Category: apt

Is APT27 Abusing COVID-19 To Attack People ?!

  

Scenario We are living hard time, many countries all around the world are hit by COVID-19 which happened to be a very dangerous disease. Unfortunately many deaths, thousands of infected people, few breathing equipment, stock burned Billion of dollars and a lot of companies are entering into a economic and financial crisis. Governments are doing […]

Read more "Is APT27 Abusing COVID-19 To Attack People ?!"

Iranian Threat Actors: Preliminary Analysis

  

Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a quick and short study based on cross correlation between MITRE ATT&CK and Malpedia about some of the main […]

Read more "Iranian Threat Actors: Preliminary Analysis"

TA-505 Cybercrime on System Integrator Companies

  

Introduction During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama company to hide its real registrant and this condition rang a warning bell on the suspected email so that it required a manual analysis in order to investigate […]

Read more "TA-505 Cybercrime on System Integrator Companies"

Is Lazarus/APT38 Targeting Critical Infrastructures ?

   

Introduction During the past few days a cyber attack hit Kudankulam Nuclear Power Plant: the largest nuclear power plant located in the Indian state of Tamil Nadu. The news was announced on Monday October 28 by the Indian strategic infrastructure. In a press release on arstechnica, NPCIL Associate Director A. K. Nema stated, “Identification of […]

Read more "Is Lazarus/APT38 Targeting Critical Infrastructures ?"