Security News

Sophisticated Chinese APT Group Targets Southeast Asian Governments
2020-11-18 04:36

A sophisticated advanced persistent threat group believed to be operating out of China has been stealthily targeting Southeast Asian governments over the past three years, Bitdefender reports. Believed to be state-sponsored, the group was observed using numerous malware families, including the Chinoxy backdoor, PCShare RAT, and the FunnyDream backdoor.

Chinese APT Hackers Target Southeast Asian Government Institutions
2020-11-17 01:27

Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with forensic artefacts pointing towards a sophisticated Chinese actor," Bitdefender said in a new analysis shared with The Hacker News.

Uncovered: APT 'Hackers For Hire' Target Financial, Entertainment Firms
2020-11-12 04:59

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.

Chinese APT Uses DLL Side-Loading in Attacks on Myanmar
2020-11-05 19:01

A Chinese threat actor is leveraging DLL side-loading for the execution of malicious code in attacks targeting organizations in Myanmar, Sophos security researchers reveal. DLL side-loading is a technique that uses malicious DLLs that spoof legitimate ones, and which relies on legitimate Windows applications to load and execute the code.

Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue
2020-11-04 22:42

Based on crude messages, such as "KilllSomeOne", used in attack code strings, coupled with advanced deployment and targeting techniques, they say the APT has a split personality. "The messages hidden in their samples [malware] are on the level of script kiddies. On the other hand, the targeting and deployment is that of a serious APT group," wrote Gabor Szappanos, author of a Sophos technical brief, posted Wednesday, outlining what is known about the APT. Szappanos wrote that the gang relies primarily on a cyberattack technique known as DLL side-loading.

APT Groups Finding Success with Mix of Old and New Tools
2020-11-03 19:18

The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds. Advanced persistent threat groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success.

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees
2020-10-28 15:40

The two conferences targeted include the Munich Security Conference, slated for Feb. 19 to 21, 2021 and the Think 20 Summit in Saudi Arabia, taking place Oct. 31 to Nov. 1 2020. Microsoft linked the attack, which targeted more than 100 conference attendees, to Phosphorus, which it said is operating from Iran.

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks
2020-10-19 19:10

The Department of Justice on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years - including the destructive NotPetya cyberattack that targeted hundreds of firms and hospitals worldwide in 2017. According to the DOJ complaint, the six Russian nationals are tied to a division of the Russian military intelligence service and also affiliated with the APT Sandworm, also known as TeleBots.

Microsoft Exchange, Outlook Under Siege By APTs
2020-10-19 15:09

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data. APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".

MontysThree APT Takes Unusual Aim at Industrial Targets
2020-10-08 10:00

That's according to researchers from Kaspersky, who noted that the group uses a variety of techniques to evade detection, including using public cloud services for command-and-control communications, and hiding its main malicious espionage module using steganography. Spy attacks on industrial holdings are far more unusual than campaigns against diplomats and other nation-state targets, according to the firm.