Information Security newsfeed from around the world in English and French. Find it all in one place… here.
Les chercheurs de Kaspersky ont identifié une nouvelle campagne, jusqu’alors inconnue, menée par Lazarus, un acteur APT très prolifique. Actif depuis au moins 2009, Lazarus est lié à un certain nombre de campagnes, notamment à l’encontre du marché des crypto-monnaies. The post Le groupe APT Lazarus se tourne à présent vers l’industrie de la défense […]
Continue ReadingBy Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in the past.This campaign hides the ObliqueRAT payload in seemingly benign image files hosted […]
Continue Reading
Lazarus targets defense industry with ThreatNeedle (PDF) We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking […]
Continue ReadingBy Warren Mercer and Vitor Ventura. Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated with high-visibility campaigns, Cisco Talos sees it is incredibly active and we believe the group is […]
Continue ReadingTendances des cybermenaces, tactiques et leurres les plus utilisés, Proofpoint dévoile son nouveau rapport sur les menaces au 4e trimestre 2020. Il met en exergue le facteur humain comme premier vecteur de menace et propose d’explorer la façon dont les attaquants agissent et les moyens pour s’en prémunir. The post Rapport de Cybermenaces Proofpoint – […]
Continue Reading
Researchers at cybersecurity firm Lookout have published information on two recently discovered Android spyware families utilized by an advanced persistent threat (APT) group named Confucius. Lookout said that two malware strains, named Hornbill and SunBird, have been linked to Confucius, a group thought to be state-sponsored and to have pro-India ties. First detected in […]
Continue ReadingNations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them. Protect […]
Continue ReadingGoogle’s Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG’s blog outlines the attacker’s motivations and various TTPs used in these attacks. We can confirm that multiple Cisco Talos researchers received messages that appear to be linked to this campaign. As you can see […]
Continue ReadingResearchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. Source: Threatpost.com
Continue Reading
Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; […]
Continue Reading