. “Our research found that APT33 or a closely aligned threat actor continues to conduct and prepare for widespread cyber-espionage activity … with a […]

The post Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says appeared first on CyberScoop.

Continue reading Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says→

Iran Targeting U.S. With Destructive Wipers, Warns DHS

Posted on June 24, 2019 by Lindsey O'Donnell

The Department of Homeland Security is warning that U.S. agencies are being targeted by Iranian-backed cyberattacks with destructive wiper malware. Continue reading Iran Targeting U.S. With Destructive Wipers, Warns DHS→

Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says

Posted on March 27, 2019 by Sean Lyngaas

In the last three years, a suspected Iranian cyber-espionage group has targeted organizations in Saudi Arabia and the United States in attacks spanning several sectors, researchers from cybersecurity company Symantec said Wednesday. The researchers described a hacking group that “has compromised a wide range of targets, including governments along with organizations in the research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.” Some three-quarters of the 50 organizations hit by the group that Symantec calls Elfin and that others label APT33 are based in Saudi Arabia and the U.S., the researchers said. FireEye, another cybersecurity company, previously has concluded that APT33 “works at the behest of the Iranian government,” and that it has taken a particularly close interest in the aviation sector. The tally of American targets includes “a number of Fortune 500 companies,” according to Symantec. “Elfin’s goal appears to be sabotage,” Jon DiMaggio, senior threat intelligence analyst at Symantec, told […]

The post Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says appeared first on CyberScoop.

Continue reading Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says→

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

Posted on February 5, 2019 by Tara Seals

How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names? Continue reading The APT Name Game: How Grim Threat Actors Get Goofy Monikers→

More Shamoon 3 Attacks Detected in the Middle East and Europe

Posted on December 18, 2018 by Lucian Constantin

After an Italian company recently confirmed that its infrastructure was attacked with a new version of a destructive malware program called Shamoon, security companies discovered additional infections in the Middle East and Europe. “During the p… Continue reading More Shamoon 3 Attacks Detected in the Middle East and Europe→

New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection

Posted on April 12, 2018 by Lindsey O'Donnell

Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. Continue reading New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection→

Hacking group turns Microsoft Office flaw into an exploit in less than a week

Posted on December 8, 2017 by Chris Bing

Less than one week after Microsoft publicly acknowledged a remote code execution vulnerability in Microsoft Office, Iranian hackers targeted the weakness via phishing emails sent to various Middle Eastern government agencies last month, according to research produced Thursday by U.S. cybersecurity firm FireEye. According to FireEye, the targets indicate that the group is likely linked to the Iranian government. There were multiple attempts to breach financial, energy and government enterprises located in geographic rivals of Iran, such as Saudi Arabia and Israel. This particular cyber espionage group, titled APT34 by FireEye, is also known as “NewsBeef” to other security researchers. APT34 has been especially active since mid-2016, based on publicly available research from FireEye and Kaspersky Lab. “We believe APT34 is involved in a long-term cyber-espionage operation largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least 2014,” a FireEye blog post reads. “We […]

The post Hacking group turns Microsoft Office flaw into an exploit in less than a week appeared first on Cyberscoop.

Continue reading Hacking group turns Microsoft Office flaw into an exploit in less than a week→

This country’s hacking efforts have become too big to ignore

Posted on December 7, 2017 by Chris Bing

While hackers linked to China, North Korea and Russia have dominated headlines over the past year, similar groups in Iran have caused significant damage while drawing far less attention. Multiple cyber-espionage groups attributed to Iran became increasingly active over the last 12 months, as at least four entities with ties to the regime have broken into a wide array of organizations, according to private sector cybersecurity experts and three former U.S. intelligence officials with knowledge of regional activity. “For the first time in my career, I’m not convinced we’re responding more to Russia or China,” FireEye CEO Kevin Mandia said in a report published by the company on Thursday. “It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state-sponsored.” This surge in digital espionage — which has predominantly come in the form of spearphishing emails, strategic web compromises and breached social […]

The post This country’s hacking efforts have become too big to ignore appeared first on Cyberscoop.

Continue reading This country’s hacking efforts have become too big to ignore→

Iranian APT33 Targets US Firms with Destructive Malware

Posted on September 21, 2017 by Tom Spring

APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill. Continue reading Iranian APT33 Targets US Firms with Destructive Malware→