CERT alerts

Information about a malware operation targeting members of the Tibetan Parliament

The Tibetan community has been targeted for over a decade by espionage operations that use malware to infiltrate communications and gather information. They are often targeted simultaneously with other ethnic minorities and religious groups in China.

CERT alerts

Information about PowerDuke: widespread post-election spear phishing campaigns targeting Think Tanks and NGOs

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns.

Microsoft

MS Security Bulletin Summary november 2016

This bulletin summary lists security bulletins released for November 2016.

CERT alerts

Information about BLACKGEAR espionage campaign

BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, which used the ELIRKS backdoor when it was first discovered in 2012.

CERT alerts

Information about BITTER, a targeted attack against Pakistan

Forcepoint Security Labs™ recently encountered a strain of attacks that appear to target Pakistani nationals. We named the attack "BITTER" based on the network communication header used by the latest variant of remote access tool (RAT) used

CERT alerts

Infomation about Moonlight – targeted attacks in the Middle East

Vectra Threat Labs researchers have uncovered the activities of a group of individuals currently engaged in targeted attacks against entities in the Middle East. We identified over 200 samples of malware generated by the group over the last two years.

CERT alerts

Information about deception tactics muddying attribution in targeted attacks

This paper takes a comprehensive look at the current state of attribution in targeted attack research and at deliberate attempts by the adversary to obstruct this process.

CERT alerts

A paper about APT reports help more to attackers than defenders

With the advancement of defensive cybersecurity practices and the regular release of reports exposing toolsets used in APT attacks, advanced threat actors have had to adapt.

CERT alerts

Information about StrongPity waterhole attacks targeting Italian and Belgian encryption users (WinRAR and TrueCrypt)

The StrongPity APT is a technically capable group operating under the radar for several years. The group has quietly deployed zero-day in the past, effectively spearphished targets, and maintains a modular toolset.

Microsoft

MS Security Bulletin Summary october 2016

This bulletin summary lists security bulletins released for October 2016.

CERT alerts

Information about Sofacy’s ‘Komplex’ OS X Trojan

Unit 42 researchers identified a new OS X Trojan associated with the Sofacy group that we are now tracking with the ‘Komplex’ tag using the Palo Alto Networks AutoFocus threat intelligence platform.

CERT alerts

Information about Buckeye cyberespionage group, that shifts gaze from US to Hong Kong

Buckeye (also known as APT3, Gothic Panda, UPS Team, and TG-0110) is a cyberespionage group that is believed to have been operating for well over half a decade. Traditionally, the group attacked organizations in the US as well as other targets.

McAfee

Report september 2016

While many were away, we’ve been busy.Chris Young, Senior Vice President and General Manager of Intel Security, was appointed by the White House to serve on the US Department of Homeland Security’s National Security and Telecommunications Committee

Microsoft

MS Security Bulletin Summary september 2016

This bulletin summary lists security bulletins released for September 2016.

CERT alerts

Information about Oracle MICROS POS terminal breach

Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle‘s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices.

Microsoft

MS Security Bulletin Summary august 2016

This bulletin summary lists security bulletins released for August 2016.

CERT alerts

Information about Dropping Elephant – aggressive cyber-espionage in the Asian region

Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and economic targets using a custom set of attack tools.

CERT alerts

Information about NetTraveler APT targets Russian, and European interests

Throughout 2016, Proofpoint researchers tracked a cyber-espionage campaign targeting victims in Russia and neighboring countries. The actor utilizes spear phishing campaigns to deliver NetTraveler, also known as TravNet.

Regulations

EU Directive on Network and Information Systems security (in Hungarian)

AZ EURÓPAI PARLAMENT ÉS A TANÁCS (EU) 2016/1148 IRÁNYELVE (2016. július 6.) a hálózati és információs rendszerek biztonságának az egész Unióban egységesen magas szintjét biztosító intézkedésekről

CERT alerts

Information about espionage toolkit targeting Central and Eastern Europe

Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit.

Microsoft

MS Security Bulletin Summary july 2016

This bulletin summary lists security bulletins released for July 2016.

CERT alerts

Information about Asruex, a malware infecting through shortcut files

JPCERT/CC has been observing malicious shortcut files that are sent as email attachments to a limited range of organisations since around October 2015. When this shortcut file is opened, the host will be infected with malware called “Asruex”.

CERT alerts

Information about Prince of Persia malware campaign

Unit 42 published a blog at the beginning of May titled “Prince of Persia,” in which we described the discovery of a decade-long campaign using a formerly unknown malware family, Infy, that targeted government and industry interests worldwide.

CERT alerts

Infomation about Threat Group-4127 targets Google accounts

SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-41271 (TG-4127), which traditionally targets governments, military, international non-governmental organizations (NGOs), and most recently, Hillary Clinton’s email.

CERT alerts

Information about tracking Elirks variants in Japan

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation.