Cyber Threat Actors (2016)

Jul 2016

• 2016-07-08 -- Security experts from ProofPoint have spotted a new campaign operated by the APT Group NetTraveler that is targeting Russian and European organizations. NetTraveler is an ATP group first spotted by Kaspersky in 2013, when researchers discovered an espionage activity against over 350 high profile victims from 40 countries. The name of the operation derives from the malicious code used in the attacks, the surveillance malware NetTraveler. According to the report published by Kaspersky, the threat actor is linked to China.The NetTraveler campaign has been running since 2004 targeting Tibetan/Uyghur activists, government institutions, energy companies as well as contractors and embassies.
• 2016-07-08 -- Malaysia-based credit card fraud ring broken, 105 arrested
• 2016-07-08 -- Cisco's Talos research unit says it has found evidence of ties between operators of the Angler exploit kit and a group of Russians that used the Lurk malware to loot banks in the country.
• 2016-07-08 -- Dropping Elephant. Targeting Asia, Chinese Govt and Diplomatic Org, Foreign Embassy and Diplomatic Offices in China, including those of Pakistan, Sri Lanka, Uruguay, Bangladesh, Taiwan, Australia and USA.

• 2016-07-07 -- 

  Hacktivists from Ghost Squad Hacker group made revealed the identities of hackers affiliated with the ISIS cyber army called United Cyber Caliphate.

• 2016-07-07 -- 

   Bitdefender detected and blocked an ongoing cyber-espionage campaign against Romanian institutions and other foreign targets. The attacks started in 2014, with the latest reported occurrences in May of 2016. The APT, dubbed Pacifier by Bitdefender researchers, makes use of malicious .doc documents and .zip files distributed via spear phishing e-mail. Documents used range from curriculum vitae, to invitations to social functions or conferences, to second hand car offers and even, in one case, a letter of instructions from a high-ranking official. Some were marked as “urgent”, “important”, “immediate action required” and so on. Other samples of the same malicious software were detected in Iran, India, Philippines, Russia, Lithuania, Thailand, Vietnam and Hungary. 

• 2016-07-07 -- 

    Cymmetria Research, which discovered the APT and today released a report on the attacks, calls those responsible for the attacks Patchwork because the group has piece-mealed computer code from sources such as open-source repository GitHub, the dark web and hidden criminal forums. Patchwork attackers are believed to be of Indian origin and gathering intelligence from influential parties tied to Southeast Asia and the South China Sea. Threat actors, Cymmetria said, were active during the Indian time zone. 

• 2016-07-06 -- 

    Clear links between Lurk and Angler.

• 2016-07-05 -- 

     Hacker Interviews – Billy Rios

• 2016-07-04 -- 

     Adwind RAT Spotted in Targeted Attacks with Zero AV Detection. According to the firm security company, the campaign was launched during the weekend and only targeted Danish businesses, but experts believe it could soon target other countries.

• 2016-07-01 -- 

     Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe.