cyber espionage | Breaking Cybersecurity News | The Hacker News

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the

The news is sensational, according the French magazine L'Express the offices of France's former president Sarkozy were victim of a cyber attack, but what is even more remarkable is that for the offensive was used the famous malware Flame. On the origin of the malware still persist a mystery, many security experts attribute it to joint work of Israel and US development team. Let's remind that according the analysis on Flame source code conducted by Kaspersky the malware is linked to Stuxnet, a version of the famous virus shared a module with the spy toolkit. Frame is considered one of the most complex spy tool produced by a state sponsored project and its use in the attacks against French government suggests the existence of a cyber espionage campaign to collect sensible information. An official declaration coming from spokesmen of the Elysee Palace and reported by the magazine states: "Hackers have not only managed to get to the heart of French political power,&

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Multiple malware attacks against both Israeli and Palestinian systems, likely to be coming from the same source, have been seen over the last year. Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. Israel has banned its police force from connecting to the Internet and from using memory sticks or disks in an effort to curb a cyberattack. The ban, enacted last week, is meant to prevent a malware program called Benny Gantz-55 named after Benny Gantz, Israel's Chief of General Staff from infecting the police's computer network  Trend Micro has obtained samples of malware implicated in a recent incident, The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at)gmail.com and bore the subject IDF strikes militants in Gaza Strip following

I have recently found an interesting post of Niranjan Jayanand, a researcher of McAfee and members of Facebook team and customer escalation team. The experts announced that his team has recently detected a Trojan that is able to steal every king of image files form a Windows PC, including a memory dump of the victim machine (.dmp files), and upload them to an FTP server. The activities observed are much suspected, they portend that there is an ongoing attack for cyber espionage or a massive information theft operation by  cyber crime  . This could be just a first stages of the attacks in which information are collected for further and complex initiatives. The stolen image files could be used for blackmailing the victims and demanding a ransom , it's nor first time, let's reminds what happened some months ago when nude pictures of celebrities were stolen. This is not the unique use that I could suppose, images could be also used for other purposes, they could be related to reserved

In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was also using  CVE-2010-0842, CVE-20

According to a White House-ordered review , a giant Chinese technology company " Huawei " is not a state-sponsored espionage tool. Huawei Technologies, the world's second-largest supplier of telecommunications equipment. The largely classified investigation, which delved into the security risks posed by suppliers to US telecommunications network operators, found Huawei was risky for other reasons, such as having products that are vulnerable to hackers. The committee, which conducted an 11-month investigation into privately held Huawei and ZTE, found the two companies uncooperative in providing information about their respective ties with Beijing. Some questions remain unanswered. For example, it is unclear if security vulnerabilities found in Huawei equipment were placed there deliberately. It is also not clear whether any critical new intelligence emerged after the inquiry ended. " The White House has not conducted any classified inquiry that res

Kaspersky has discovered new malware dubbed ' miniFlame ', cyber espionage software directly linked to Flame. This new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a "high-precision, surgical attack tool" targeting victims in Lebanon, Iran and elsewhere. miniFlame, also known as SPE, was found by Kaspersky Lab's experts in July 2012, and was originally identified as a Flame module. But originally MiniFlame seems to be used to gain control of and obtain increased spying capability over select computers originally infected by the Flame and Gauss spyware. According to Kaspersky, versions of miniFlame were created in 2010 and 2011, and some of the six variants are still considered active. It is expected that development of the malicious program could have started as far back as 2007. " MiniFlame is a high precision attack tool ," said Alexander Gostev, Chief Security Expert, Kaspers