CERT alerts

A paper about Lazarus Group

The Lazarus Group’s activity spans multiple years, going back as far as 2009. Its malware has been found in many serious cyberattacks.

CERT alerts

Information about operation Cloud Hopper

Exposing a systematic hacking operation with an unprecedented web of global victims April 2017

IBM

Cybercrime Riding Tax Season Tides - April 2017

Cybercrime is a year-round, opportunistic crime, but some of the trends that affect rises in spam and fraud are driven by seasonal events. The most significant seasonal trend in that regard is Tax Season.

IBM

Security trends in the financial services sector - April 2017

The financial services sector has been a magnet for cybercrime for over two decades now, and that was certainly true again in 2016.

IBM

The weaponization of IoT devices - April 2017

Threat actors use botnets—networks of infected computers—for various cybercriminal purposes, most significantly distributed denial of service attacks against predefined targets.

CERT alerts

Information about malware Dimnie

In mid-January of 2017 Unit 42 researchers became aware of reports of open-source developers receiving malicious emails.

CERT alerts

Information about APT Domain fronting with TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years.

CERT alerts

Information about Clearsky Operation Electric Powder targeting Israel Electric Company

Attackers have been trying to breach IEC (Israel Electric Company) in a year-long campaign.From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites.

CERT alerts

Information about Spear Fishing Campaign targets personnel involved with United States Securities and Exchange Comission filings at various organizations

In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations.

CERT alerts

Information about wiper attacks against Saudi organizations and beyond

Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.

IBM

IBM X-Force Threat Intelligent Index - March 2017

With Internet-shattering distributed-denial-of-service (DDoS) attacks, troves of records leaked through data breaches, and a renewed focus by organized cybercrime on business targets, 2016 was a defining year for security.

McAfee

Report march 2017

Last fall, cybersecurity crossed into political territory in a major way. In the United States, there were attacks on entities associated with both major political parties, apparently in an attempt to influence the U.S. presidential election.

Microsoft

MS Security Bulletin Summary march 2017

This bulletin summary lists security bulletins released for March 2017

CERT alerts

Information about a Japanese centric threat

In an effort to expose a common problem we see happening in the industry, Cylance® would like to shed some light on just how easy it is to fake attribution.

CERT alerts

Information about threat group Gamaredon Group

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.

CERT alerts

Information about Spear Fishing campaign targeting the Mongolian government

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy

CERT alerts

Information about Shamoon 2 malware

IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia.

CERT alerts

Information about Lazarus FalseFlag Malware

We continue to investigate the recent wave of attacks on banks using watering-holes on at least two financial regulator websites as well as others. Our initial analysis of malware disclosed in the BadCyber blog hinted at the involvement of the 'Lazarus' threat actor.

CERT alerts

Information about ChChes malware

Since around October 2016, JPCERT/CC has been confirming emails that are sent to Japanese organisations with a ZIP file attachment containing executable files. The targeted emails, which impersonate existing persons, are sent from free email address services available in Japan.

CERT alerts

Information about attack against soldiers of Israeli Defense Force compromising their devices with Android OS

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ command and control server.

CERT alerts

Information about ViperRat: a mobile APT

ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force.

CERT alerts

Information about operation BugDrop targeting Ukrainian organizations

CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine.

CERT alerts

Information about Shamoon attacks (affected government and civil organizations across Gulf states)

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) team identified a missing link in the operations of a threat actor involved in recent Shamoon malware attacks against Gulf state organizations.

CERT alerts

Information about PuppyRAT malware

SecureWorks® Counter Threat Unit™ (CTU) researchers analyzed a phishing campaign that targeted a Middle Eastern organization in early January 2017. Some of messages were sent from legitimate email addresses belonging to several Middle Eastern organizations.

CERT alerts

Information about Magic Hound campaign attacks Saudi targets

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound.