Security News

Webcast Today: APT Year in Review and Predictions for 2021
2020-12-09 13:50

You're invited to join today's Threat Landscape webinar at 1PM ET. Join the live webinar to hear principal security researchers from Kaspersky's Global Research and Analysis Team present their annual analysis of the most significant changes of the APT threat landscape and predictions for 2021. Key findings from Kaspersky's annual review of advanced persistent threats.

FireEye reveals that it was hacked by a nation state APT group
2020-12-08 16:58

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. The attackers were able to steal Red Team assessment tools FireEye uses to test customers' security and designed to mimic tools used by many cyber threat actors.

DeathStalker APT Spices Things Up with PowerPepper Malware
2020-12-03 17:20

The DeathStalker advanced persistent threat group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. PowerPepper was cultivated to execute remote shell commands sent by DeathStalker operators, which are aimed at stealing sensitive business information.

Think-Tanks Under Attack by Foreign APTs, CISA Warns
2020-12-02 21:21

"Unfortunately, despite some of the conveniences and efficiencies that remote work can provide, it has greatly expanded the attack surface for all businesses, including think-tanks," Banda said. In late October, CISA warned that the North Korean APT group known as Kimsuky is actively attacking think-tanks, commercial-sector businesses and others, often by posing as South Korean reporters.

FBI and Homeland Security warn of APT attacks on US think tanks
2020-12-02 08:30

They also provided a set of extensive mitigation measures to be immediately implemented by think tank organizations' leaders, staff, and IT staff to strengthen their security posture and defend against ongoing attacks by nation-state hacking groups. The FBI also issued a 'TLP:WHITE' private industry notification in April 2020 regarding the continued targeting of US think tanks by state-backed APT groups since at least 2014, with the end goal of gaining access to and exfiltrating sensitive information.

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years
2020-12-02 05:25

Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla, a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and military organizations through various watering hole and spear-phishing campaigns. "These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators," the cybersecurity firm said in an analysis shared with The Hacker News.

Cyberespionage APT group hides behind cryptomining campaigns
2020-12-02 03:25

An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. In recent campaigns Bismuth launched Monero coin miners on compromised systems belonging to private and government organizations in France and Vietnam.

TA416 APT Rebounds With New PlugX Malware Variant
2020-11-23 20:38

The TA416 advanced persistent threat actor is back with a vengeance: After a month of inactivity, the group was spotted launching spear-phishing attacks with a never-before-seen Golang variant of its PlugX malware loader. In further analysis of these attacks, researchers found the group had updated its toolset - specifically, giving its PlugX malware variant a facelift.

Symantec Reports on Cicada APT Attacks against Japan
2020-11-20 12:05

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere.

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
2020-11-19 14:34

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. Researchers observed a "Large-scale attack campaign targeting multiple Japanese companies" across 17 regions and various industry sectors that engaged in a range of malicious activity, such as credential theft, data exfiltration and network reconnaissance.