2019-2020年度APT黑客组织被揭露过的网络攻击

APT高级持续性威胁是一种发动复杂攻击手段达到窃取敏感信息而且不被发现的攻击形式,APT黑客组织攻击的目标包括政府,国防,金融服务,法律服务,工业,电信,消费品等等行业的单位与企业。

采用目标侦擦,渗透测试,绕过安全机制和窃取信息等不同阶段实施APT攻击。经验丰富的网络犯罪分子们花费大量时间对一个特定目标进行持久化渗透测试,获得访问权限。也有一定能力可以开发定制版恶意程序绕过杀毒软件查杀与网络入侵检测。

2019年的APT攻击

一月

1 Jan/16 Latest Target Attack of DarkHydruns Group Against Middle East
2 Jan/17 Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
3 Jan/18 DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
4 Jan/24 GandCrab and Ursnif Campaign
5 Jan/30 Targeted Campaign delivers Orcus Remote Access Trojan
6 Jan/30 Double Life of SectorA05 Nesting in Agora
7 Jan/30 Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

二月

1 Feb/01 Tracking OceanLotus’ new Downloader, KerrDown
2 Feb/05 Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain
3 Feb/06 APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign
4 Feb/14 Suspected Molerats’ New Attack in the Middle East
5 Feb/18 APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations
6 Feb/20 IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA
7 Feb/25 Defeating Compiler Level Obfuscations Used in APT10 Malware
8 Feb/26 The Arsenal Behind the Australian Parliament Hack
9 Feb/27 A Peek into BRONZE UNION’s Toolbox

三月

1 Mar/04 APT40: Examining a China-Nexus Espionage Actor
2 Mar/06 Whitefly: Espionage Group has Singapore in Its Sights
3 Mar/06 Targeted attack using Taidoor Analysis report
4 Mar/06 Operation Pistacchietto
5 Mar/07 New SLUB Backdoor Uses GitHub, Communicates via Slack
6 Mar/08 Supply Chain – The Major Target of Cyberespionage Groups
7 Mar/11 Gaming industry still in the scope of attackers in Asia
8 Mar/12 Operation Comando: How to Run a Cheap and Effective Credit Card Business
9 Mar/13 Operation Sheep: Pilfer-Analytics SDK in Action
10 Mar/13 ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
11 Mar/13 GlitchPOS: New PoS malware for sale
12 Mar/13 LUCKY ELEPHANT CAMPAIGN MASQUERADING
13 Mar/22 Operation ShadowHammer
14 Mar/25 Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
15 Mar/27 Threat Actor Group using UAC Bypass Module to run BAT File
16 Mar/28 Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria
17 Mar/28 Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

四月

1 Apr/02 OceanLotus Steganography
2 Apr/10 Gaza Cybergang Group1, operation SneakyPastes
3 Apr/10 Project TajMahal – a sophisticated new APT framework
4 Apr/10 The Muddy Waters of APT Attacks
5 Apr/17 DNS Hijacking Abuses Trust In Core Internet Service
6 Apr/17 Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
7 Apr/19 “Funky malware format” found in Ocean Lotus sample
8 Apr/22 FINTEAM: Trojanized TeamViewer Against Government Targets
9 Apr/23 Operation ShadowHammer: a high-profile supply chain attack
10 Apr/24 [legit remote admin tools turn into threat actors’ tools](https://e.cyberint.com/hubfs/Report Legit Remote Access Tools Turn Into Threat Actors Tools/CyberInt_Legit Remote Access Tools Turn Into Threat Actors' Tools_Report.pdf)
11 Apr/30 SectorB06 using Mongolian language in lure document

五月

1 May/03 Who’s who in the Zoo Cyberespionage operation targets Android users in the Middle East
2 May/07 Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
3 May/07 Turla LightNeuron: An email too far
4 May/07 ATMitch: New Evidence Spotted In The Wild
5 May/08 OceanLotus’ Attacks to Indochinese Peninsula: Evolution of Targets, Techniques and Procedure
6 May/08 FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
7 May/09 Iranian Nation-State APT Groups – “Black Box” Leak
8 May/11 Chinese Actor APT target Ministry of Justice Vietnamese
9 May/13 ScarCruft continues to evolve, introduces Bluetooth harvester
10 May/15 Winnti: More than just Windows and Gates
11 May/18 Operation_BlackLion
12 May/19 HiddenWasp Malware Stings Targeted Linux Systems
13 May/22 A journey to Zebrocy land
14 May/24 UNCOVERING NEW ACTIVITY BY APT10
15 May/27 APT-C-38
16 May/28 Emissary Panda Attacks Middle East Government Sharepoint Servers
17 May/29 TA505 is Expanding its Operations
18 May/29 A dive into Turla PowerShell usage
19 May/30 10 years of virtual dynamite: A high-level retrospective of ATM malware

六月

1 June/03 Zebrocy’s Multilanguage Malware Salad
2 June/04 An APT Blueprint: Gaining New Visibility into Financial Threats
3 June/05 Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise
4 June/10 MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
5 June/11 The Discovery of Fishwrap: A New Social Media Information Operation Methodology
6 June/12 [Threat Group Cards: A Threat Actor Encyclopedia](https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat Group Cards.pdf?dl)
7 June/20 New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam
8 June/21 Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
9 June/25 OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
10 June/25 Analysis of MuddyC3, a New Weapon Used by MuddyWater
11 June/26 Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations

七月

1 Jul/01 Threat Spotlight: Ratsnif – New Network Vermin from OceanLotus
2 Jul/03 Operation Tripoli
3 Jul/04 Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018
4 Jul/04 Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
5 Jul/09 Twas the night before
6 Jul/11 Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
7 Jul/15 Buhtrap group uses zero‑day in latest espionage campaigns
8 Jul/16 SWEED: Exposing years of Agent Tesla campaigns
9 Jul/17 SLUB Gets Rid of GitHub, Intensifies Slack Use
10 Jul/18 EvilGnome: Rare Malware Spying on Linux Desktop Users
11 Jul/18 OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY
12 Jul/18 Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
13 Jul/20 Hard Pass: Declining APT34’s Invite to Join Their Professional Network
14 Jul/24 Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
15 Jul/24 Attacking the Heart of the German Industry

八月

1 Aug/01 Analysis of the Attack of Mobile Devices by OceanLotus
2 Aug/05 Sharpening the Machete
3 Aug/05 Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
4 Aug/07 APT41: A Dual Espionage and Cyber Crime Operation
5 Aug/08 Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations
6 Aug/12 Recent Cloud Atlas activity
7 Aug/14 In the Balkans, businesses are under fire from a double‑barreled weapon
8 Aug/20 [Malware analysis about unknown Chinese APT campaign](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/China/APT/Unknown/20-08-19/Malware analysis 20-08-19.md)
9 Aug/21 Silence 2.0
10 Aug/21 The Gamaredon Group: A TTP Profile Analysis
11 Aug/26 APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
12 Aug/27 TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
13 Aug/27 China Chopper still active 9 years later
14 Aug/27 LYCEUM Takes Center Stage in Middle East Campaign
15 Aug/27 [Malware analysis about sample of APT Patchwork](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md)
16 Aug/29 SectorJ04 Group’s Increased Activity in 2019
17 Aug/29 More_eggs, Anyone? Threat Actor ITG08 Strikes Again
18 Aug/29 [Tick Tock – Activities of the Tick Cyber Espionage Group in East Asia Over the Last 10 Years](https://gsec.hitb.org/materials/sg2019/D1 COMMSEC - Tick Group - Activities Of The Tick Cyber Espionage Group In East Asia Over The Last 10 Years - Cha Minseok.pdf)
19 Aug/30 ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information
20 Aug/31 [Malware analysis on Bitter APT campaign](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/offshore APT organization/Bitter/27-08-19/Malware analysis 31-08-19.md)

九月

1 Sep/04 Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2 Sep/05 UPSynergy: Chinese-American Spy vs. Spy Story
3 Sep/06 BITTER APT: Not So Sweet
4 Sep/09 Thrip: Ambitious Attacks Against High Level Targets Continue
5 Sep/11 RANCOR APT: Suspected targeted attacks against South East Asia
6 Sep/15 The Kittens Are Back in Town Charming Kitten Campaign Against Academic Researchers
7 Sep/18 Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
8 Sep/24 Mapping the connections inside Russia’s APT Ecosystem
9 Sep/24 How Tortoiseshell created a fake veteran hiring website to host malware
10 Sep/24 DeadlyKiss APT
11 Sep/26 Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor
12 Sep/30 HELO Winnti: Attack or Scan?

十月

1 Oct/01 New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
2 Oct/01 New Adwind Campaign targets US Petroleum Industry
3 Oct/03 PKPLUG: Chinese Cyber Espionage Group Attacking Asia
4 Oct/04 GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR
5 Oct/07 China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations
6 Oct/07 The Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
7 Oct/07 Supply chain attacks: threats targeting service providers and design offices
8 Oct/10 Attor, a spy platform with curious GSM fingerprinting
9 Oct/10 CONNECTING THE DOTS Exposing the arsenal and methods of the Winnti Group
10 Oct/10 Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques
11 Oct/14 HUGE FAN OF YOUR WORK: TURBINE PANDA
12 Oct/14 From tweet to rootkit
13 Oct/15 LOWKEY: Hunting for the Missing Volume Serial ID
14 Oct/17 Operation Ghost: The Dukes aren’t back – they never left
15 Oct/21 Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
16 Oct/31 MESSAGETAP: Who’s Reading Your Text Messages?

十一月

1 Nov/01 Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
2 Nov/04 Higaisa APT
3 Nov/05 THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ?
4 Nov/08 Titanium: the Platinum group strikes again
5 Nov/13 More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
6 Nov/20 Mac Backdoor Linked to Lazarus Targets Korean Users
7 Nov/20 Golden Eagle (APT-C-34)
8 Nov/25 Studying Donot Team
9 Nov/26 Insights from one year of tracking a polymorphic threat: Dexphot
10 Nov/28 RevengeHotels: cybercrime targeting hotel front desks worldwide
11 Nov/29 Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

十二月

1 Dec/03 Threat Actor Targeting Hong Kong Pro-Democracy Figures
2 Dec/04 Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
3 Dec/04 New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East
4 Dec/11 Waterbear is Back, Uses API Hooking to Evade Security Product Detection
5 Dec/12 Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs
6 Dec/12 GALLIUM: Targeting global telecom
7 Dec/12 Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry

2020攻击列表

一月

1 Jan/01 [WeiXin] Pakistan Sidewinder APT Attack
2 Jan/06 First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT
3 Jan/07 [Destructive Attack: DUSTMAN](https://github.com/blackorbird/APT_REPORT/blob/master/International Strategic/Iran/Saudi-Arabia-CNA-report.pdf)
4 Jan/07 Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access
5 Jan/08 Operation AppleJeus Sequel
6 Jan/09 The State of Threats to Electric Entities in North America
7 Jan/13 APT27 ZxShell RootKit module updates
8 Jan/13 Reviving MuddyC3 Used by MuddyWater (IRAN) APT
9 Jan/16 JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
10 Jan/31 Winnti Group targeting universities in Hong Kong

二月

1 Feb/03 Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
2 Feb/10 Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems

列出的是2019-2020年的APT攻击,之后还会根据报告的新攻击不断更新列表。

引用

https://cybersecuritynews.com/apt-attack/

posted @ 2020-03-31 22:53  17bdw  阅读(2142)  评论(0编辑  收藏  举报