Security News

Advanced persistent threats are a type of attack that's usually carried out or sponsored by a nation-state, and unlike other types of malware attacks, these pose their own challenges. Typically, an APT threat actor will perform some kind of reconnaissance on their target, and then target their victim by sending, for example, a spear-phishing email.

The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat actors. Q3 cybersecurity trends US ransomware activity leads the pack: In the US alone, ransomware activity increased 100% quarter over quarter in transportation and shipping.

The victimology patterns and the targeted sectors overlap with attacks mounted by a distinct sister group of APT41 known as Earth Baku, the Japanese cybersecurity company added. Some of Earth Baku's malicious cyber activities have been tied to groups called by other cybersecurity firms ESET and Symantec under the names SparklingGoblin and Grayfly, respectively.

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million.

SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority to deliver a tailored malware called WarHawk. "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection and Pakistan Standard Time zone check in order to ensure a victorious campaign," Zscaler ThreatLabz said.

The cybersecurity firm codenamed the group Metador in reference to a string "I am meta" in one of their malware samples and because of Spanish-language responses from the command-and-control servers. The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims.

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S. Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware's similarities to that of Crosswalk.

North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malware is similar to a sample discovered by ESET in May, which also included a signed executable disguised as a job description, was compiled for both Apple and Intel, and dropped a PDF decoy, researchers said.

The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. The U.S. Department of the Treasury's Office of Foreign Assets Control unveiled the action-which basically freezes all of the assets and business of Tornado Cash and prohibits anyone from doing business with the service-on Monday, citing a number of occasions that the service laundered crypto for hackers.

Meta has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 using new Android malware. These cyberspying operatives use social media platforms like Facebook to collect intelligence or to befriend victims using fake personas and then drag them to external platforms to download malware.