CERT alerts Cobalt Kitty: A large-scale APT in Asia The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information.
CERT alerts Researchers concluded that Chinese Ministry of State Security is behind APT3 APT3 is the first threat actor group that has been attributed with a high degree of confidence directly to the Chinese Ministry of State Security (MSS).
CERT alerts Information about APT32 and th Threat to Global Corporations mainly in Vietnam Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.
CERT alerts Information about cyber attack against Indian Central Bureau of Investigation (CBI) and Indian army officials IDSA (Institute for Defence Studies and Analyses) is an Indian think tank for advanced research in international relations.
CERT alerts Information about new versions of MM Core (file-less APT) BigBoss, and SillyGoose In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component.
CERT alerts Information about APT targets financial analysts in Russia and neighboring countries On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries.
CERT alerts Information about the Blockbuster sequel Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta.
CERT alerts A paper about Lazarus Group The Lazarus Group’s activity spans multiple years, going back as far as 2009. Its malware has been found in many serious cyberattacks.
CERT alerts Information about operation Cloud Hopper Exposing a systematic hacking operation with an unprecedented web of global victims April 2017
IBM Cybercrime Riding Tax Season Tides - April 2017 Cybercrime is a year-round, opportunistic crime, but some of the trends that affect rises in spam and fraud are driven by seasonal events. The most significant seasonal trend in that regard is Tax Season.
IBM Security trends in the financial services sector - April 2017 The financial services sector has been a magnet for cybercrime for over two decades now, and that was certainly true again in 2016.
IBM The weaponization of IoT devices - April 2017 Threat actors use botnets—networks of infected computers—for various cybercriminal purposes, most significantly distributed denial of service attacks against predefined targets.
CERT alerts Information about malware Dimnie In mid-January of 2017 Unit 42 researchers became aware of reports of open-source developers receiving malicious emails.
CERT alerts Information about APT Domain fronting with TOR Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years.
CERT alerts Information about Clearsky Operation Electric Powder targeting Israel Electric Company Attackers have been trying to breach IEC (Israel Electric Company) in a year-long campaign.From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites.
CERT alerts Information about Spear Fishing Campaign targets personnel involved with United States Securities and Exchange Comission filings at various organizations In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations.
CERT alerts Information about wiper attacks against Saudi organizations and beyond Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.
Microsoft MS Security Bulletin Summary march 2017 This bulletin summary lists security bulletins released for March 2017
McAfee Report march 2017 Last fall, cybersecurity crossed into political territory in a major way. In the United States, there were attacks on entities associated with both major political parties, apparently in an attempt to influence the U.S. presidential election.
IBM IBM X-Force Threat Intelligent Index - March 2017 With Internet-shattering distributed-denial-of-service (DDoS) attacks, troves of records leaked through data breaches, and a renewed focus by organized cybercrime on business targets, 2016 was a defining year for security.
CERT alerts Information about a Japanese centric threat In an effort to expose a common problem we see happening in the industry, Cylance® would like to shed some light on just how easy it is to fake attribution.
CERT alerts Information about threat group Gamaredon Group Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.
CERT alerts Information about Spear Fishing campaign targeting the Mongolian government FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy
CERT alerts Information about Shamoon 2 malware IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia.
CERT alerts Information about Lazarus FalseFlag Malware We continue to investigate the recent wave of attacks on banks using watering-holes on at least two financial regulator websites as well as others. Our initial analysis of malware disclosed in the BadCyber blog hinted at the involvement of the 'Lazarus' threat actor.
