Articles Tagged with ''advanced persistent threat''

We are at war; a cyber war

September 20, 2021

Is the U.S. in a cyber war? Here, Eric Jeffery, Sr. Solutions Architect for IBM Security, explores the scale of the latest nation-state sponsored cyberattacks.

APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus

September 17, 2021

State-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021

Kimsuky APT continues to target South Korean government

June 9, 2021

The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima— continues to target the South Korean government, according to the Malwarebytes Threat Intelligence team, who is actively monitoring this actor and has been able to spot phishing websites, malicious documents, and scripts that have been used to target high profile people within the government of South Korea. The structure and TTPs used in these recent activities align with what has been reported in KISA’s report.

APT actors exploiting Fortinet vulnerabilities to gain access to local governments

May 28, 2021

A web server hosting the domain for a local government in the United States was recently breached by advanced hackers taking advantage of old vulnerabilities in firewalls sold by Fortinet, according to an FBI Flash Alert issued. After gaining access to the local government organization's server, the advanced persistent threat (APT) actors moved laterally through the network and created new domain controller, server, and workstation user accounts mimicking already existing ones.

FBI-DHS-CISA release joint advisory on Russian foreign intelligence service cyber operations

April 27, 2021

The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities. The SVR activity—which includes the recent SolarWinds Orion supply chain compromise—primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information.

Malwarebytes unveils a new APT group: LazyScripter

February 26, 2021

Malwarebytes’ Threat Intelligence analysts introduced a new APT group they have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group.

US intelligence agencies say Russian threat actors are likely behind SolarWinds hack

Maria Henriquez

January 6, 2021

FBI, ODNI, CISA & NSA issued a joint statement saying their investigation indicates an APT actor "likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."

CISA warns APT groups targeting US think tanks

Maria Henriquez

December 3, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks.

Turla Crutch attacks Ministry of Foreign Affairs in an EU country, misuses Dropbox in cyber-espionage

December 2, 2020

ESET researchers discovered a previously undocumented backdoor and document stealer used for cyber-espionage. ESET has been able to attribute the program, dubbed Crutch by its developers, to the infamous Turla APT group. It was in use from 2015 until at least early 2020. ESET has seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets. These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators.

Attackers targeting non-governmental organizations in Myanmar with new ‘KilllSomeOne’ backdoor

Operators used four different DLL side-loading scenarios to install and execute new malware after removing a resident PlugX Backdoor

November 4, 2020

Sophos uncovered attackers using DLL side-loading to execute malicious code and install backdoors in the networks of targeted organizations. A report published, “A New APT uses DLL Side-loads to Killl Someone,” outlines the discovery of four different DLL side-loading scenarios, which all share the same program database path and some of which carry a file named “KilllSomeOne.”

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.