Advanced Persistent Threat (APT) actors have exploited known vulnerabilities in Zoho ManageEngine and Fortinet VPN products to hack an organization in the aeronautical sector, according to a joint report from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Command’s Cyber National Mission Force (CNMF). Impacting more than 20 on-premises Zoho ManageEngine products, the first bug, tracked as CVE-2022-47966 (CVSS score of 9.8), allows remote attackers to execute
apt (8)
Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. These cyber actors, including advanced persistent threat (APT) groups, target OT/ICS assets to achieve political gains, economic advantages, or destructive effects. Because OT/ICS systems manage physical operational processes, cyber actors’ operations could result in physica
Security researchers have warned that countless global organizations might be at risk of remote compromise after discovering more than 8000 exposed Virtual Network Computing (VNC) instances. Virtual networking enables communication between multiple computers, virtual machines (VMs), virtual servers, or other devices across different office and data center locations. While physical networking connects computers through cabling and other hardware, virtual networking extends these capabilities by u
The Newcomer’s Guide to Cyber Threat Actor Naming (original article from 2018)
I was driven by a deep frustration when I started my public “APT Groups and Operations” spreadsheet in 2015. I couldn’t understand why I had to handle so many different names for the same threat actor. Today (2018), I understand the reasons for the different names and would like to explain to them so newcomers stop asking for standardization. Off the record: you just reveal a lack of insight by demanding complete st
Espionage comes in many forms, for advanced persistent threat (APT) “UNC3524” as dubbed by security company Mandiant, the objective is to collect emails dealing with corporate development, mergers & acquisitions, and corporate transactions. “UNC3524” was first discovered in December 2019 and has been tracked since then. The group’s corporate targets and interest in M&A plans point to financial motivation, however, the group’s ability to linger in a target environment while collecting emails, s
Our friends at the National Defense Transportation Association (NDTA) shared a PowerPoint from the BIO-ISAC that explains recent cyber-attacks on Bio-Manufacturing research and development companies. A serious APT attack has been identified in the biomanufacturing sector that has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.
The APT is named Tardigrade and was publicly announced on 22 November 2021. As with any
Activity Summary - Week Ending 16 April 2021:
- Red Sky Alliance observed 58 new unique email accounts compromised with Keyloggers
- Analysts identified 30,373 connections from new unique IP addresses
- 3,512 new IP addresses participating in various Botnets were Observed
- Security Researcher under Attack
- CISA’s New Tool – Aviary
- FormBook Malware
- State Sponsored APT
- Lazarus and Vyvera
- TiT-for-TaT is Never Good
- Myanmar and Taiwan Protests
Link to full report: IR-21-106-001_weekly_106.pdf
Palmerworm, an advanced persistent threat (APT) group, has been active since 2013 and is engage in cyber espionage campaigns that target organizations in the US, East Asia, particularly Taiwan, and occasionally Japan and Hong Kong. Palmerworm hackers are using new customized malware as well as ‘living off the land’ techniques manipulating tools and commands already built into an operating system for malicious purposes.
This APT group, also known as BlackTech, has conducted long-term espionage c
