The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a second-

The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. The APT33

Security researchers at ESET have uncovered a surveillance campaign using a new variant of FinFisher spyware, also known as FinSpy. Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved. “New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy

WikiLeaks has published a new batch of documents that details the Project Protego, a secret CIA Missile Control System Project for fighters Another week, another batch of CIA Vault7 leaks was published by Wikileaks. This time the documents provide details about the Project Protego, a CIA Secret Missile Control System. WikiLeaks published four secret docume

Security researchers at ESET have spotted a new cyber espionage campaign targeting embassies and consular operations with new Gazer Backdoor. Security researchers at ESET have spotted a new cyber espionage campaign targeting embassies, consulates, and ministries worldwide. Hackers leverage a new backdoor dubbed Gazer to spy on governments and diplomats. The

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelli

The security firm Symantec has discovered another cyber espionage campaign against India and Pakistan which is likely to be state-sponsored. Security experts at Symantec have uncovered a sustained cyber spying campaign against Indian and Pakistani entities involved in regional security issues. The nature of the targets and the threat actors’ techniques

Russia-linked hackers Fancy Bears claimed that around 160 football players failed drug tests in 2015, and 25 2010 World Cup players used doping medicines. A self-styled hacker group that calls itself Fancy Bears has set up the website fancybears.net to leak emails and medical records related to football players who used doping substances under a campaign dub

Security experts at Proofpoint have collected evidence that suggests that the Turla APT group is conducting a new espionage campaign. The experts discovered a newly dropper for the KopiLuwak backdoor, KopiLuwak is a JavaScript malware that was spotted early this year while the APT was delivering it to at least one victim leveraging a document containing an

Targeted attacks and malware campaigns Back to the future:  looking for a link between old and new APTs This year’s Security Analyst Summit (SAS) included interesting research findings on several targeted attack campaigns.  For example, researchers from Kaspersky Lab and King’s College London presented their findings on a possible link between Mo

The North Korea-linked Lazarus APT group as Lazarus is believed to be behind attacks targeting United States defense contractors. According to Palo Alto Networks, the North Korea-linked Lazarus APT group as Lazarus is believed to be behind attacks targeting United States defense contractors. The activity of the Lazarus APT Group surged in 2014 and 2015, its

Experts at Cylance noticed that the decoy document used in KONNI attacks is similar to the one used in recent campaigns of the DarkHotel APT. In May, Cisco Talos team discovered a RAT dubbed KONNI malware that targets organizations linked to North Korea. The malware, dubbed by researchers “KONNI,” was undetected for more than 3 years and was used in highly

Black Hat 2017 – Security experts develop GitPwnd, a tool that could be used by attackers to communicate with compromised devices via Git repositories. Even if the Black Hat conference was ended a few days ago, here we are discussing interesting talks of cyber security experts that participated at the event. Clint Gibler, a security researcher at NCC G

The threat actor behind Spring Dragon APT has been developing and updating its wide range of tools throughout the years, new attacks reported in South Asia. According to a new report published by Kaspersky Lab, the China-linked APT group Spring Dragon (aka Lotus Blossom, Elise, and Esile) has used more than 600 malware samples in its attacks over the past y

Microsoft used the lawsuit to disrupt a large number of cyber espionage campaigns conducted by infamous Fancy Bear APT hacking group We have discussed several times about hacking back and the case we are going to analyze is a good example of an alternative approach to hit back an APT group. Microsoft used the lawsuit to disrupt a large number of cyber espio