ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign

A prominent Vietnam-linked hacking group is exploiting a number of Southeast Asian organizations’ websites to deliver malware that extracts detailed information about victims’ systems, researchers say. According to a report released Tuesday by Slovakian cybersecurity company ESET, the threat group APT32, also known as OceanLotus Group, has been conducting watering hole attacks using at least 21 vulnerable websites belonging to government, media and other organizations as far back as September. APT32 is believed to be based in Vietnam and possibly linked to its government. Past research has shown APT32 to be a highly capable threat group that targets a wide variety of public and private organizations with customized tools for each target. Similarly, this campaign shows APT32 using a unique domain and server for each website it’s using as a watering hole, and the group only sends additional payloads to specific victims, according to ESET. ESET said it notified 21 website […]

The post ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign appeared first on Cyberscoop.

Continue reading ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign

Chinese hackers attack National Data Center using watering hole attack

By Waqas
The IT security researchers at Kaspersky Lab have published a
This is a post from HackRead.com Read the original post: Chinese hackers attack National Data Center using watering hole attack
Continue reading Chinese hackers attack National Data Center using watering hole attack

Chinese Hackers Carried Out Country-Level Watering Hole Attack

Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks.

The campaign is believed to be active covertly since fall 2017 but w… Continue reading Chinese Hackers Carried Out Country-Level Watering Hole Attack

ZooPark malware targets Android users though Telegram, watering holes

A newly uncovered cyber-espionage campaign targets Android users in the Middle East and North Africa through the chat app Telegram and compromised websites, according to a report published Thursday by Kaspersky Lab. Kaspersky says it identified four different iterations of  “ZooPark,” malware apparently developed between 2015 and 2017, each one expanding on the previous. The latest version has the capability to exfiltrate a wide range of data, including contacts, GPS location, text messages, call audio, keylogs and others. The malware can also take pictures, video and screenshots as well as record audio. “This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware,” the report says. “This suggests the latest version may have been bought from vendors of specialist surveillance tools.” The campaign spreads spyware focusing on victims in Iran, Morocco, Egypt, Jordan and Lebanon, the report says. One of the vectors by which […]

The post ZooPark malware targets Android users though Telegram, watering holes appeared first on Cyberscoop.

Continue reading ZooPark malware targets Android users though Telegram, watering holes

ZooPark malware targets Android users though Telegram, watering holes

A newly uncovered cyber-espionage campaign targets Android users in the Middle East and North Africa through the chat app Telegram and compromised websites, according to a report published Thursday by Kaspersky Lab. Kaspersky says it identified four different iterations of  “ZooPark,” malware apparently developed between 2015 and 2017, each one expanding on the previous. The latest version has the capability to exfiltrate a wide range of data, including contacts, GPS location, text messages, call audio, keylogs and others. The malware can also take pictures, video and screenshots as well as record audio. “This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware,” the report says. “This suggests the latest version may have been bought from vendors of specialist surveillance tools.” The campaign spreads spyware focusing on victims in Iran, Morocco, Egypt, Jordan and Lebanon, the report says. One of the vectors by which […]

The post ZooPark malware targets Android users though Telegram, watering holes appeared first on Cyberscoop.

Continue reading ZooPark malware targets Android users though Telegram, watering holes

How to use Bromium Application Isolation to Secure Microsoft Edge Downloads

Microsoft Edge browser does not isolate web file downloads Learn how to use Bromium to isolate your Microsoft Edge web file downloads Bromium works with all Microsoft virtualization-based security (VBS) technologies Microsoft jumps on the application i… Continue reading How to use Bromium Application Isolation to Secure Microsoft Edge Downloads

A simple example of a complex cyberattack

We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it. Continue reading A simple example of a complex cyberattack

Spearphishing attacks on energy firms tied to years-long global hacking operation

A recent barrage of well-crafted phishing emails aimed at employees at U.S. energy companies, including one nuclear facility, is tied to a years-long international campaign to steal user credentials and gather intelligence from the world’s largest energy firms. The New York Times and Bloomberg reported Thursday that the FBI and Department of Homeland Security had recently warned several U.S. energy companies about the threat of hackers attempting to break into their networks by using specially tailored spearphishing emails and watering hole-style attacks. John Hultquist, who leads U.S. cybersecurity firm FireEye’s cyberespionage analysis division, said that he’s been independently tracking this same operation and that FireEye customers were warned about it roughly five weeks ago. “We’ve tied this recent operation to a campaign that started all the way back in 2015, which extends beyond the U.S., and has targeted companies in the Middle East and Western Europe … specifically in Turkey […]

The post Spearphishing attacks on energy firms tied to years-long global hacking operation appeared first on Cyberscoop.

Continue reading Spearphishing attacks on energy firms tied to years-long global hacking operation

U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China’s President Xi Jinping.

According to a new report published today by Fidelis Cybersecurity… Continue reading U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users

What is most interesting about the StrongPity APT’s more recent activity however, is their focus on users of encryption tools, peaking this past summer. In particular, the focus was on Italian and Belgian users, but the StrongPity watering holes affected systems in far more locations than those two. Continue reading On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users