#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Advanced Persistant Threat | Breaking Cybersecurity News | The Hacker News

Category — Advanced Persistant Threat
AngelFire: CIA Malware Infects System Boot Sector to Hack Windows PCs

AngelFire: CIA Malware Infects System Boot Sector to Hack Windows PCs

Aug 31, 2017
A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access. As part of its Vault 7 leaks , WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire , to target computers running Windows operating system. AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector. AngelFire framework consists five following components: 1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up. 2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications 3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system. 4. BadMFS — a covert file
Terminator RAT became more sophisticated in recent APT attacks

Terminator RAT became more sophisticated in recent APT attacks

Oct 27, 2013
Advanced Persistent Threat (APT) is a term referring to targeted attacks on enterprises and other organizations and recently referred to what appeared to be nation-state intelligence agencies using cyber assaults for both conventional espionage and industrial espionage. Advanced threats have targeted control systems in the past and these attacks use commercially available and custom-made advanced malware to steal information or perpetrate fraud. Terminator RAT has been used against Tibetan and Uyghur activists before and while tracking attack against entities in Taiwan, the Cyber Security company FireEye Labs recently analyzed some new samples of ' Terminator RAT ' (Remote Access Tool) that was sent via spear-phishing emails to targets in Taiwan. A word document as an attachment was sent to victims, exploited a vulnerability in Microsoft Office ( CVE-2012-0158 ), which subsequently drops a malware installer named " DW20.exe ". Sometimes the simplest techniques
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Sep 09, 2024SaaS Security / Risk Management
Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion. SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up. Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations. SaaS is a Moving Target SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeovers
Malware stole 3000 confidential Documents from Japan ministry

Malware stole 3000 confidential Documents from Japan ministry

Jan 04, 2013
Japan ministry become the recent victim of a cyber attack through a malware that suspected to have compromised and sent overseas more than 3,000 confidential documents from the ministry, including many on global trade negotiations. After investigation, experts found that Hackers use "HTran" the Advanced Persistant Threat (APT) exploit kit for attack. Computers at country's Ministry of Agriculture, Forestry and Fishery suspected to be infected from this. HTran is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by "lion", a well-known Chinese hacker and member of "HUC", the Honker Union of China. A lot of the documents were about the negotiations over the US-led Trans-Pacific Partnership multilateral trade pact. According to a report from SecureWorks, Dell's security division, in 2011 that the malware is believed to have b
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Expert Insights / Articles Videos
Cybersecurity Resources