Collaborate Disseminate
Cyberespionage attackers have ditched their PowerShell backdoor in favor of the Windows BITS ‘notification’ feature. Continue reading Stealth Falcon Targets Middle East with Windows BITS Feature
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to a… Continue reading New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data
A new threat group has been discovered targeting Middle Eastern critical infrastructure firms with spearphishing emails laced with malware. Continue reading Oil and Gas Firms Targeted By New LYCEUM Threat Group
When Saudi Arabia contacted security researcher Chris Kubecka to investigate an apparent intrusion into its Dutch embassy’s secured email accounts, she knew it was not going to be a simple case. Local laws in the Hague did not apply, since the embassy is considered Saudi soil. And it only got more complicated after Kubecka got to work: Once the email account was secured, the attacker — who claimed ISIS affiliation — left a trail suggesting an insider was responsible and then threatened to kill hundreds of innocent people if certain demands weren’t met. The escalations sent Kubecka, the Saudis, the Dutch and dozens of other diplomats scrambling on an international whodunnit — a hacking case that emphasized the high-stakes challenges and troublesome gray areas that come with securing diplomatic communications. The particular account that was compromised — the Saudi ambassador’s secretary’s email — was on its secure embassy system, according to Kubecka, whom the Saudi government brought in […]
The post Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security appeared first on CyberScoop.
In the latest sign that fake accounts remain a popular tool for amplifying political messages on Facebook, the social media company says it has disrupted information campaigns emanating from Egypt, Saudi Arabia, and the United Arab Emirates. The hundreds of disabled accounts, groups and pages were involved in two unrelated operations, one originating in Egypt and the UAE, and the other in Saudi Arabia. The campaigns — which Facebook labeled as “coordinated inauthentic behavior” also included accounts on Instagram, which Facebook owns. Both campaigns used phony pages to post news in support of a political agenda, and both focused on countries in the Middle East and North Africa, Facebook said. The company linked the latter campaign, which supported Saudi Crown Prince Mohammad bin Salman, to the Saudi government. “We’re taking down these pages, groups and accounts based on their behavior, not the content they posted,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, wrote […]
The post Facebook shuts down ‘coordinated inauthentic behavior’ from Egypt, Saudi Arabia, UAE appeared first on CyberScoop.
Each month Microsoft adds new features and updates existing products for Azure, here’s the updates you need to know about for June.
The post Everything You Need to Know About Azure Infrastructure – June 2019 appeared first on Petri.
Continue reading Everything You Need to Know About Azure Infrastructure – June 2019
By Waqas
Israeli Citizens are the Primary Target of New Android Mobile Spying Campaign Using ViceLeaker Malware, says Kaspersky. Kaspersky Lab researchers discovered an Android malware campaign active since 2016 and still going strong. Dubbed ViceLeake… Continue reading ViceLeaker Android malware steals call recordings, photos, videos & texts
A cyber-espionage group widely believed to be carrying out attacks on behalf of the Iranian government resorted to new hacking tools after its malicious activity was unveiled earlier this year, according to research scheduled to be published Wednesday. The threat intelligence company Recorded Future determined the hacking group APT33 or “a closely aligned threat actor” has used more than 1,200 web domains to conduct cyberattacks since March 28. That’s the date researchers from Symantec released findings exposing an APT33 operation that targeted 50 organizations in Saudi Arabia and the United States. But Recorded Future also found that in the months since, APT33 apparently has resorted to new remote access trojans, which is yet another indication that suspected Iranian hackers are ramping up their activity amid ongoing international tension. “Our research found that APT33 or a closely aligned threat actor continues to conduct and prepare for widespread cyber-espionage activity … with a […]
The post Spies targeting Saudi Arabia switched tactics after Symantec exposed them, report says appeared first on CyberScoop.
A newly uncovered espionage campaign in the Middle East has infected more than 660 Android phones, and much of the stolen data appears to be “military-related,” researchers from cybersecurity company Trend Micro said Tuesday. The malware in question is highly invasive, posing as popular news and lifestyle apps to suck up a target phone’s call logs and records, text messages, and storage and memory details, among other data. Attackers aren’t using the Google Play store, a sometimes popular receptacle for malicious apps. Instead, the host website for the malware is being promoted via social media channels, according to Trend Micro. One feature of the malware even allows the operator to take a photo from an infected phone when the device’s owner “wakes” it in locked mode. Analysts did not pin the so-called “Bouncing Golf” spying operation on any group or person, but said the structure of the code used and the data targeted […]
The post Android-based espionage campaign in the Middle East targets military data appeared first on CyberScoop.
Continue reading Android-based espionage campaign in the Middle East targets military data
Social media users with ties to Iran are shifting their disinformation efforts by imitating real people, including U.S. congressional candidates, according to research published Tuesday. FireEye’s Threat Intelligence team said it had uncovered Twitter accounts that impersonated Republican congressional candidates in the buildup to the 2018 midterm elections, posting on politics and other topics. In some cases, FireEye suspects the actors were also able to have materials published in U.S. and Israeli media outlets. In a related announcement Tuesday, Facebook announced a takedown of fake accounts on Facebook and Instagram emanating from Iran that appeared to focus on outreach to policymakers. Facebook said the accounts and linked personas at times imitated legitimate news organizations in the Middle East and at other times purported to be journalists. Neither company attributed the information operations directly to the Iranian government, though FireEye said the actors appeared to be advocating for Iranian interests while Facebook and Twitter both […]
The post Middle East-linked social media accounts impersonated U.S. candidates before 2018 elections appeared first on CyberScoop.