Blog News APT -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog







The Muddy Waters of APT Attacks The Iranian APT, MuddyWater, has been active since at least 2017. Most recently though, a new campaign, targeting Belarus, Turkey and Ukraine, has emerged that caught the attention of Check Point researchers.
Ever since at least 2017, the attackers behind MuddyWater have used a simple yet effective infection vector: Spear-phishing.
APT blog Checkpoint
28.3.19 Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. Although heavily focused on the Middle East, Elfin (aka APT33) has also targeted a range of organizations in the U.S. including a number of major corporations. APT blog Symantec


Fake or Fake: Keeping up with OceanLotus decoys

ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar

APT blog


12.3.19 Cuckoo SandBox on AWS From software vulnerabilities to APT groups, there are many areas of cyber research that Check Point Research is involved with. Arguably, one of the most challenging areas of research, though, is malware analysis. APT blog Checkpoint
3.3.19 ICAO victim of a major cyberattack in 2016 The organization was the victim of a water-hole attack, likely attributable to the APT LuckyMouse group APT blog



North Korea Turns Against New Targets?!

Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or another is problematic, the analysis below reveals intrinsic connections to the tactics, techniques and tools used by the North Korean APT group – Lazarus. APT blog



APT39: An Iranian Cyber Espionage Group Focused on Personal Information APT39 is an Iranian cyber espionage group responsible for widespread theft of personal information.APT blog


28.1.19 The Advanced Persistent Threat files: APT10 While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we're going to take a look at a few APT groups, and see how they fit into the larger threat landscape—starting with APT10.APT blog Malwarebytes


OVERRULED: Containing a Potentially Destructive Adversary

FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry.

APT blog



New Strain of Olympic Destroyer Droppers Over the last few weeks, we have noticed new activity from Hades, the APT group behind the infamous Olympic Destroyer attack. Moreover, this new wave of attack shares a lot with those previously attributed to the group but it seems that this time we are witnessing significant changes that may hint at a new evolution from the group. APT blog Checkpoint
9.11.18 FASTCash: How the Lazarus Group is Emptying Millions from ATMs On October 2, 18, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the U.S. government’s code name for Lazarus) has been conducting “FASTCash” attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016. APT blog Symantec
25.10.18 GreyEnergy: Updated arsenal of one of the most dangerous threat actors ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks APT blog


25.10.18 APT38: Details on New North Korean Regime-Backed Threat Group We release details on APT38, a threat group we believe is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide. APT blog FireEye


Interactive Mapping of APT-C-23

Research by: Aseel Kayal Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered in early 2017,...

APT blog



APT10 Targeting Japanese Corporations Using Updated TTPs

In July 18, FireEye devices detected and blocked what appears to be APT10 (Menupass) activity targeting the Japanese media sector.

APT blog