Advanced persistent threats – Page 2 – Computer Security Articles

The Advanced Persistent Threat files: APT10

January 16, 2019 admin Advanced Persistent Threat, Advanced persistent threats, aerospace, APT, APT10, APTs, China, Chinese Ministry of State Security, construction, cybercrime, engineering, FireEye, hacking, MSS, PlugX, Poison Ivy, scanbox, sogu, telecoms, threat actors

Credit to Author: William Tsing| Date: Wed, 16 Jan 2019 17:00:00 +0000

While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we’re going to take a look at a few APT groups, and see how they fit into the larger threat landscape—starting with APT10.

Categories:

Tags: advanced persistent threat advanced persistent threats aerospace APT APT10 APTs china Chinese Ministry of State Security construction engineering FireEye MSS PlugX Poison Ivy scanbox sogu telecoms threat actors

(Read more…)

The post The Advanced Persistent Threat files: APT10 appeared first on Malwarebytes Labs.

Microsoft Security

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

May 4, 2017 admin Advanced persistent threats, alert timelines, Altair Technologies EvLog, Antimalware research for IT pros and enthusiasts, Cyberattack, ESTsoft ALZip, Evil Grade, finance, financials, high technology, Kerberoast, MAPP, Meterpreter, Mimikatz, MSRC, Operation WilySupply, pen-testing tools, Powershell, process trees, research, Rivit, SimDisk, software supply chain, ue.exe, update channel, updater, WDATP, Windows Defender Advanced Threat Protection, Windows Defender ATP

Credit to Author: msft-mmpc| Date: Thu, 04 May 2017 16:29:18 +0000

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised…

Microsoft Security

World Backup Day is as good as any to back up your data

March 28, 2017 admin 3-2-1 rule, Advanced persistent threats, Antimalware research for IT pros and enthusiasts, backup, Cerber, data-wiping malware, Depriz, Locky, Microsoft OneDrive, Microsoft OneDrive for Business, ransomware, ransomware backup and recovery, Windows Defender, Windows Defender Advaned Threat Protection, Windows Defender Antivirus

Credit to Author: msft-mmpc| Date: Tue, 28 Mar 2017 21:04:31 +0000

In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger. That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals to back up data. It must be implemented systematically, not just on World Backup Day,…

Microsoft Security

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

March 27, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Coreinfo, Creators Update, CVE-2017-005, Device Guard, EoP, PALETTE, Product features and announcements, SMEP, virtualization-based security, Windows 10, Windows 10 Creators Update, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits, ZIRCONIUM

Credit to Author: msft-mmpc| Date: Mon, 27 Mar 2017 15:00:01 +0000

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. In this article, we…

Microsoft Security

Uncovering cross-process injection with Windows Defender ATP

March 8, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, APTs, bitcoin, CoinMiner, Creators Update, cross-process injection, Exploits, Fynloski RAT, Gatak, GOLD activity group, in-memory attacks, post-breach detection, public preview, Windows 10, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits

Credit to Author: msft-mmpc| Date: Thu, 09 Mar 2017 06:16:01 +0000

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues to raise…

Microsoft Security

Averting ransomware epidemics in corporate networks with Windows Defender ATP

January 30, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Creators Update, ransomware, Windows 10, Windows Defender, Windows Defender ATP

Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do…

Microsoft Security

Detecting threat actors in recent German industrial attacks with Windows Defender ATP

January 25, 2017 admin Advanced persistent threats, advanced threat protection, BARIUM, LEAD, Uncategorized, Windows 10 Creators Update, Windows Defender ATP, Winnti

When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, giving them persistent access to the conglomerate’s network as early…

Microsoft Security

Hardening Windows 10 with zero-day exploit mitigations

January 23, 2017 admin Advanced persistent threats, cyberattack defense, Exploits, Microsoft Edge, STRONTIUM APT, Uncategorized, Windows 10, Windows Defender ATP, Zero day exploit

Cyberattacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely hard to address these attacks. While delivering innovative solutions like Windows Defender Application Guard, which provides a safe virtualized layer for the Microsoft Edge browser, and Windows Defender Advanced Threat Protection,…