APT News, Articles and Updates

North Korea 'elite' tightening security, increasing obfuscation, abandoning Western social media

North Korea's ruling elite has boosted their operational security procedures and migrated away from Western social media, according to a report from Recorded Future.

New hacker groups emerging in Asia and in the Middle East, finds Kaspersky

Security researchers observed a noticeable spurt in the activities of advanced persistent threat (APT) groups based in certain parts of Asia and in the Middle East during the first three months of the year.

Facebook VP justifies company's data collection practices as central to its growth and mission

The memo penned by Andrew "Boz" Bosworth surfaced as the social media company is trying to restore user trust after Cambridge Analytica harvested data from the Facebook accounts of 50 million Americans without their consent.

Sophisticated hacking tools now in the hands of petty cyber-criminals

Sophisticated hacking tools and techniques like watering-hole attacks, once used only by nation states or proxies, now increasingly used by criminal hackers, fueling concerns that state-sponsored hackers may have gone rogue.

APT hackers hid Slingshot malware in routers for six years

Slingshot malware targeted almost 100 victims in the Middle East and Africa since at least 2012

Organisations need to identify nation state attacks - but not attackers

For an enterprise security team to attempt investigate who is behind an attack is extremely complicated and time consuming, and most importantly does very little to improve the organisation's defences against further attack.

Social media and engineering used to spread Tempted Cedar Spyware

Cyber-criminals are using social media and social engineering to dupe victims into downloading Advance Persistent Threat spyware disguised as the Kik messenger app.

Threat group APT-C-23 still active, releases GnatSpy mobile malware

A new mobile malware family, dubbed GnatSpy, that may be a much more dangerous variant of the earlier VAMP malware, has been reported in the wild.

Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber-espionage operation that targeted a Middle Eastern government organisation.

Microsoft issues warning on Dynamic Data Exchange vulnerability

With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.

APT28's latest Word doc attack eliminates needing to enable macros

The threat group APT28/Fancy Bear is now using a little used technique available in Microsoft Office that enables the cyber-gang to execute arbitrary code through a Word document, but without requiring macros to be enabled.

War plans including assassination plan stolen by North Korean hackers

North Korean hackers have stolen the joint South Korean-US plans for war with the north, including plans to assassinate North Korean leader Kim Jung Un according to an FT report quoting South Korea's Democratic party.

Shining a light into encrypted tunnels - 5 worst things attackers can do

Organisations must secure their encrypted tunnels or risk leaving themselves at the mercy of cyber-attackers says Nick Hunter who insists they can, and must, implement centralised intelligence and automated systems.

The evolution of DarkHotel: From Wi-Fi to complex social engineering

Cyber-criminal group and malware variant DarkHotel has changed its tactics, and has been actively infecting political figures through spear phishing techniques, and via peer-to-peer networks explains Bogdan Botezatu.

FireEye ties APT33 to Iran and attacks on US, Saudi Arabian interests

FireEye has laid out evidence that it believes connects the hacking of several US, Saudi Arabian and South Korean aerospace and petrochemical facilities to an Iranian cyber-group it has labeled APT33.

Pacifier APT backdoor components have suspected ties to Russia-linked Turla Group

Bitdefender researchers spotted three new Pacifier APT backdoor components that appear to connect the group's cyber-espionage campaigns against government institutions to the Russia-linked Turla Group.

NSA tools used to hack hotels; WikiLeaks in CIA Couch Potato dump

Travellers to Europe and the Middle East need to be aware of an on-going malware campaign that is targeting hotel and hospitality Wi-Fi networks and being used to glean guest and corporate information.

Trump crosses fingers while creation of Russia/US cyber-unit announced

Putin's first meeting with Trump at the G20 concluded with an agreement to help fight political interference by creating an international cyber-unit - an agreement which Trump is now saying he did not really mean.

Power industry significantly concerned of cyber-threats, says industry exec

National Grid spokesperson tells SC "gas and electricity networks are isolated from our everyday business systems to ensure our networks remain safe and reliable."

Survey: Experts say 'fake news' changing UK's political landscape

A new survey from DomainTools reveals the effect cyber-security professionals think that Fake News has had on the UK's political landscape.

Clinton's campaign manager: There will be a CISO in every campaign

Clinton's presidential election campaign manager, Robby Mook, told a crowd in London about his experience of 'election hacking.'

NSA Double Pulsar malware found mining monero for malicious miscreants

Yet another case of cyber-criminals using NSA hacking tools has emerged, this time leveraged to mine crypto-currency.

Declassified report: NSA didn't learn Snowden lessons - open to insiders

A declassified report has slammed the NSA for not fully implementing the recommendations given to the agency after the Snowden leaks.

Spyware found targeting Mexican journalists, lawyers and activists

NSO Group spyware has been found attempting to surveil the communications of Mexican citizens, engaged in high profile corruption investigations.

Vault 7: WikiLeaks dumps reveal CIA's use of home router exploits

The latest WikiLeaks dump shows off the CIA's exploitation of vulnerabilities in internet routers.

Report: The world needs an independent cyber attribution consortium

A report from Microsoft and RAND has called for an independent cyber-attribution body, to lend some credibility to a practice that is seen to be ridden with politicisation and hype.

Pyongyang calling: GCHQ also now pins WannaCry on North Korea

Not much is known of the investigation by the NCSC into the attack, but experts disagree on the validity of the claims.

NSA: North Korean spies behind global WannaCry Ransomware attacks

The US National Security Agency has announced it believes with 'moderate confidence' that North Korea was behind last month's WannaCry ransomware attacks.

InfoSec 2017: What are Fancy Bears and why it matters, even for SMEs

SC spoke to Adam Meyers, VP of intelligence at Crowdstrike at this year's InfoSec Europe 2017 about attribution and why it could be useful even for smaller businesses.

Ukraine conflict puts cyber-security high on agenda in Eastern Europe

The military conflict in Ukraine, and the accusations of Russian hackers targeting the Kremlin's political opponents in last November's US presidential election, have put cyber-security higher on the agenda of various countries in Eastern Europe. SC correspondent Jaroslaw Adamowski reports...