CERT alerts Information about KASPERAGENT malware campaign ThreatConnect has identified a KASPERAGENT malware campaign leveraging decoy Palestinian Authority documents. The samples date from April - May 2017, coinciding with the run up to the May 2017 Palestinian Authority elections.
CERT alerts Information about Win32/Industroyer a new threat against industrial control systems specifically Control systems used in electrical substations Win32/Industroyer is a sophisticated piece of malware designed to disruptthe working processes of industrial control systems (ICS), specificallyindustrial control systems used in electrical substations.
CERT alerts Analyzis of CRASHOVERRIDE the threat to Electric Grid Operations Dragos, Inc. was notified by the Slovak anti-virus firm ESET of an ICS tailored malware on June 8th, 2017.
Symantec Symantec Internet Security Threat Report 2017 Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups
CERT alerts Information about PLATINUM file transfer tool Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia , where we detailed the tactics, techniques, and procedures of the PLATINUM activity group.
CERT alerts Information about a phishing campaign targeting global law and investment firms In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government.
CERT alerts Information about operation Cobalt Kitty In this APT, the threat actor was very aware of the risks of exposure and tried to combat attribution as much as possible. This is often the case in this type of large-scale cyber espionage operations.
CERT alerts Cobalt Kitty: A large-scale APT in Asia The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information.
CERT alerts Researchers concluded that Chinese Ministry of State Security is behind APT3 APT3 is the first threat actor group that has been attributed with a high degree of confidence directly to the Chinese Ministry of State Security (MSS).
CERT alerts Information about APT32 and th Threat to Global Corporations mainly in Vietnam Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.
CERT alerts Information about cyber attack against Indian Central Bureau of Investigation (CBI) and Indian army officials IDSA (Institute for Defence Studies and Analyses) is an Indian think tank for advanced research in international relations.
CERT alerts Information about new versions of MM Core (file-less APT) BigBoss, and SillyGoose In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component.
CERT alerts Information about APT targets financial analysts in Russia and neighboring countries On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries.
CERT alerts Information about the Blockbuster sequel Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta.
CERT alerts A paper about Lazarus Group The Lazarus Group’s activity spans multiple years, going back as far as 2009. Its malware has been found in many serious cyberattacks.
CERT alerts Information about operation Cloud Hopper Exposing a systematic hacking operation with an unprecedented web of global victims April 2017
IBM Cybercrime Riding Tax Season Tides - April 2017 Cybercrime is a year-round, opportunistic crime, but some of the trends that affect rises in spam and fraud are driven by seasonal events. The most significant seasonal trend in that regard is Tax Season.
IBM Security trends in the financial services sector - April 2017 The financial services sector has been a magnet for cybercrime for over two decades now, and that was certainly true again in 2016.
IBM The weaponization of IoT devices - April 2017 Threat actors use botnets—networks of infected computers—for various cybercriminal purposes, most significantly distributed denial of service attacks against predefined targets.
CERT alerts Information about malware Dimnie In mid-January of 2017 Unit 42 researchers became aware of reports of open-source developers receiving malicious emails.
CERT alerts Information about APT Domain fronting with TOR Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years.
CERT alerts Information about Clearsky Operation Electric Powder targeting Israel Electric Company Attackers have been trying to breach IEC (Israel Electric Company) in a year-long campaign.From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites.
CERT alerts Information about Spear Fishing Campaign targets personnel involved with United States Securities and Exchange Comission filings at various organizations In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations.
CERT alerts Information about wiper attacks against Saudi organizations and beyond Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.
IBM IBM X-Force Threat Intelligent Index - March 2017 With Internet-shattering distributed-denial-of-service (DDoS) attacks, troves of records leaked through data breaches, and a renewed focus by organized cybercrime on business targets, 2016 was a defining year for security.
