In the last two weeks’ worth of infosec articles, we saw a lot of writing about APT activities and even a phishing attack method that uses Morse code to disguise malicious URLs. The Lookout article about the Confucious APT’s Android Spyware includes an in-depth analysis as well as a list of IoCs. To find out more, continue reading the blog post below.
For more articles, check out our #onpatrol4malware blog.
Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
Source: lookout
The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird. We believe with high confidence that these surveillance tools are used by (APT) Confucius Read more.
Lampion trojan disseminated in Portugal using COVID-19 template
Source: SecurityAffairs
In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. Read more.
New phishing attack uses Morse code to hide malicious URLs
Source: Bleeping Computer
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. AÂ novel obfuscation technique. Read more.
The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
Source: Research Checkpoint
Cyber weapons are digital and volatile by nature. Stealing them and transferring from one continent to another, can be as simple as sending an email. They are also very obscure, and their existence is a closely guarded secret. Read more.
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Source: CISA
These cyber actors have targeted organizations for cryptocurrency theft in over 30 countries during the past year alone. It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea. Read more.
IronNetInjector: Turla’s New Malware Loading Tool
Source: Palo Alto Networks
In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use – including threat actors. This not only saves the bad guys development time. Read more.
Highly Active ‘Gamaredon’ Group Provides Services to Other APTs
Source: Security Week
New evidence suggests that the Russia-linked threat actor Gamaredon is a hack-for-hire group that offers its services to other advanced persistent threat (APT) actors, similar to crimeware gangs. Read more.
Lazarus targets defense industry with ThreatNeedle
Source: Secure List
We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. Read more.
LazyScripter: From Empire to double RAT
Source: Malware Bytes
In late December 2020 we observed a few malicious documents with embedded objects that were designed to target job seekers. The embedded objects were either VBScript or batch files. Read more.
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Source: The Hacker News
Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. Read more.