Cybercrime - W/E - 090718
Malicious Android Campaign Takes Aim at the Middle East (09/04/2018)
Symantec has shared details about the APT-C-23 threat group that has targeted victims in the Middle East, registered hundreds of domains, and infected thousands of people in more than 20 countries. The group uses chat applications and fake updates to popular apps to hide its malware and distributes the nefarious files via SMS with a URL to Google Drive or a command and control domain that hosts the Android Package Kit.
Symantec has shared details about the APT-C-23 threat group that has targeted victims in the Middle East, registered hundreds of domains, and infected thousands of people in more than 20 countries. The group uses chat applications and fake updates to popular apps to hide its malware and distributes the nefarious files via SMS with a URL to Google Drive or a command and control domain that hosts the Android Package Kit.
OilRig GroupThreat Entity Continues to Plague Middle East with OopsIE Trojan in Tow (09/06/2018)
The OilRig threat group is hitting entities in the Middle East and using a revamped version of the OopsIE Trojan, research from Palo Alto Networks has determined. OilRig is thought to have connections to the Iranian Intelligence agency and the Islamic Revolutionary Guard Corps. OopsIE, which was first identified in February, is a data exfiltration malware, but the latest variant includes significant updates to its anti-detection techniques.
The OilRig threat group is hitting entities in the Middle East and using a revamped version of the OopsIE Trojan, research from Palo Alto Networks has determined. OilRig is thought to have connections to the Iranian Intelligence agency and the Islamic Revolutionary Guard Corps. OopsIE, which was first identified in February, is a data exfiltration malware, but the latest variant includes significant updates to its anti-detection techniques.
The Ties that Bind: Research Links Threat Groups with Chinese Government (09/06/2018)
APT10, a threat actor thought to be in China, may have ties to the Chinese Ministry of State Security (MSS). CrowdStrike cited research from other security vendors and explained that APT10, which is also known by various other names including Stone Panda, was analyzed by an anonymous group called IntrusionTruth, which found several instances that connect the threat entity with the Chinese security agency. CrowdStrike warned that another group, Gothic Panda (also known as APT3), has connections to MSS.
APT10, a threat actor thought to be in China, may have ties to the Chinese Ministry of State Security (MSS). CrowdStrike cited research from other security vendors and explained that APT10, which is also known by various other names including Stone Panda, was analyzed by an anonymous group called IntrusionTruth, which found several instances that connect the threat entity with the Chinese security agency. CrowdStrike warned that another group, Gothic Panda (also known as APT3), has connections to MSS.
Thousands of MikroTik Routers Attacked to Eavesdrop on Traffic (09/06/2018)
Over 7.500 MikroTik routers are being exploited by cyber thieves using a vulnerability to intercept Internet traffic. The vulnerability, which is found in Winbox, a component to the MikroTikRouterOS software, lets the thieves gain access to routers that have Socks4 proxy enabled. Further details regarding this issue have been made available by 360 Netlab.
Over 7.500 MikroTik routers are being exploited by cyber thieves using a vulnerability to intercept Internet traffic. The vulnerability, which is found in Winbox, a component to the MikroTikRouterOS software, lets the thieves gain access to routers that have Socks4 proxy enabled. Further details regarding this issue have been made available by 360 Netlab.