Tag Archive for: MALWARE

Threat Actor targeted attack against Finance and Investment industry (ENG)

In this report, we identify the activities the document type malware used against finance and investment industries for over at least a year and the characteristics of the hacking activities

Threat Actor targeted attack against Finance and Investment industry

본 보고서에서는 최소 1년이 넘는 기간 동안 금융 및 투자 산업 관련 기업들을 대상으로 한 해킹 활동에 사용된 문서형 악성코드와 그 해킹 활동의 특징에 대해 다루고 있다.

Threat Actor group targeting Russian nuclear power plants

이 보고서는 러시아 원자력 발전소를 대상으로 해킹을 시도하는 스피어 피싱 메일에서 사용된 악성코드에 대한 분석 보고서이다. 러시아를 대상으로 활동하는 것으로 판단되는 해킹 그룹은 2018년에도 러시아의 원자력 발전소를 포함한 여러 산업군들 대상으로 한 해킹 활동이 발견된 적이 있다. 본 보고서에서는 이번 해킹 활동 뿐 아니라, 2018년 발견된 해킹 활동을 포함하여 해당 해킹 그룹의 특징과 악성코드 동작 방식에 대해 다룬다.

Threat Actor Groups use COVID-19 pandemic theme

The worldwide epidemic of Corona virus (COVID-19) affects more than 1.2 million people in 212 countries. For the APT group, which mainly uses social engineering techniques as the initial infection, the Corona virus is a good topic to attract the attention of targets.

Threat Actor Targeting Hong Kong Pro-Democracy Figures

At the end of October, a person deeply involved in the pro-democracy side of the Hong Kong protests received a spear phishing email from someone claiming to be a law student at a top foreign university, requesting for feedback on his supposed thesis which includes recommendations on how to end the Hong Kong unrest. The email contained a link to a Google drive ZIP file.

SectorD01: When anime goes cyber

Multiple organizations in Kuwait have been targeted since 2018 by a threat actor we track as SectorD01, whose primary targets appear to be located in the Middle East but also observed by us to target North America, Europe, South Asia and East Asia in other campaigns. In this analysis we will briefly go through some of the tools used by this threat actor in the campaign which are named Sakabota, Diezen, Gon, Hisoka, Netero, and EYE, and explain how these tools are linked to each other and to other activity in the region.

Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore

“Hagga” is the username of a Pastebin account used since December last year by a pervasive known group of threat actors which targets thousands of users around the world both for cyber espionage and cyber crime purposes using malspam. Their activities were first discovered in 2017, and the ThreatRecon Team tracks both this group and the members behind “Hagga” collectively as the SectorH01 group.

SectorJ04 Group’s Increased Activity in 2019

SectorJ04 is a Russian-based cybercrime group that began operating about five years ago and conducted hacking activities for financial profit using malware such as banking trojans and ransomware against national and industrial sectors located across Europe, North America and West Africa.

SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government

From March to July this year, the ThreatRecon team noticed a spear phishing campaign by the SectorE02 group going on against the Government of Pakistan and organizations there related to defense and intelligence. Spear phishing emails are sent to their victims via Excel XLS files, which asks their victims to enable macros which will end up executing the downloader.

The Growth of SectorF01 Group’s Cyber Espionage Activities

Since 2013, there has been a hacking group receiving support from the national level which conducts cyber espionage campaigns against countries in the South China Sea. We refer to this group as SectorF01. From 2017, their activities have increased significantly. They mainly carry out these campaigns against government agencies and diplomatic, military, and research institutions in neighboring countries, and surveillance activities against opposing forces in their own countries.