Security News

In the evolution of cyber-attacks I'd argue while the fundamentals have stayed the same there have been two major critical changes recently in the past few years among nation-state and criminal attackers that require us to thoroughly understand and respond in a different manner than in the past. Most of the world and in most industries we've reached the tipping point in our digital dependence on our IT infrastructure and it has drawn attackers in.

Researchers with the PRODAFT Threat Intelligence Team took a deep dive into the operations of the SilverFish cyber-espionage group and linked one of its command and control servers with recent high-profile malicious attacks. The investigation, which started from indicators of compromise published for the December 2020 SolarWinds attacks, has led the researchers to identifying a new advanced persistent threat group called SilverFish, which has conducted cyber-attacks on at least 4,720 targets worldwide.

The McAfee Advanced Threat Research Strategic Intelligence team has identified an espionage campaign that is specifically targeting telecommunication companies in an attack dubbed "Operation Diànxùn." McAfee researchers Thomas Roccia, Thibault Seret and John Fokker said in a blog post that the malware is using tactics similar to those seen from groups like RedDelta and Mustang Panda. Cybersecurity companies Intsights and Positive Technologies both identified Mustang Panda last year as an advanced persistent threat group behind a number of COVID-19-themed attacks on people in Vietnam and Mongolia.

The advanced persistent threat known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries' vaccine-development efforts. That's the finding from Kaspersky researchers, who found that Lazarus Group - widely believed to be linked to North Korea - recently attacked a pharmaceutical company, as well as a government health ministry related to the COVID-19 response.

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world. Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

The MoleRats advanced persistent threat has developed two new backdoors, both of which allow the attackers to execute arbitrary code and exfiltrate sensitive data, researchers said. The DropBook backdoor uses fake Facebook accounts or Simplenote for C2, and both SharpStage and DropBook abuse a Dropbox client to exfiltrate stolen data and for storing their espionage tools, according to the analysis, issued Wednesday.

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year.

A new type of campaign that involves cyber espionage is the latest example of a cybercrime being perpetrated by people for hire. In its new report "The CostaRicto Campaign: Cyber-Espionage Outsourced," BlackBerry describes the actions of a malicious campaign carried out by freelance mercenaries.

The advanced persistent threat known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla is a cyber-espionage group that's been around for more than a decade.