Security News

The China-based APT known as CactusPete has returned with a new campaign aimed at military and financial targets in Eastern Europe, which is a new geography for the group's victimology, according to researchers. CactusPete is a Chinese-speaking APT group that has been publicly known since at least 2013, according to the blog post.

Group-IB security researchers have identified an advanced persistent threat group that has launched at least 26 targeted attacks since 2018. Presumably Russian-speaking, the group targeted victims in Canada, Germany, Norway, Russia, Ukraine, and the United Kingdom.

Recent attacks associated with the threat actor known as StrongPity appear to focus on the Kurdish community in Turkey and Syria, Bitdefender security researchers say. Despite the publishing of several reports detailing its activities, the threat actor remains active and continues to target victims in various regions, including Colombia, India, Canada and Vietnam, Cisco Talos reveals.

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about "Several hints suggesting a possible link" to the Lazarus group, but that's by no means definite.

Organizations in the aerospace and military sectors were compromised in a highly targeted cyber-espionage campaign that shows a possible link to North Korean hackers, ESET reveals. The threat actor behind these attacks remains unknown, but ESET believes it could be linked to the infamous North Korean state-sponsored group Lazarus, based on targeting, the use of fake LinkedIn accounts, development tools, and anti-analysis methods.

"The dated nature of this binary coupled with the extensible nature of the malware code suggests that the FlowCloud code base has been under development for numerous years," the analysts wrote, adding that "Development of this malware around legitimate QQ files and the identification of malware samples uploaded to VirusTotal from Japan in December 2018 and earlier this year from Taiwan indicate that the malware may have been active for some time in Asia prior to its appearance targeting the U.S. utilities sector." Several campaigns delivering the LookBack malware were aimed at U.S. utilities over last summer and the fall as well, and, based on shared attachment macros, identical malware installation techniques and overlapping delivery infrastructure, Proofpoint believes the LookBack and FlowCloud malware can be attributed to a single threat actor, TA410.

A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said.

The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East. "Researchers have found attacks conducted by this actor in the Middle East region, dating back to 2018," according to a Thursday Bitdefender analysis.

While DoS attacks use differing tactics, they most commonly involve sending junk network traffic to overwhelm and crash systems. Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

Dubbed Ramsay, the framework appears to be in the development stage, with its operators still working on refining delivery vectors. Ramsay appears to have been under development since late 2019, and ESET's security researchers believe that there are two maintained versions at the moment, each tailored based on the configuration of different targets.