Liviu Arsene, Author at Security Boulevard

APT Mercenary Groups Pose Real Threat to Companies But Detecting Tactics and Techniques is Within Reach

| | APT, EDR
Bitdefender identified a new attack attributed to a sophisticated actor offering advanced-persistent-threats-as-a-service The targeted company is engaged in architectural projects with billion-dollar luxury real-estate developers in New York, London, Australia and Oman The Bitdefender technology stacks detect the used payloads as well as the malicious behavior ... Read More
APT Hackers for Hire Used for Industrial Espionage

APT Hackers for Hire Used for Industrial Espionage

Bitdefender recently investigated an APT-style cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and South Korean-based C&C infrastructure. The targeted company is known to have been collaborating in billion-dollar real estate projects in New York, London, Australia, and Oman. The sophistication of ... Read More
StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure

StrongPity APT – Revealing Trojanized Tools, Working Hours and Infrastructure

Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria. Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections ... Read More
SSH-Targeting Golang Bots Becoming the New Norm

SSH-Targeting Golang Bots Becoming the New Norm

Bitdefender researchers have recently found an increasing number of SSH-targeting bots written in Golang. Traditionally, popular malware is written in C, C++ and Perl, and it’s rare that we see attackers creating new malware or bots from scratch, especially using a different programming language. Customizing existing code and botnets is ... Read More

Half of Security Professionals Had No Contingency Plan in Place for COVID-19

|
Security has been a huge concern for both businesses and individuals as many employees continue to work from home, with many woefully under prepared for the impact that COVID-19 has had. In fact, new research by Bitdefender found half of infosec professionals (50%) didn’t have a contingency plan in place ... Read More
Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA

Russian ’Sandworm‘ Hackers Attacking Exim Email Servers, Says NSA

An advanced Russian government cyber-espionage unit has been exploiting a known Exim email server vulnerability since August 2019, according to an NSA security alert. The NSA said the Russian hackers are part of the GRU Main Center for Special Technologies (GTsST), field post number 74455, and it believes the group ... Read More
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

Bitdefender researchers have found attacks conducted by the Chafer APT threat group – known to have an apparent Iranian link – in the Middle East region, dating back to 2018. The campaigns were based on several tools, including “living off the land” tools, which makes attribution difficult, as well as ... Read More
Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic

Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic

With healthcare systems under constant strain amid the SARS-CoV-2 global pandemic, hospitals and healthcare facilities around the world have also been hit by a wave of cyberattacks, including ransomware attacks. While officials have already issued warnings that hospitals, governments and universities may be more conscious about losing data and access ... Read More
Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate

Android Campaign from Known OceanLotus APT Group Potentially Older than Estimated, Abused Legitimate Certificate

A group of sophisticated threat actors known as OceanLotus or PhantomLance has recently become known for disseminating advanced Android threats via official and third-party marketplaces since 2014. They have sought to remotely control infected devices, steal confidential data, install applications and launch arbitrary code. While security researchers have recently documented ... Read More
Coronavirus-themed Threat Reports Haven’t Flattened The Curve

Coronavirus-themed Threat Reports Haven’t Flattened The Curve

With the Coronavirus pandemic still going strong, cybercriminals have continued leveraging this crisis by pushing threats designed to compromise victims’ data and security. If during mid-March we’d already seen a five-fold increase in Coronavirus-related threats, recent telemetry shows that cybercriminals have not backed down on their campaigns. If anything, the ... Read More