Tag Archive for: Advanced

The Evolution of Network-based Advanced Malware Analysis in South Korea

/in


Tracing the Progress: The Evolution of Network-based Advanced Malware Analysis in South Korea

South Korea, a global leader in technology and innovation, has been at the forefront of the evolution of network-based advanced malware analysis. This journey, marked by significant milestones and breakthroughs, has been driven by the country’s commitment to cybersecurity and its strategic approach to combating cyber threats.

In the early 2000s, South Korea began to recognize the growing threat of cyber-attacks and the need for robust cybersecurity measures. The country’s initial response was to develop basic antivirus software and firewalls. However, as cyber threats became more sophisticated, it became clear that these traditional security measures were insufficient. This realization led to the development of more advanced malware analysis techniques.

The mid-2000s saw the introduction of network-based advanced malware analysis in South Korea. This approach involved the use of advanced algorithms and machine learning techniques to detect and analyze malware in network traffic. This was a significant step forward, as it allowed for real-time detection and analysis of malware, greatly enhancing the country’s ability to respond to cyber threats.

In the following years, South Korea continued to refine and improve its network-based advanced malware analysis capabilities. The country invested heavily in research and development, leading to the creation of more sophisticated algorithms and machine learning models. These advancements allowed for even more accurate and efficient detection and analysis of malware.

In addition to technological advancements, South Korea also made significant strides in terms of policy and regulation. The country implemented stringent cybersecurity laws and regulations, which mandated the use of advanced malware analysis techniques in certain sectors. This not only helped to further drive the development and adoption of these techniques but also ensured that they were used effectively and responsibly.

The past decade has seen South Korea emerge as a global leader in network-based advanced malware analysis. The country’s advanced malware analysis techniques…

Source…

Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms

/in


The Stealth Soldier campaign marks the possible reappearance of a threat actor known as “The Eye on the Nile” since its last operation in 2019.

Check Point Research has recently uncovered a series of highly-targeted espionage attacks in Libya, shedding light on a previously undisclosed backdoor called Stealth Soldier. This sophisticated malware operates as a custom modular backdoor with surveillance functionalities, including file exfiltration, screen and microphone recording, keystroke logging, and stealing browser information.

The campaign, which appears to be targeting Libyan organizations, marks the possible re-appearance of a threat actor known as “The Eye on the Nile” since its last operation in 2019.

Advanced Espionage Malware "Stealth Soldier" Hits Libyan Firms

Stealth Soldier, an implant used in limited and targeted attacks, has shown active maintenance with the latest version, Version 9, compiled in February 2023. Check Point Research’s investigation began with the discovery of multiple files submitted to VirusTotal between November 2022 and January 2023 from Libya.

These files, named in Arabic, such as “هام وعاجل.exe” (Important and Urgent.exe) and “برقية 401.exe” (Telegram 401.exe), turned out to be downloaders for different versions of the Stealth Soldier malware.

The execution flow of Stealth Soldier starts with the downloader, which triggers the infection chain. Although the delivery mechanism of the downloader remains unknown, social engineering is suspected.

The malware’s infection process involves downloading multiple files from the Command and Control (C&C) server, including the loader, watchdog, and payload. These components work together to establish persistence and execute the surveillance functionalities.

First, the loader downloads an internal module called PowerPlus to enable PowerShell commands and create persistence. Then, the watchdog periodically checks for updated versions of the loader and runs it accordingly. Finally, the payload collects data, receives commands from the C&C server, and executes various modules based on the attacker’s instructions.

The victim’s information collected by the Stealth Soldier’s payload includes the…

Source…

Further expansion advanced by Counter Ransomware Initiative

/in


Colombia, Costa Rica, and Jordan have since become part of the Counter Ransomware Initiative, which White House Deputy National Security Adviser Anne Neuberger has noted during the Ransomware Task Force event to offer collaborative opportunities in countering ransomware attacks, according to The Record, a news site by cybersecurity firm Recorded Future.

Since the initial Counter Ransomware Initiative summit, various countries have already begun co-leading activity pillars aimed at better addressing the threat of ransomware attacks, with Australia touted by Australian Embassy Ministry Counsellor of Home Affairs Patrick Hallinan to have spearheaded the International Counter Ransomware Task Force that disrupted the Hive ransomware operation with the assistance of Interpol in January.

Several collaboration pillars are also being worked upon by other countries, with India and Lithuania partnering on ransomware resilience plan development, the United Arab Emirates and Israel collaborating on information sharing, and the U.K. and Singapore teaming up on addressing illicit cryptocurrency use for ransomware, said Neuberger.

Source…

China accuses CIA of orchestrating cyberattacks using advanced tech

/in


China has accused the U.S.’s Central Intelligence Agency (CIA) of conducting cyberattacks against China and orchestrating “peaceful evolution” and “color revolutions” across the globe using advanced technology. 

The CIA established an “empire of hackers” under U.S. supervision, claimed to a report jointly published by China’s National Computer Virus Emergency Response Centre (CVERC) and cybersecurity company 360 on Thursday.

“These cyberweapons have undergone strict, standardized, and professional software engineering management, which is uniquely followed by the CIA in developing cyberattack weapons,” said the report.

Investigators were allegedly able to capture and extract a sizable number of Trojan programs, functional plug-ins, and attack platform samples that were allegedly linked to the US intelligence agency, per the report. 

Source…