APT News, Articles and Updates

Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber-espionage operation that targeted a Middle Eastern government organisation.

Microsoft issues warning on Dynamic Data Exchange vulnerability

With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.

APT28's latest Word doc attack eliminates needing to enable macros

The threat group APT28/Fancy Bear is now using a little used technique available in Microsoft Office that enables the cyber-gang to execute arbitrary code through a Word document, but without requiring macros to be enabled.

War plans including assassination plan stolen by North Korean hackers

North Korean hackers have stolen the joint South Korean-US plans for war with the north, including plans to assassinate North Korean leader Kim Jung Un according to an FT report quoting South Korea's Democratic party.

Shining a light into encrypted tunnels - 5 worst things attackers can do

Organisations must secure their encrypted tunnels or risk leaving themselves at the mercy of cyber-attackers says Nick Hunter who insists they can, and must, implement centralised intelligence and automated systems.

The evolution of DarkHotel: From Wi-Fi to complex social engineering

Cyber-criminal group and malware variant DarkHotel has changed its tactics, and has been actively infecting political figures through spear phishing techniques, and via peer-to-peer networks explains Bogdan Botezatu.

FireEye ties APT33 to Iran and attacks on US, Saudi Arabian interests

FireEye has laid out evidence that it believes connects the hacking of several US, Saudi Arabian and South Korean aerospace and petrochemical facilities to an Iranian cyber-group it has labeled APT33.

Pacifier APT backdoor components have suspected ties to Russia-linked Turla Group

Bitdefender researchers spotted three new Pacifier APT backdoor components that appear to connect the group's cyber-espionage campaigns against government institutions to the Russia-linked Turla Group.

NSA tools used to hack hotels; WikiLeaks in CIA Couch Potato dump

Travellers to Europe and the Middle East need to be aware of an on-going malware campaign that is targeting hotel and hospitality Wi-Fi networks and being used to glean guest and corporate information.

Trump crosses fingers while creation of Russia/US cyber-unit announced

Putin's first meeting with Trump at the G20 concluded with an agreement to help fight political interference by creating an international cyber-unit - an agreement which Trump is now saying he did not really mean.

Power industry significantly concerned of cyber-threats, says industry exec

National Grid spokesperson tells SC "gas and electricity networks are isolated from our everyday business systems to ensure our networks remain safe and reliable."

Survey: Experts say 'fake news' changing UK's political landscape

A new survey from DomainTools reveals the effect cyber-security professionals think that Fake News has had on the UK's political landscape.

Clinton's campaign manager: There will be a CISO in every campaign

Clinton's presidential election campaign manager, Robby Mook, told a crowd in London about his experience of 'election hacking.'

NSA Double Pulsar malware found mining monero for malicious miscreants

Yet another case of cyber-criminals using NSA hacking tools has emerged, this time leveraged to mine crypto-currency.

Declassified report: NSA didn't learn Snowden lessons - open to insiders

A declassified report has slammed the NSA for not fully implementing the recommendations given to the agency after the Snowden leaks.

Spyware found targeting Mexican journalists, lawyers and activists

NSO Group spyware has been found attempting to surveil the communications of Mexican citizens, engaged in high profile corruption investigations.

Vault 7: WikiLeaks dumps reveal CIA's use of home router exploits

The latest WikiLeaks dump shows off the CIA's exploitation of vulnerabilities in internet routers.

Report: The world needs an independent cyber attribution consortium

A report from Microsoft and RAND has called for an independent cyber-attribution body, to lend some credibility to a practice that is seen to be ridden with politicisation and hype.

Pyongyang calling: GCHQ also now pins WannaCry on North Korea

Not much is known of the investigation by the NCSC into the attack, but experts disagree on the validity of the claims.

NSA: North Korean spies behind global WannaCry Ransomware attacks

The US National Security Agency has announced it believes with 'moderate confidence' that North Korea was behind last month's WannaCry ransomware attacks.

InfoSec 2017: What are Fancy Bears and why it matters, even for SMEs

SC spoke to Adam Meyers, VP of intelligence at Crowdstrike at this year's InfoSec Europe 2017 about attribution and why it could be useful even for smaller businesses.

Ukraine conflict puts cyber-security high on agenda in Eastern Europe

The military conflict in Ukraine, and the accusations of Russian hackers targeting the Kremlin's political opponents in last November's US presidential election, have put cyber-security higher on the agenda of various countries in Eastern Europe. SC correspondent Jaroslaw Adamowski reports...

Ocean Lotus Group/APT 32 identified as Vietnamese APT group

Vietnam has gotten its first designated APT group, notable for being used in regulatory matters, marking rise of advanced APT groups from even small countries.

North Korea APT and WannaCry linked by multiple independent researchers

If North Korea is behind the 11 May WannaCry attack, it would be the first known time a nation-state sponsored and perpetrated a ransomware attack.

The aftermath: how should we respond to the implications of WannaCry?

What are we to make of Friday's events? how will we respond? and how might such an event shape our world in the days and months ahead?

Cyber Czar Giuliani's 'cyber doctrine' still unfinished

A legal framework for the US to respond to cyber-offensive operations is still hanging in Limbo as the Director of National Intelligence draws a blank on its status.

Macron's digital director reveals campaign of guerilla cyber-defence

An interview with the New York Times has revealed the Macron campaign's employment of fake information to confuse and waylay would-be attackers.

Other side of the tracks - spotting intruders on the rail network

SC's Tony Morbin visited Arriva Trains Wales in its Cardiff office to find out how the Welsh trains company was tackling attacks on its network.

Security & Counter Terror Expo: Integrating cyber and physical security

This year's Security & Counter Terror Expo put a fine point on the importance of cybersecurity as well as the need to integrate it with other disciplines.

Multiple groups likely collaborating on Shamoon

Multiple hacker groups may be collaborating on behalf of a nation-state actor, according to a new report.