APT28 / Fancy Bear still targeting military institutions

APT28 / Fancy Bear still targeting military institutions

APT28, aka Fancy Bear, the famous hacker group believed to be state-sponsored from Russia, seems to be targeting NATO partners / defense / military institutions / affairs in these hours. Spear-phishing emails with attached a malicious document referring to a "nato simulation" event (the name of the doc is "NATO Simulation.doc"), seem to be used to try to compromise some institutional entities (likely from north /  east europe). The hunting group involved in the analysis of this event is … [Read more]

APT29 threat group seems to be back targeting US public / gov /defense sector

APT29, the well known hacking group, seems to be back with slightly different tactical and technical procedures to conduct its last cyber operation. In the late evening of 15  / 11, some malicious documents likely to be referred to the group in question have been submitted to a major online malware analysis platform (Virus Total - @DrunkBinary credits for the first discovery). The analyzed decoy document retrieved by me is clearly referring to a DoS (Department of State) PDF form that is shown … [Read more]

Update: Hands in the MuddyWater – Playing with Iranian Cyber-Espionage Campaign

This is an update of previous post "Hands in the MuddyWater - Playing with Iranian Cyber-Espionage Campaign". Because someone asked me to show DNS hits statistics for all the compromized domain names serving this cyber-espionage campaign, following there are the missing two:Three days data 26-29 /10         Note that "hits" can be referred to, in this case, to normal web browsing also (legitimate … [Read more]

Hands in the MuddyWater – Playing with Iranian Cyber-Espionage Campaign

MuddyWater is likely a state sponsored hacking group targeting Saudi Arabia, Iraq, Israel, United Arab Emirates, Georgia, India, Pakistan, Turkey and the United States. It is linked by the security community to  the iranian Government, and its operations are heavily evolving over  the last months.The following is an informal report about one recent malware related to the "MuddyWater" APT campaign.Recap IoC:dn: … [Read more]