Archive for the ‘APT’ Category

New APT ChamelGang Targets Russian Energy, Aviation Orgs

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. A new APT group has emerged thatā€™s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Serverā€™s ProxyShell and leveraging both […]

Leave a Comment

The fire in the OVH datacenter also impacted APTs and cybercrime groups

OVH, one of the largest hosting providers in the world,Ā has sufferedĀ this week a terrible fire that destroyed its data centers located inĀ Strasbourg. The French plant in Strasbourg includes 4 data centers,Ā SBG1, SBG2, SBG3, and SBG4 that were shut down due to the incident, and the fire started in SBG2 one. The fire impacted the services […]

Leave a Comment

External Remote Services

Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote […]

Leave a Comment

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research teamĀ discovered that China-linkedĀ APT31Ā group (akaĀ Zirconium.) used a tool dubbed Jian, which is a clone ofĀ NSA Equation GroupĀ ā€˜s ā€œEpMeā€ hacking tool years before it was leaked online […]

Leave a Comment

Microsoft to notify Office 365 users of nation-state attacks

The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. Since this Saturday, the new alert service was added to the Microsoft 365 roadmap website. ā€œNation state threats are defined as cyber threat activity that originates in a particular country with the apparent intent of furthering national interests. These attacks […]

Leave a Comment

More SolarWinds News

Leave a Comment

Lebanese Cedar APT group broke into telco and ISPs worldwide

Clearsky researchers linked the Lebanese Cedar APT group to a cyber espionage campaign that targeted companies around the world. Clearsky researchers linked the Lebanese Cedar group (aka Volatile Cedar) to a cyber espionage campaign that targeted companies around the world. The APT group has been active since 2012, experts linked the group to the Hezbollah militant group. […]

Leave a Comment