Threat Actors

BlackTech Cyberespionage Group Linked to Many Campaigns

BlackTech Cyberespionage Group Linked to Many Campaigns

The trail left by a spate of cyberespionage campaigns has led Trend Micro researchers to believe a group dubbed BlackTech is behind the attacks. The group operates against targets in East Asia focusing on Taiwan and occasionally Japan and Hong Kong with the goal of stealing technology, according to a June 22 blog post. BlackTech was linked to the PLEAD information theft campaign, Shrouded...

Five of the World’s Most Dangerous Hacker Groups

Five of the World’s Most Dangerous Hacker Groups

1) Fancy Bear/ Cozy Bear: Rival agencies in the Russian spy services, the two “Bears” were thrust into the spotlight during last year’s U.S. presidential election for their roles in allegedly breaching the Democratic National Committee’s system. Cozy Bear, has hit U.S. think tanks; 2) Lazarus Group: Widely believed to be associated with North Korea. Lazarus got its start by pummeling...

Hello Dear, Nigerian Email Scammers Are Turning into Coders

Hello Dear, Nigerian Email Scammers Are Turning into Coders

Running online scams takes brains and technical know-how, so an organization called Paradigm Initiative is training disadvantaged young cybercriminals to instead build apps and online businesses. In a 10-week course, the students learn a host of entrepreneurial and tech skills, from money management to coding and web design. “If you can hack a website in the name of committing a crime, then you...

Pivoting off the Indicators of Hidden Cobra

Pivoting off the Indicators of Hidden Cobra

On June 13th 2017, US-CERT issued a joint Technical Alert (TA17-164A) entitled Hidden Cobra – North Korea’s DDoS Botnet Infrastructure. The alert, which was the result of analytic efforts between the DHS and FBI, included a list of IP addresses “linked to systems infected with DeltaCharlie”. DeltaCharlie is a malware originally described by a Novetta-led coalition as a DDoS tool in the...

Interpol Suggests There Really are Dark Web Rhino Horn Traffickers

Interpol Suggests There Really are Dark Web Rhino Horn Traffickers

On June 14 2017, Interpol claimed it had found "clear evidence" criminals are using the dark web to sell illicit wildlife products from endangered species. "Conducted between December 2016 and April 2017, the research found 21 advertisements, some dating back to 2015, offering rhino horn products, ivory and tiger parts," according to a press release on Interpol's website. "The good news is that...

Shadow Brokers Exploits: Release and Mitigation With Windows 10 VBS

Shadow Brokers Exploits: Release and Mitigation With Windows 10 VBS

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits such as 1) ETERNALROMANCE SMB exploit 2) ETERNALBLUE SMB exploit. In Windows 10, key security enhancements such as kernel Address Space Layout Randomization (kASLR), kernel Data Execution Prevention (DEP), and virtualization-based security (VBS)...

Why Linguistics Can't Always Identify Nationality of Cyber Attackers

Why Linguistics Can't Always Identify Nationality of Cyber Attackers

Several attempts have been made over the years to use linguistics to identify perpetrators, but when it comes to attribution, there are limitations to using this method. At the very least, it will uncover a whole set of clues for researchers to track down, and at the best, it will support other pieces of evidence uncovered by technical research and forensics methods. Linguistic analysis is...

  • More at CSO
  • |
  • |
Relentless Attackers Attempt Over 100,000 Times Before They Breach a System

Relentless Attackers Attempt Over 100,000 Times Before They Breach a System

New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques. In a recent study, the firm showed that attackers seeking to breach organizations through cross-site scripting attacks made over 100,000 failed attempts for every successful breach. The highlight comes from an investigation into attack patterns against 33 actual web...

What Are Fancy Bears and Why It Matters, Even for SMEs: InfoSec 2017

What Are Fancy Bears and Why It Matters, Even for SMEs: InfoSec 2017

SC spoke to Adam Meyers, VP of intelligence at Crowdstrike at this year's InfoSec Europe 2017 about attribution and why it could be useful even for smaller businesses. "We track all Russian threat actors under 'bear'" said Adam Meyers, a widely recognized expert in the field, as he addressed a crowd at InfoSec 2017. Fancy Bear, along with Cozy Bear, was identified by Crowdstrike as the two...

FIN7 Targeting Restaurants with Fileless Malware

FIN7 Targeting Restaurants with Fileless Malware

FIN7, closely associated with the notorious Carbanak group, is behind a targeted phishing campaign singling out restaurants with fileless malware that is difficult to detect. As of Friday, there was a zero detection rate on VirusTotal for the documents used to deliver the malware. The objective of the FIN7 attackers is to seize system control and install a backdoor to steal financial information...

Top 5 Russian Hacker Groups to Wreak Havoc in Cyberspace

Top 5 Russian Hacker Groups to Wreak Havoc in Cyberspace

Russian hackers have been in the spotlight since the 2016 US presidential election. Here's 5 major Russian hacker groups that have wreaked havoc in cyberspace over the past few years: 1) Fancy Bear: Fancy Bear has been accused of launching attacks against the Democratic National Committee as well as American think tanks; 2) Cozy Bear: They has been linked to the Russian Federal Security Service...

Cyber Spies are Adding to Troublesome World for Intelligence Agencies

Cyber Spies are Adding to Troublesome World for Intelligence Agencies

"We're facing a very difficult world. A world with cyberespionage which nobody really knows how to deal with," said Dame Stella Rimington, former head of MI5. "We're facing a world with very complex communications which make it very difficult for intelligence agencies to keep chase with the changes which are taking place," she added, speaking at the Infosecurity Europe conference in London....

  • More at ZDNet
  • |
  • |
'Script Kiddies Who Barely Understand Hacking': What Happened to Anonymous?

'Script Kiddies Who Barely Understand Hacking': What Happened to Anonymous?

"To my mind Anonymous, by and large, is overpopulated by blowhard script kiddies who barely understand politics let alone hacking," said Rik Ferguson, a cybersecurity expert and close advisor to Europol. Ferguson indicated the group had become a shadow of its former self - a set of hackers which could at one time boast to have played a role in the so-called "Arab Spring". However, he maintained...

FireEye: Russian Group APT28 Targeted Montenegro Government with Cyber Attacks

FireEye: Russian Group APT28 Targeted Montenegro Government with Cyber Attacks

FireEye,, the intelligence-led security company, on 6th june released new information about cyber attacks believed to be by Russian hacking group APT28 on Montenegro at a briefing for journalists. Earlier this year, FireEye recovered malware samples indicating APT28 targeted the Montenegrin government with cyber attacks. Lure documents used in the spearphishing attacks pertain to a North Atlantic...

Japan: 14-year Old Gets Arrested for Creating Ransomware to Test Skills

Japan: 14-year Old Gets Arrested for Creating Ransomware to Test Skills

Japanese police arrested their first suspect related to ransomware--a 14-year-old boy who said he created the malicious software out of curiosity. Kanagawa Prefectural Police arrested the third-grade junior high school student who lives in Osaka Prefecture, Western Japan, on June 5 on suspicion of creating and storing ransomware, a type of computer virus that is typically sent through e-mails as...

Romania is a Haven for Hackers Turned Cyber Sleuths

Romania is a Haven for Hackers Turned Cyber Sleuths

Romania's information and communication technology industry employs 120,000 engineers and generates around 6% of the country's GDP, the fourth highest in the EU, according to the European Commission. Exports of tech services generated almost $3 billion last year, doubling over the past three years. Hackers transitioning to legitimate work is a long-awaited success story after the fall of...

Read about the latest news on the cyber threat actors

This category provides expertly curated cyber security news on the state and non-state cyber criminals. It is important for any cyber security professional or a team to keep a tab on the activities of the threat actors. It is a well-known fact that every threat actor has a unique attack print or a distinct attack modus operandi that helps the security professionals identify them. It always good for any security professional to be aware of what the threat actors are up to. Also, every day new group of hackers with new attack methods are identified by the security organizations across the globe. Therefore, for any security professional who intends to remain abreast of the developments taking place in threat actor landscape, news from this category should never be missed.