APTs/cyberespionage

January 30, 2021

Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide

Some 250 servers were apparently breached by the Lebanese Cedar APT group, an organization with suspected links to the Hezbollah Cyber Unit in Lebanon. The target victims include companies from many countries, including the United States, United Kingdom, Saudi Arabia, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority. Many more companies and organizations have been…

The post Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide appeared first on SC Media.

January 29, 2021

Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives

While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.

The post Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives appeared first on SC Media.

January 23, 2021

Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.

The post Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs appeared first on SC Media.

January 22, 2021

Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years

The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive network access instructions on internet-accessible apps or servers.

The post Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years appeared first on SC Media.

January 11, 2021

Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group

While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.

The post Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group appeared first on SC Media.