Daily NCSC-FI news followup 2019-12-31

Ghosts in the Clouds: Inside Chinas Major Corporate Hack

www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc. Tieto Oyj, a major Finnish IT services company; and International Business Machines Corp (IBM). Article behind paywall

Microsoft on ottanut haltuunsa hakkeriryhmän käyttämiä verkkotunnuksia ryhmän arvellaan toimivan Pohjois-Koreasta käsin

yle.fi/uutiset/3-11138983 Tietotekniikkajätti Microsoft on ottanut haltuun kymmenittäin hakkeriryhmän käyttämiä verkkotunnuksia. Thallium-hakkeriryhmä käytti verkkotunnuksia arkaluontoisten tietojen varastamiseen esimerkiksi valtioiden virastojen, ajatushautomoiden, kansalaisoikeusjärjestöjen ja yliopistojen työntekijöiltä.. See also:

blogs.microsoft.com/on-the-issues/2019/12/30/microsoft-court-action-against-nation-state-cybercrime/

BRONZE PRESIDENT Targets NGOs

www.secureworks.com/research/bronze-president-targets-ngos BRONZE PRESIDENT is a likely People’s Republic of China (PRC)-based targeted cyberespionage group that uses both proprietary and publicly available tools to target NGO networks.

You might be interested in …

Daily NCSC-FI news followup 2019-08-30

Phishers are Angling for Your Cloud Providers krebsonsecurity.com/2019/08/phishers-are-angling-for-your-cloud-providers/ Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the clients brand and their customers. Heres a look at a recent CRM-based phishing […]

Read More

Daily NCSC-FI news followup 2020-06-29

PROMETHIUM extends global reach with StrongPity3 APT blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html The PROMETHIUM threat actor active since 2012 has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, […]

Read More

Daily NCSC-FI news followup 2020-12-10

Ransomware forces hosting provider Netgain to take down data centers www.bleepingcomputer.com/news/security/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers/ Netgain offers hosting and cloud IT solutions, including managed IT services and desktop-as-a-service environments, to companies in the healthcare and accounting industry.. According to [a customer], thousands of Netgain servers were affected by the ransomware attack, and that Netgain is working around the clock […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.