2007, Accountability, Information Security and Malware

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

Accountability

Accountability Government Phishing Authentication

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. ” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. .” ” continues the report. . ” continues the report.

Media

Media Accountability Government Malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs

MAY 5, 2024

. “The Federal Government’s national attribution procedure regarding this campaign has concluded that, for a relatively long period, the cyber actor APT28 used a critical vulnerability in Microsoft Outlook that remained unidentified at the time to compromise numerous email accounts.”

Government

Government Accountability Cyber Attacks Telecommunications

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Phishing Accountability Hacking

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. In some cases, the man manually chacked the stolen information. Brovko was involved in the illegal practice between 2007 and 2019.

Accountability

Accountability Banking Advertising Data collection

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Telecommunications Accountability Phishing

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The skip-2.0 by its authors and part of the Winnti Group’s arsenal.”

Malware

Malware Passwords Advertising DNS

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

“Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the joint advisory.

Malware

Malware Firmware Government Education

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” Huntley added. “At

Phishing

Phishing Government Hacking Accountability

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io

Malware

Malware Antivirus Hacking Accountability

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

. “A collaborative investigation with two of the affected European companies allowed us to gain insight into the operation and uncover previously undocumented malware.” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Advertising

Advertising Malware Passwords Accountability

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

.” The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The researchers spotted more macOS malware similar to the one that was involved in Operation AppleJeus. million from another exchange. ” continues the press release.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Chinese state-sponsored hackers breached TeamViewer in 2016

Security Affairs

MAY 17, 2019

According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems of the Company. The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. ” wrote the company.

Advertising

Advertising Architecture Software Banking

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

His alleged hacking activities “lay claim to the largest theft of US customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims,”. then they marketed the stocks in a deceptive and misleading manner to customers of the targeted companies whose information were previously stolen by TYURIN.

Marketing

Marketing Hacking Identity Theft Banking

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Security Affairs

OCTOBER 22, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The attackers used a sophisticated strain of malware to violated the Bundestag network and syphoned sensitive data.

Hacking

Hacking Cyber Attacks Identity Theft Government

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

Today, many reports are describing how infamous attackers are abusing such an emergency time to lure people by sending thematic email campaigns or by using thematic IM within Malware or Phishing links. Hackers taking advantage of COVID-19 to spread malware New COVID-19-themed malspam campaign delivers FormBook Malware.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Cyber Attacks

Cyber Security Informer

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

China-linked APT41 group spotted using open-source red teaming tool GC2

Webinars

Trending Sources

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Webinars

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Google warns of APT28 attack attempts against 14,000 Gmail users

Microsoft: North Korea-linked Zinc APT targets security experts

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Chinese state-sponsored hackers breached TeamViewer in 2016

Russian hacker Andrei Tyurin sentenced to 12 years in prison

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Is APT27 Abusing COVID-19 To Attack People ?!

Stay Connected