Their findings demonstrate how Group 4 is likely conducting server-side skimming in addition to client-side activity. Security researchers have discovered a link between Magecart Group 4 and Cobalt Group, a well-known, financially motivated group in operation since 2015. Findings indicate Group 4 is not only conducting client-side skimming but was, and likely still is, doing
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed ‘vendor email compromise.’ A new West African cybercriminal group is targeting vendors with a technique called “vendor email compromise,” which it has used to successfully compromise more than 700 employee email accounts at more than 500 companies in at least
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report. Cobalt Dickens, a threat group that the US has accused of working on behalf of the Iranian government, has launched a large global phishing campaign aimed at students, faculty, and staff at dozens of universities. The
APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own. Chinese threat actor APT3 quietly monitored the US National Security Agency’s use of a highly sophisticated cyber attack tool and then reverse engineered the code to build an advanced Trojan of its own called Bemstour.
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East. Newly discovered threat group Lyceum has been spotted attacking critical infrastructure firms in the oil and gas, and possibly telecommunications, industries with the goal of gaining and expanding access inside target networks, Secureworks’ Counter Threat Unit researchers report.
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IP says. The Russian-language-speaking Silence APT group appears to be evolving into a major threat to banks and financial institutions everywhere, but especially so in Asia, Europe, Russia, and the former Soviet Union states. Singapore-based security firm Group-IB, which
Microsoft spotted Strontium, also known as APT28 or Fancy Bear, using IoT devices to breach businesses and seek high-value data. Microsoft reports Russian state-sponsored attack group Strontium, also known as APT28 and Fancy Bear, is using popular Internet of Things devices to breach enterprise networks and elevate privileges. Back in April, researchers with the Microsoft
Data from an intrusion last year suggests Iron Liberty group may have a new trick up its sleeve, Secureworks says. Iron Liberty, a Russia-based cyber espionage group known for targeting energy, nuclear, and defense organizations worldwide, may have developed a dangerous new technique called a “man-on-the side” attack. Secureworks warned about the new threat in
Author: SecureWorks Counter Threat Unit™ Threat Intelligence Date: 16 June 2016 Summary The Hillary Clinton email leak was the center of the latest scandal in the news caused by Threat Group-4127 (TG-4127). SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-4127, which targets governments, military, and international non-governmental organizations (NGOs). Components of TG-4127 operations have been
Summary SecureWorks® Counter Threat Unit™ (CTU) researchers analyzed the evolution of GOLD EVERGREEN (also known as Business Club), an Eastern European threat group known for large-scale, financially motivated electronic crime. Over time, the threat actors have demonstrated a high level of organization, a wide range of criminal activity, and the ability to steal significant amounts