Collaborate Disseminate
Three North Korean threat groups have been sanctioned in the U.S. as part of a larger U.S. initiative against North Korea-linked malicious cyber activity. Continue reading U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks
A new threat group has been discovered targeting Middle Eastern critical infrastructure firms with spearphishing emails laced with malware. Continue reading Oil and Gas Firms Targeted By New LYCEUM Threat Group
A group likely operating out of the Middle East has compromised 131 victims in 30 organizations since September, including telecommunications firms, a Russian oil and gas company and unidentified government embassies, new research shows. The hackers have hit organizations in Pakistan, Russia, Saudi Arabia, Turkey, and North America, among other places, in an espionage operation designed to acquire “actionable information” on targets, cybersecurity company Symantec said Monday. After breaching a system, the group runs a password-stealing program with the likely aim of accessing victims’ email and social media accounts, researchers found. The group, dubbed Seedworm by Symantec and MuddyWater by others, gained notoriety earlier this year for threatening to kill security researchers investigating it. That followed a spearphishing campaign from January to March against government and defense organizations in Central and Southwest Asia, which cybersecurity company FireEye documented. While there has been no definitive public attribution of MuddyWater, Ben Read, FireEye’s senior manager […]
The post Middle East group goes on hacking spree against telecoms, embassies and more appeared first on Cyberscoop.
Continue reading Middle East group goes on hacking spree against telecoms, embassies and more
In the first part of our podcast series, we talked to Rapid7’s chief data scientist about how Magecart has changed. Continue reading Podcast: Breaking Down the Magecart Threat (Part One)
Researchers say the Magecart threat group skimmed data of VisionDirect customers using fake Google Analytics scripts. Continue reading VisionDirect Blindsided by Magecart in Data Breach
A Chinese-linked hacking group began targeting at least two different U.S.-based satellite companies, a Defense Department contractor and another private firm that sells geospatial imaging technology in late 2017, according to new research by Symantec. The focused hacking campaign appears to have been originally launched around the same time as talks about a U.S.-China trade war — which is now in full swing — were heating up late last year. Symantec discovered and notified the U.S. government about the malicious cyber activity roughly four months ago, according to Jon DiMaggio, a senior threat intelligence analysts with Symantec, who led the investigation. Tuesday’s findings show that the attackers, dubbed “Thrip” by analysts, have reemerged after they seemingly went underground for more than two years. The group stopped operations after a historic political agreement in 2015 between then U.S. President Barack Obama and Chinese President Xi Jinping. That agreement sought to deter cyber-enabled […]
The post Chinese hacking group resurfaces, targets U.S. satellite companies and systems appeared first on Cyberscoop.
Continue reading Chinese hacking group resurfaces, targets U.S. satellite companies and systems
A newly identified cybercrime scheme uses a malware mish-mash of two leaked NSA hacking tools and specialized PowerShell agents to covertly install cryptomining software on computers left vulnerable by a well-known Apache Struts flaw, according to research from F5 Networks. The campaign, labeled “Zealot” by F5 researchers, has already been used in attacks on Windows and Linux systems to feed miners targeting Monero. The malware also utilizes the NSA-linked EternalBlue and EternalSynergy exploits; which helps spread malware across a compromised network. “As far as we know, this is the second time a cryptomining scheme has used the EternalBlue or EternalSynergy exploits,” said Maxim Zavodchik, a security research manager with F5. “The significance of this discovery is that it’s the first time we’ve seen a massive campaign targeting web vulnerabilities that automatically spreads into the internal network. This technique is sometimes used in targeted attacks, but seems to be the first time […]
The post Newly uncovered ‘Zealot’ malware could double as 2017 buzzword bingo appeared first on Cyberscoop.
Continue reading Newly uncovered ‘Zealot’ malware could double as 2017 buzzword bingo