Category Archives: apt34

Cybersecurity researchers identify new variants of APT34 malware

Posted on by

Booz Allen’s Dark Labs Advanced Threat Hunt team has developed an advanced technique to discover and block new variants of malware that poses a threat to organizations worldwide. Using an open source indicator of compromise (IOC), the research team was able to identify three additional variants of malware associated with APT34, a group thought to be involved in nation-state cyber-espionage, according to a technical brief from Booz Allen. The report describes how the team used a combination of open-source reporting and “acquired sources of threat intelligence,” then combined this information with its own tools to perform deep analysis on known APT34 behaviors. “The life cycle of an openly reported IOC does not end when an operator deploys the indicator to a sensor, or a threat hunter checks their security information and event manager (SIEM),” said the report’s authors, Chad Gray and Will Farrell. “Merging the IOC with internal or external […]

The post Cybersecurity researchers identify new variants of APT34 malware appeared first on Cyberscoop.

Continue reading Cybersecurity researchers identify new variants of APT34 malware

Hacking group turns Microsoft Office flaw into an exploit in less than a week

Posted on by

Less than one week after Microsoft publicly acknowledged a remote code execution vulnerability in Microsoft Office, Iranian hackers targeted the weakness via phishing emails sent to various Middle Eastern government agencies last month, according to research produced Thursday by U.S. cybersecurity firm FireEye. According to FireEye, the targets indicate that the group is likely linked to the Iranian government. There were multiple attempts to breach financial, energy and government enterprises located in geographic rivals of Iran, such as Saudi Arabia and Israel. This particular cyber espionage group, titled APT34 by FireEye, is also known as “NewsBeef” to other security researchers. APT34 has been especially active since mid-2016, based on publicly available research from FireEye and Kaspersky Lab. “We believe APT34 is involved in a long-term cyber-espionage operation largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least 2014,” a FireEye blog post reads. “We […]

The post Hacking group turns Microsoft Office flaw into an exploit in less than a week appeared first on Cyberscoop.

Continue reading Hacking group turns Microsoft Office flaw into an exploit in less than a week

This country’s hacking efforts have become too big to ignore

Posted on by

While hackers linked to China, North Korea and Russia have dominated headlines over the past year, similar groups in Iran have caused significant damage while drawing far less attention. Multiple cyber-espionage groups attributed to Iran became increasingly active over the last 12 months, as at least four entities with ties to the regime have broken into a wide array of organizations, according to private sector cybersecurity experts and three former U.S. intelligence officials with knowledge of regional activity. “For the first time in my career, I’m not convinced we’re responding more to Russia or China,” FireEye CEO Kevin Mandia said in a report published by the company on Thursday. “It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state-sponsored.” This surge in digital espionage — which has predominantly come in the form of spearphishing emails, strategic web compromises and breached social […]

The post This country’s hacking efforts have become too big to ignore appeared first on Cyberscoop.

Continue reading This country’s hacking efforts have become too big to ignore