apt (7)

10828879475?profile=RESIZE_400xOperational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors.  These cyber actors, including advanced persistent threat (APT) groups, target OT/ICS assets to achieve political gains, economic advantages, or destructive effects. Because OT/ICS systems manage physical operational processes, cyber actors’ operations could result in physica

10795895677?profile=RESIZE_400xSecurity researchers have warned that countless global organizations might be at risk of remote compromise after discovering more than 8000 exposed Virtual Network Computing (VNC) instances. Virtual networking enables communication between multiple computers, virtual machines (VMs), virtual servers, or other devices across different office and data center locations. While physical networking connects computers through cabling and other hardware, virtual networking extends these capabilities by u

10792932283?profile=RESIZE_400xThe Newcomer’s Guide to Cyber Threat Actor Naming (original article from 2018)

I was driven by a deep frustration when I started my public “APT Groups and Operations” spreadsheet in 2015.  I couldn’t understand why I had to handle so many different names for the same threat actor.  Today (2018), I understand the reasons for the different names and would like to explain to them so newcomers stop asking for standardization. Off the record: you just reveal a lack of insight by demanding complete st

10477932254?profile=RESIZE_400xEspionage comes in many forms, for advanced persistent threat (APT) “UNC3524” as dubbed by security company Mandiant, the objective is to collect emails dealing with corporate development, mergers & acquisitions, and corporate transactions.  “UNC3524” was first discovered in December 2019 and has been tracked since then.  The group’s corporate targets and interest in M&A plans point to financial motivation, however, the group’s ability to linger in a target environment while collecting emails, s

9987360054?profile=RESIZE_400xOur friends at the National Defense Transportation Association (NDTA) shared a PowerPoint from the BIO-ISAC that explains recent cyber-attacks on Bio-Manufacturing research and development companies.  A serious APT attack has been identified in the biomanufacturing sector that has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.

The APT is named Tardigrade and was publicly announced on 22 November 2021.  As with any

8801927301?profile=RESIZE_400xActivity Summary - Week Ending 16 April 2021:

  • Red Sky Alliance observed 58 new unique email accounts compromised with Keyloggers
  • Analysts identified 30,373 connections from new unique IP addresses
  • 3,512 new IP addresses participating in various Botnets were Observed
  • Security Researcher under Attack
  • CISA’s New Tool – Aviary
  • FormBook Malware
  • State Sponsored APT
  • Lazarus and Vyvera
  • TiT-for-TaT is Never Good
  • Myanmar and Taiwan Protests

Link to full report: IR-21-106-001_weekly_106.pdf

 

8031757487?profile=RESIZE_400xPalmerworm, an advanced persistent threat (APT) group, has been active since 2013 and is engage in cyber espionage campaigns that target organizations in the US, East Asia, particularly Taiwan, and occasionally Japan and Hong Kong.  Palmerworm hackers are using new customized malware as well as ‘living off the land’ techniques manipulating tools and commands already built into an operating system for malicious purposes.

This APT group, also known as BlackTech, has conducted long-term espionage c