Collaborate Disseminate
A recent malware campaign targeted victims at European and Middle East aerospace and military companies – via LinkedIn spear-phishing messages. Continue reading LinkedIn ‘Job Offers’ Targeted Aerospace, Military Firms With Malware
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Continue reading APT trends report Q1 2020
The cyberattacks — some on industrial targets — use a previously unknown trojan dubbed Milum. Continue reading Unknown ‘WildPressure’ Malware Campaign Lets Off Steam in Middle East
A mysterious set of hackers last year began a targeted campaign to breach industrial organizations in the Middle East, antivirus firm Kaspersky said Tuesday. Attackers have sought to breach engineers, particularly in a single, unnamed Middle Eastern country, adding to a long history of cyber operations in the region. They’re relying on a strain of malicious software that’s tailored for espionage, and does not appear to match any code the researchers have seen before. Exactly who is behind the effort remains unclear. The sensitivity of the targets, and the fact that the activity is ongoing, prompted the researchers to go public with their findings. The Moscow-based company labeled the activity an “advanced persistent threat” (APT), a loose term for well-resourced hackers often linked to government interests. Kaspersky designated the hacking campaign “WildPressure.” “Anytime the industrial sector is being targeted, it’s concerning,” said Kaspersky senior security researcher Denis Legezo. There is no indication that hackers have done anything beyond […]
The post Kaspersky finds a new APT campaign targeting engineers in the Middle East appeared first on CyberScoop.
Continue reading Kaspersky finds a new APT campaign targeting engineers in the Middle East
Hackers working for Russian military intelligence have long relied on zero-days and malware to target their victims, but in the last year they’ve kept it simple — using previously hacked email accounts to send a wide array of phishing attempts, according to new research from security firm Trend Micro. Since at least May of last year, the group known as Fancy Bear, APT28, or Pawn Storm, has used hacked email accounts belonging to high-profile personnel working at defense firms in the Middle East to carry out the operation, according to Feike Hacquebord, a senior threat researcher at Trend Micro. “The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research. The group, which the U.S. Department of Justice linked with Russia’s Main Intelligence Directorate […]
The post Russian hackers using stolen corporate email accounts to mask their phishing attempts appeared first on CyberScoop.
In recent analysis of malicious activity likely targeting entities based in the Middle East, IBM X-Force IRIS discovered a backdoor malware strain we named “EnigmaSpark.”
The post EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan appeared first on Security Intelligence.
Iran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks. Most of the targeting, which Secureworks assesses to be focused on espionage, began before the U.S. military killed Qassem Soleimani, the leader of the Iran’s Quds Force, in Baghdad early January. But Alex Tilley, a senior researcher for Secureworks, told CyberScoop the spearphishing activity has increased since the killing. The research appears to align with information the FBI shared with industry in January, when it warned of an increase in Iranian “cyber reconnaissance activity.” The alert highlighted that Iranian hackers could be zeroing in on the defense industrial base, government agencies, academia and nongovernmental organizations. The campaign Secureworks’ Counter Threat Unit (CTU) has observed, with activity from mid-2019 to mid-January of 2020, has also targeted intergovernmental organizations and unknown entities in […]
The post Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing appeared first on CyberScoop.
GoFundMe reinstated two fundraisers for Canadian victims of the Tehran plane crash after verifying the funds wouldn’t go to individuals covered under sanctions. Continue reading How Instagram and GoFundMe Got Tangled Up in U.S. Sanctions Against Iran
Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing. Continue reading Iran Targets Mideast Oil with ZeroCleare Wiper Malware
According to IBM X-Force research, the ZeroCleare wiper was used to execute a destructive attack that affected organizations in the energy and industrial sectors in the Middle East.
The post New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East appeared first on Security Intelligence.
Continue reading New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East