Collaborate Disseminate
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Continue reading Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” Tom Burt, Microsoft’s corporate vice president for customer security and […]
The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop.
A possible North Korean government-connected cyber-espionage campaign that targeted the defense industry stretched further than originally known when it was inititally uncovered this summer, researchers said. “Operation North Star” went beyond targeting South Korea to include Australia, India, Israel and Russia, McAfee said in a report out Friday. And its motives and methods seem to be clearer now, too, according to researchers. Israel’s Ministry of Defense had previously blamed Lazarus Group, which the U.S. government calls Hidden Cobra, for sending phony job offers in its defense sector — a tactic that lined up with McAfee’s earlier description of Operation North Star tactics. Additionally, the campaign used a previously undiscovered implant called Torisma that it deployed to burrow further into victims’ systems, McAfee said. The tactic represents the kind of digital spying technique that would have given hackers access to machines belonging to job applicants positioned near military organizations — just the kind of targets that a […]
The post Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed appeared first on CyberScoop.
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid. Continue reading Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Continue reading Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam
The North Korean-linked APT’s latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals. Continue reading Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages
Give someone an undetected software exploit and they’ll have access to a system for a day, the security researcher The Grugq once said, but teach them to phish and they’ll have “access for life.” North Korean hackers have been following that bit of social-engineering wisdom to a T. In recent years, they have consistently posed as job recruiters to try to phish their way into the networks of aerospace and defense firms on multiple continents. The latest activity— a months-long spying campaign against aerospace and defense firms — was revealed this week by researchers from McAfee. Malware from the campaign has been detected in the U.S. and Europe. The suspected North Korean hackers appear to be spearphishing their targets using Microsoft Word documents with job descriptions involving active defense contracts, according to McAfee. Their goal is to use that foothold to plant additional code to gather data on their targets, the researchers said. […]
The post For North Korea, phishing with fake job-recruitment emails never gets old appeared first on CyberScoop.
Continue reading For North Korea, phishing with fake job-recruitment emails never gets old
While cybercriminals have been ramping up their ransomware attacks against businesses, schools, and governments, rarely have state-backed hackers relied on ransomware to make a buck. But in recent months it appears that government hackers from North Korea want a piece of the pie, too, according to Kaspersky research. In two incidents earlier this year affecting two businesses — one in France and one in Asia — hackers tied to the Lazarus Group deployed a little-known ransomware strain called VHD, which is designed to steal money from victims. A few characteristics tipped off Kaspersky researchers to Lazarus Group’s operations — Kaspersky found few public references and samples of VHD ransomware in their telemetry, indicating the strain was likely not the work of a cybercriminal. Additionally, in one of the intrusions, the researchers noted a spreading utility — which would allow it to proliferate within victim networks — was compiled with credentials specific to the […]
The post North Korean hackers are stepping up their ransomware game, Kaspersky finds appeared first on CyberScoop.
Continue reading North Korean hackers are stepping up their ransomware game, Kaspersky finds
The North Korean APT has been using the framework, called MATA, for a number of purposes, from spying to financial gain. Continue reading Lazarus Group Surfaces with Advanced Malware Framework
North Korean government-linked hackers have refined their malware tools and expanded their target lists over the past two years, according to new research from Kaspersky, which says the attackers have devoted “significant resources” to improving their capabilities. In particular, the hackers have aggressively deployed a multi-stage malware framework — which Kaspersky calls MATA — to target Windows, Linux, and macOS operating systems. The framework is capable of deploying more than 15 malware components and has exhibited signs that it allows attackers to move laterally once they have compromised a target network, according to the research. So far, the attackers have used MATA against a software development firm, an e-commerce company and an internet service provider, Kaspersky said. The list of affected countries includes Poland, Germany, Turkey, Japan and India, the researchers said. Based on an analysis of the framework’s filenames and configuration, Kaspersky assesses that the scheme is linked with Lazarus Group, a hacking organization the U.S. government has […]
The post What’s new for North Korean hackers? Kaspersky says they’re polishing tools, finding new targets appeared first on CyberScoop.