CERT alerts factsheet-charter-of-trust-e The most important decision-makers in international security policy will be gathering once again at the Munich Security Conference (MSC) from February 16 to 18, 2018. Some 500 VIPs from all over the world will meet to discuss current crises and future challenges in international security policy.
CERT alerts Analysis of ExPetr malware Much has been written about the recent ExPetr/NotPetya/Nyetya/Petya outbreak – you can read our findings here:Schroedinger’s Pet(ya) and ExPetr is a wiper, not ransomware.
CERT alerts Information about KASPERAGENT malware campaign ThreatConnect has identified a KASPERAGENT malware campaign leveraging decoy Palestinian Authority documents. The samples date from April - May 2017, coinciding with the run up to the May 2017 Palestinian Authority elections.
CERT alerts Information about Win32/Industroyer a new threat against industrial control systems specifically Control systems used in electrical substations Win32/Industroyer is a sophisticated piece of malware designed to disruptthe working processes of industrial control systems (ICS), specificallyindustrial control systems used in electrical substations.
CERT alerts Analyzis of CRASHOVERRIDE the threat to Electric Grid Operations Dragos, Inc. was notified by the Slovak anti-virus firm ESET of an ICS tailored malware on June 8th, 2017.
CERT alerts Information about PLATINUM file transfer tool Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia , where we detailed the tactics, techniques, and procedures of the PLATINUM activity group.
CERT alerts Information about a phishing campaign targeting global law and investment firms In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government.
CERT alerts Information about operation Cobalt Kitty In this APT, the threat actor was very aware of the risks of exposure and tried to combat attribution as much as possible. This is often the case in this type of large-scale cyber espionage operations.
CERT alerts Cobalt Kitty: A large-scale APT in Asia The investigation of a massive cyber espionage APT (Advanced Persistent Threat) became a game of one-upmanship between attackers and defenders. Dubbed Operation Cobalt Kitty, the APT targeted a global corporation based in Asia with the goal of stealing proprietary business information.
CERT alerts Researchers concluded that Chinese Ministry of State Security is behind APT3 APT3 is the first threat actor group that has been attributed with a high degree of confidence directly to the Chinese Ministry of State Security (MSS).
CERT alerts Information about APT32 and th Threat to Global Corporations mainly in Vietnam Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists.
CERT alerts Information about cyber attack against Indian Central Bureau of Investigation (CBI) and Indian army officials IDSA (Institute for Defence Studies and Analyses) is an Indian think tank for advanced research in international relations.
CERT alerts Information about new versions of MM Core (file-less APT) BigBoss, and SillyGoose In October 2016 Forcepoint Security Labs™ discovered new versions of the MM Core backdoor being used in targeted attacks. Also known as “BaneChant”, MM Core is a file-less APT which is executed in memory by a downloader component.
CERT alerts Information about APT targets financial analysts in Russia and neighboring countries On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries.
CERT alerts Information about the Blockbuster sequel Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta.
CERT alerts A paper about Lazarus Group The Lazarus Group’s activity spans multiple years, going back as far as 2009. Its malware has been found in many serious cyberattacks.
CERT alerts Information about operation Cloud Hopper Exposing a systematic hacking operation with an unprecedented web of global victims April 2017
CERT alerts Information about malware Dimnie In mid-January of 2017 Unit 42 researchers became aware of reports of open-source developers receiving malicious emails.
CERT alerts Information about APT Domain fronting with TOR Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years.
CERT alerts Information about Clearsky Operation Electric Powder targeting Israel Electric Company Attackers have been trying to breach IEC (Israel Electric Company) in a year-long campaign.From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites.
CERT alerts Information about Spear Fishing Campaign targets personnel involved with United States Securities and Exchange Comission filings at various organizations In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations.
CERT alerts Information about wiper attacks against Saudi organizations and beyond Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.
CERT alerts Information about a Japanese centric threat In an effort to expose a common problem we see happening in the industry, Cylance® would like to shed some light on just how easy it is to fake attribution.
CERT alerts Information about threat group Gamaredon Group Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.
