Security News

Microsoft Exchange Server Flaw Exploited in APT Attacks
2020-03-09 18:01

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. After Microsoft patched the flaw in February researchers with the Zero Day Initiative, which first reported the vulnerability, published further details of the flaw and how it could be exploited.

Iranian APT Targets Govs With New Malware
2020-02-26 14:00

Researchers have attributed the campaign to a known Iranian advanced persistence threat group. As part of the campaign, researchers observed multiple emails using malicious attachments to gain initial access.

Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign
2020-02-18 19:48

According to the analysis, Fox Kitten's objective has been to develop and maintain access routes to the targeted organizations, establishing persistent footholds within them; stealing information; and pivoting from within to additional targets via supply-chain attacks. The APT34 connection stems from the fact that part of the attack infrastructure used by the group in previous campaigns has been reused for Fox Kitten.

Unpatched VPN Servers Hit by Apparent Iranian APT Groups
2020-02-18 11:03

Now, security firm ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been joining the fray and hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways. Specific flaws needing to be patched include CVE-2019-11510 in Pulse Secure's VPN SSL servers, CVE-2018-13379 in Fortigate's SSL VPN servers, and CVE-2019-1579 in Palo Alto Network VPN servers, all of which ClearSky says Fox Kitten is now exploiting.

APT Groups Planting Backdoors: Report
2020-02-17 22:48

Now, security firm ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been joining the fray and hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways. Specific flaws needing to be patched include CVE-2019-11510 in Pulse Secure's VPN SSL servers, CVE-2018-13379 in Fortigate's SSL VPN servers, and CVE-2019-1579 in Palo Alto Network VPN servers, all of which ClearSky says Fox Kitten is now exploiting.

Gamaredon APT Improves Toolset to Target Ukraine Government, Military
2020-02-05 11:00

The Gamaredon advanced persistent threat group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December.

TA505 APT Group Returns With New Techniques: Report
2020-02-03 18:48

TA505 - a sophisticated advanced persistent threat group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers. This threat group is believed to have caused over $100 million in losses over the years, according to the U.S. Treasury Department, which published a report about the group in December when it issued sanctions against some of its members.

Oil-and-Gas Specialist APT Pivots to U.S. Power Plants
2020-01-10 12:58

A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. Dragos initially identified Magnallium's expansion into targeting North American electric entities because of activity from a group called Parisite that cropped up in its telemetry.

Researchers: Chinese APT Espionage Campaign Bypasses 2FA
2019-12-26 16:18

Fox-IT Suspects APT20 Group Was InvolvedAn advanced persistent threat espionage campaign with suspected ties to the Chinese government quietly targeted businesses and governments in 10 countries...

Ransomware 2.0: Cybercrime Gangs Apply APT-Style Tactics
2019-12-23 11:33

While run-of-the-mill ransomware attacks continue, some crypto-locking malware gangs are bringing more advanced hacking skills to bear against targets, seeking the maximum possible payout, says...