Espionage comes in many forms, for advanced persistent threat (APT) “UNC3524” as dubbed by security company Mandiant, the objective is to collect emails dealing with corporate development, mergers & acquisitions, and corporate transactions. “UNC3524” was first discovered in December 2019 and has been tracked since then. The group’s corporate targets and interest in M&A plans point to financial motivation, however, the group’s ability to linger in a target environment while collecting emails, s
Our friends at the National Defense Transportation Association (NDTA) shared a PowerPoint from the BIO-ISAC that explains recent cyber-attacks on Bio-Manufacturing research and development companies. A serious APT attack has been identified in the biomanufacturing sector that has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.
The APT is named Tardigrade and was publicly announced on 22 November 2021. As with any
- Red Sky Alliance observed 58 new unique email accounts compromised with Keyloggers
- Analysts identified 30,373 connections from new unique IP addresses
- 3,512 new IP addresses participating in various Botnets were Observed
- Security Researcher under Attack
- CISA’s New Tool – Aviary
- FormBook Malware
- State Sponsored APT
- Lazarus and Vyvera
- TiT-for-TaT is Never Good
- Myanmar and Taiwan Protests
Link to full report: IR-21-106-001_weekly_106.pdf
Palmerworm, an advanced persistent threat (APT) group, has been active since 2013 and is engage in cyber espionage campaigns that target organizations in the US, East Asia, particularly Taiwan, and occasionally Japan and Hong Kong. Palmerworm hackers are using new customized malware as well as ‘living off the land’ techniques manipulating tools and commands already built into an operating system for malicious purposes.
This APT group, also known as BlackTech, has conducted long-term espionage c
Note: this page contains paid content.
Please, subscribe to get an access.