The team @Crowdstrike Intelligence are attributing #whispergate wiper activityto Ember Bear (aka UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear). The group does not present known links with previously tracked adversaries #APT
Blog
https://t.co/bFrRW6XZbA
In light of recent events between the US & Iran the concern for #cyberwarfare retaliation is high.
@RecordedFuture posted a great overview of the current state, players in this space, their tools and suggested mitigations for your vigilance. #APT
https://t.co/vgHojxvPBN
The @ESET team uncover previously unknown #backdoor#Okrum (which attempts to evade detection using #steganography) used by suspected #Ke3chang#APT to target diplomatic missions in Slovakia, Belgium, Chile, Guatemala, and Brazil
https://t.co/r9bZZBfALp
Recent research from @RecordedFuture shows #APT group #APT33 (#Elfin) continues to conduct and prepare for widespread #cyberespionage activity, with over 1,200 domains used since March 2019
Blog: https://t.co/Jdu6o3uWVW
I suspect more Elfin is coming ... and right on time!
With #FIN7 news last month and #FIN8 news this month, there's a bit of discussion around who's really responsible
https://t.co/bw6T4QkmqQ
The groups have some similar TTPs, even IOC overlap, however, there are still some differences in their tradecraft #APT
With #MuddyWater (aka #Seedworm) #APT group activity popping up over the last week, @TrendMicroRSRCH release blog and whitepaper highlighting several campaigns from first half of 2019
Blog: https://t.co/kkRT1HKK5g
WP: https://t.co/kURxLtZ29n
Attribution lesson regarding #Ryuk#ransomware from 'North Korea' to 'Eastern Europe' shows that basing it on code similarities alone isn't high fidelity.
A caution when it comes to #attribution - whatever you decide, you will always be right ... until you find out you're not.
The #Sofacy (#FancyBear#APT28#Sednit) #APT group continue to evolve their custom malware to evade detection by employing multiple languages. Updated #Zebrocy code written in Go programming included in recent "Dear Joohn" campaign.
https://t.co/ad66k4x986
The financially motivated #APT group within the North Korean regime has finally been given it's own official identity after being active for around 4 years: #APT38
@FireEye Blog:
https://t.co/pQB5keRdd5
Suspected Chinese espionage #APT group #TEMP.Periscope (aka #Leviathan) targeting engineering and maritime entities with a focus on South China Sea issues.
@FireEye Blog: https://t.co/JpYfCdGVSu
Newest report from @FireEye uncovers their latest #APT group #APT37 (formerly TEMP.Reaper) (aka #LabyrinthChollima)
Blog https://t.co/3jKdDHJsUw
Report https://t.co/r2bPEjJnj3
#Lazarus#APT (#SilentChollima#Unit121) resurfaces (not that they ever disappear) targeting Global Banks and Bitcoin users with "HaoBao" campaign
@McAfee Labs https://t.co/Fx1bVYI8mS