Hackers Behind the Iran

Iran
MuddyWater
OilRig

The asymmetric nature of the cyberwarfare domain has enabled Iran to carry out the most sophisticated and costly cyber attacks in the history of the internet age

22-09-2022 Cyber Journal

From Altai To The Red Square

apt28
Fancy Bear
TG-4127

The Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.

22-09-2022 Cyber Journal

Cyber Security in Elections

election
election security

In recent years, the effect of cyber operations on the elections of countries has been increasing rapidly and it has been observed that interstate operations are carried out with cyber espionage campaigns.

22-09-2022 Cyber Journal

The Cyber Face of Economic Development

GEARSHIFT
apt41
Winnti

Like other Chinese espionage operators, hacker groups, espionage targeting has generally aligned with China's Five-Year economic development plans. The group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity.

22-09-2022 Cyber Journal

The Return of Emotet

emotet

The notorious Emotet malware is staging a comeback of sorts, months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. While the malware maintainers remain unknown, this campaign suspiciously coincides with the Russian invasion of Ukraine.

22-09-2022 Cyber Journal

SolarWinds

SolarWinds
Government
Microsoft

Austin, Texas-based SolarWinds sells software that lets an organization see what's happening on its computer networks. Hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds customers installed the tainted update onto their systems

22-09-2022 Cyber Journal

Hafnium

Hafnium
Microsoft Exchange Server Zerodays

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

22-09-2022 Cyber Journal

Cyber Risk to the Oil and Gas Industry

gas
oil
pipeline

There has been significant interest within the offshore oil and gas industry to utilise Industrial Internet of Things (IIoT) and Industrial Cyber-Physical Systems (ICPS). There has also been a corresponding increase in cyberattacks targeted at oil and gas companies.

22-09-2022 Cyber Journal

Operation AppleJeus: North Korea’s Cryptocurrency Malware

cryptocurrency
Lazarus
North Korea

After releasing Operation AppleJeus, the Lazarus group continued to use a similar modus operandi in order to compromise cryptocurrency businesses.

22-09-2022 Cyber Journal

The New Target: Immigrations

TA4563
Evilnum
immigrant

Financial and investment entities, including those involved in the decentralized finance (DeFi) and cryptocurrency markets, are being actively targeted by a group of hackers identified as TA4563, who are leveraging Evilnum malware.

22-09-2022 Cyber Journal

Energy War

BlackEnergy
ELECTRUM

BlackEnergy is a malware toolkit that has been used by both criminal and APT actors. It dates back to at least 2007 and was originally designed to create botnets for use in conducting Distributed Denial of Service (DDoS) attacks, but its use has evolved to support various plug-ins

22-09-2022 Cyber Journal

Red Children of Censorship

apt37
kimsuky

North Korean state-sponsored cyber espionage groups. Focuses on targeting the public and private sectors primarily in South Korea. In 2017, APT37 group expanded its targeting beyond the Korean peninsula to include Japan, Vietnam and the Middle East, and to a wider range of industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities. APT37 has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.

22-09-2022 Cyber Journal

The Pegasus Project

Pegasus
NSO

The Pegasus Project is a collaborative investigation into NSO Group, an Israeli “cyber intelligence” company that sells sophisticated spyware to governments around the world.

22-09-2022 Cyber Journal