Collaborate Disseminate
When FireEye reported its earnings last month, the outlook was a little light, so the security vendor decided to be proactive and make a big purchase. Today, the company announced it has acquired Verodin for $250 million. The deal closed today. The startup had raised over $33 million since it opened its doors 5 years […] Continue reading FireEye snags security effectiveness testing startup Verodin for $250M
Social media users with ties to Iran are shifting their disinformation efforts by imitating real people, including U.S. congressional candidates, according to research published Tuesday. FireEye’s Threat Intelligence team said it had uncovered Twitter accounts that impersonated Republican congressional candidates in the buildup to the 2018 midterm elections, posting on politics and other topics. In some cases, FireEye suspects the actors were also able to have materials published in U.S. and Israeli media outlets. In a related announcement Tuesday, Facebook announced a takedown of fake accounts on Facebook and Instagram emanating from Iran that appeared to focus on outreach to policymakers. Facebook said the accounts and linked personas at times imitated legitimate news organizations in the Middle East and at other times purported to be journalists. Neither company attributed the information operations directly to the Iranian government, though FireEye said the actors appeared to be advocating for Iranian interests while Facebook and Twitter both […]
The post Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections appeared first on CyberScoop.
A group that’s been linked to Iranian-based hackers has been working to obfuscate its activities to evade detection, according to new research from Cisco’s Talos researchers. The hackers, whose attacks are ongoing, are working to avoid host-based signatures and Yara signatures by using a Visual Basic for Applications (VBA) script, PowerShell stager attacks, and a separate command and control server, researchers write in a blog post. In some cases the group, which Talos has dubbed “BlackWater,” has been successful in avoiding detection mechanisms. Some of the code the group has used in its attacks is the same as that used by a group known as MuddyWater. Talos writes the code was used in attacks against Kurds in Turkey. This code overlap and the fact that BlackWater and MuddyWater have had similar targets, including those in Turkey, lead Talos researchers to report they have “moderate confidence” that the actors behind BlackWater […]
The post Middle East-linked hacking group is working hard to mask its moves appeared first on CyberScoop.
Continue reading Middle East-linked hacking group is working hard to mask its moves
The malware is behind billions in banking and credit-card losses. Continue reading Carbanak Source Code Unveils a Startlingly Complex Malware
Hackers backed by a nation-state have successfully hijacked Domain Name System records to steal credentials from approximately 40 public and private entities across 13 countries in an attack that’s lasted for about two years, which Cisco’s Talos research team has dubbed “Sea Turtle” in research published Wednesday. The ongoing attack targets intelligence agencies, military organizations, and energy firms, as well as foreign ministries, telecommunications companies, and internet service providers. Cisco’s researchers characterize the attackers as “highly capable” and “unusually brazen,” but don’t go so far as to identify what country may be behind the attack. FireEye has indicated Iran is likely responsible for an attack that appears similar, but which Cisco claims is distinct from this new campaign. DNS hijacking allows hackers to gain credentials from victim entities in order to control the target’s DNS records — without flagging to the victims that they’re under attack. Using the DNS records, attackers are capable of […]
The post Ongoing state-sponsored DNS hijacking campaign has compromised 40 entities appeared first on CyberScoop.
Continue reading Ongoing state-sponsored DNS hijacking campaign has compromised 40 entities
This week, the Apache Tomcat Patches Important Remote Code Execution Flaw, New variants of Mirai botnet detected, targeting more IoT devices, Hackers used credentials of a Microsoft Support worker to access users’ webmail, TicTocTrack Smartwatch … Continue reading Apache, TicToCTrack, & Cyber Warfare – Hack Naked News #214
Government entities in Ukraine, including its military departments, were targeted with a spearphishing email campaign intended to conduct cyber-espionage early this year, according to a new report out Tuesday from FireEye. The malware and infrastructure from the campaign suggests the group behind the attack may have been active as early as 2014, and that it’s linked with the Luhansk People’s Republic, a group that declared independence from Ukraine in 2014 with backing from Russia’s military. This year’s campaign shows the group is becoming increasingly sophisticated with its tactics. For instance, one of the malicious files was disguised as an executable .LNK file, which can leverage legitimate apps, such as Microsoft Windows configuration management framework PowerShell, to download malware. This suggests attackers wanted to go unnoticed, since PowerShell hacks are blended into a trusted process that antivirus software usually doesn’t detect. “It’s really becoming mainstream to a point where a lot […]
The post Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign appeared first on CyberScoop.
Continue reading Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign
The attackers who were first spotted wielding the custom TRITON framework have targeted another critical infrastructure facility, FireEye researchers have revealed on Wednesday. Although, since they seem to have been active since at least 2014, its qui… Continue reading TRITON attackers detected at another critical infrastructure facility
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit. Continue reading SAS 2019: Triton ICS Malware Hits A Second Victim
Cybersecurity company FireEye on Wednesday said it was responding to a second intrusion at a critical infrastructure facility carried out by the group behind Trisis, the notorious malware that targets safety systems at industrial plants. To raise awareness about the group, known as Xenotime or TEMP.Veles, FireEye also released details on new customized tools the company’s incident responders had found at the unnamed facility. “[W]e believe there is a good chance the threat actor was or is present in other target networks,” FireEye researchers said in a blog post. (FireEye refers to Trisis as Triton.) The announcement of a second intrusion reinforces warnings from industrial cybersecurity experts that the hacking group has gone after additional targets since the dangerous malware was deployed on a Saudi petrochemical plant in the summer of 2017. The malware disrupted the Saudi plant’s safety instrumented systems, forcing it to shut down. Perhaps unlike any before […]
The post FireEye says it is responding to a second Trisis intrusion appeared first on CyberScoop.
Continue reading FireEye says it is responding to a second Trisis intrusion