Security News
Naikon, a Chinese APT group that disappeared after its activities were disclosed in 2015, has been rediscovered and may have remained active but unrecognized since the 2015 reports. Researchers have uncovered evidence of a five-year stealth campaign against similar targets in the same geographical area that they believe to be conducted by Naikon.
After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea.
Remember the Shadow Brokers, the mysterious group that stole and leaked a collection of NSA files in 2016? Well, it's the gift that keeps on giving. A security researcher claims to have unearthed a previously-unknown APT group after reading over some of the dumped files.
A security researcher says he has uncovered an advanced persistent threat operation that started over a decade ago and which is referenced in the collection of National Security Agency hacking tools that the Shadow Brokers made public in 2017. The researcher, who refers to the operation as 'Nazar', based on "Debug paths left alongside Farsi resources in some of the malware droppers," believes that the activity was centered around the 2010-2013 timeframe, based on submission times in VirusTotal.
According to Google's Threat Analysis Group, more than a dozen nation-state-backed APTs are using the COVID-19 pandemic as a cover for their various cyberespionage and malware activities. The email had an embedded tracking link, which Mandiant researchers said contained the victim's email address and a code to report back to the actors if the email was opened.
Five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and mobile devices running Android while remaining undetected for nearly a decade, according to BlackBerry. Linux runs nearly all of the top 1 million websites online, 75% of all web servers, 98% of the world's supercomputers and 75% of major cloud service providers.
A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong - infecting website visitors with a newly developed custom surveillance malware. Despite the deep level of surveillance afforded by the malware, researchers said that the campaign doesn't appear to be a targeted effort, apart from focusing on Hong Kong residents.
An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda." Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.
Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign. Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China.
Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. After Microsoft patched the flaw in February researchers with the Zero Day Initiative, which first reported the vulnerability, published further details of the flaw and how it could be exploited.