Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew

Haythem Elmir

Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads […]

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Haythem Elmir

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leaders in the field […]

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

Haythem Elmir

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh […]

GALLMAKER : UNE CAMPAGNE DE CYBERESPIONNAGE NOUVELLEMENT DÉCOUVERTE

Haythem Elmir

Une nouvelle attaque de cyberespionnage cible des institutions gouvernementales et militaires comme les ambassades de l’Europe de l’Est ou encore les institutions de défense militaires du Moyen-Orient. Baptisée Gallmaker, cette campagne d’attaques exploite des vulnérabilités au sein du protocole DDE et utilise des outils de piratage publiquement disponibles. Le protocole […]