apt Archives - JM Computers

Zebrocy: A Russian APT Specializing in Victim Profiling, Access

analysis, apt, BlackEnergy, Critical Infrastructure, custom malware, go loader, Government, Malware, Sofacy, support group, victim access, zebrocyBy Jeremy McClure June 4, 2019

The Russian-speaking APT acts as a support group for high-profile APTs like Sofacy and BlackEnergy. Zebrocy: A Russian APT Specializing in Victim Profiling, Access

Some ASUS Updates Drop Backdoors on PCs in ‘Operation ShadowHammer’

apt, apt 17, asus pc updates, backdoor, barium, CCleaner, China, espionage, Malware, operation shadowhammer, ShadowPadBy Jeremy McClure March 25, 2019

The attack appears to be associated with a China-backed APT actor. Some ASUS Updates Drop Backdoors on PCs in ‘Operation ShadowHammer’

NotPetya Linked to Industroyer Attack on Ukraine Energy Grid

apt, BlackEnergy, Critical Infrastructure, ESET, Government, Hacks, Industroyer, Malware, NotPetya, one threat actor, power grid, sandworm, TeleBots, ukraineBy Jeremy McClure October 15, 2018

Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. NotPetya Linked to Industroyer Attack on Ukraine Energy Grid

Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

apt, backdoor, Government, innovation, Malware, Snake, Turla, uroborosBy Jeremy McClure October 4, 2018

Russian-speaking Turla has also racked up more victims in its latest APT campaign. Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

OilRig APT Continues Its Ongoing Malware Evolution

apt, bondupdater, campaign, DevOps, Irán, Malware, Malware analysis, Middle East, OilRig, variantBy Jeremy McClure September 13, 2018

The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. OilRig APT Continues Its Ongoing Malware Evolution

Someone Failed to Contain WannaCry

apt, attribution, Government, Lazarus Group, Malware, North Korea, NSA, Ransomware, Reconnaissance General Bureau, WannaCry, Washington PostBy Jeremy McClure June 16, 2017

As reports of the NSA officially connecting WannaCry to North Korea surface, experts are saying developers failed to contain the ransomware before it was ready for deployment. Someone Failed to Contain WannaCry

Platinum APT First to Abuse Intel Chip Management Feature

advanced attacks, advanced persistent threat, apt, Code Injection, evade detection, file-transfer tool, Hacks, Intel, Intel Active Management Technology, Intel AMT, Malware, Microsoft, Platinum APT, security research, Serial-over-LAN channel, SOLBy Jeremy McClure June 9, 2017

Microsoft has found a file-transfer tool used by the Platinum APT that leverages Intel Active Management Technology to stealthily load malware onto networked computers. Platinum APT First to Abuse Intel Chip Management Feature

Stealthy RAT Targeting North Korea Since 2014

apt, Cisco, Cisco Talos, espionage, information stealing malware, keylogger, Malware, Martin Lee, North Korea, RAT, remote code execution, screenshotsBy Jeremy McClure May 4, 2017

Cisco has uncovered a remote administration tool called Konni that it says has been used in attacks against government agencies and public organizations linked to North Korea. Stealthy RAT Targeting North Korea Since 2014

Security Analyst Summit 2017 Day One Recap

advanced persistent threats, apt, aslr, ATM, ATM Hacking, ATMitch, DEP, Hacks, Lazarus, Lazarus APT, Malware, Mark Dowd, memory corruption bugs, Moonlight Maze, Privacy, SAS 2017, Security Analyst Summit, Security Analyst Summit 2017, Thomas Rid, Vulnerabilities, Web SecurityBy Jeremy McClure April 3, 2017

Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT. Security Analyst Summit 2017 Day One Recap

Russian-Speaking Turla Joins APT Elite

Agent.btz, apt, Costin Raiu, cyberespionage, David Hedges, Equation Group, Hacks, Juan Andres Guerrero-Saade, Kaspersky Lab Security Analyst Summit, Linux, LOKI2, Malware, Moonlight Maze, Penguin Turla, russia, Russian APT, SAS 2017, Security Analyst Summit, security research, Solaris, Thomas Rid, Turla, UnixBy Jeremy McClure April 3, 2017

Researchers may have found a link between Moonlight Maze of the late ’90s and the Turla APT, which would elevate Turla to the ranks of the Equation Group as an elite nation-state attacker. Russian-Speaking Turla Joins APT Elite

Category Archives: apt