APT39 has prioritized the telecommunications sector, with additional targeting of the travel industry and IT firms that support it and the high-tech industry. Overview: The group's focus on the telecommunications and travel industries suggests intent to perform monitoring, tracking, or surveillance operations against specific individuals, collect proprietary or customer data for commercial or operational purposes that serve strategic requirements related to national priorities, or create additional accesses and vectors to facilitate future campaigns.
Government entities targeting suggests a potential secondary intent to collect geopolitical data that may benefit nation-state decision making. In some cases previously compromised email accounts have also been leveraged, likely to abuse inherent trusts and increase the chances of a successful attack.
APT39 frequently registers and leverages domains that masquerade as legitimate web services and organizations that are relevant to the intended target. We have not observed APT39 exploit vulnerabilities.
Overview: Our analysis of the North Korean regime-backed threat group we are calling APT38 reveals that they are responsible for conducting the largest observed cyber heists. Associated malware: This large and prolific group uses a variety of custom malware families, including backdoors, tunnelers, dataminers, and destructive malware to steal millions of dollars from financial institutions and render victim networks inoperable.
Attack vectors: APT38 has conducted operations in over 16 organizations in at least 11 countries. This group is careful, calculated, and has demonstrated a desire to maintain access to victim environments for as long as necessary to understand the network layout, required permissions, and system technologies to achieve its goals.
APT38 is unique in that they are not afraid to aggressively destroy evidence or victim networks as part of their operations. Target sectors: Primarily South Korea — though also Japan, Vietnam and the Middle East — in various industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive, and healthcare.
We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests. Associated malware: A diverse suite of malware for initial intrusion and exfiltration. Along with custom malware used for espionage purposes, APT37 also has access to destructive malware. Attack vectors: Social engineering tactics tailored specifically to desired targets, strategic web compromises typical of targeted cyber espionage operations, and the use of torrent file-sharing sites to distribute malware more indiscriminately.
The group has demonstrated access to zero-day vulnerabilities CVE , and the ability to incorporate them into operations. Target sectors: This threat group has conducted broad targeting across a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East.
Overview: We believe APT34 is involved in a long-term cyber espionage operation largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least We assess that APT34 works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. Overview: APT33 has targeted organizations, spanning multiple industries, headquartered in the U.
APT33 has shown particular interest in organizations in the aviation sector involved in both military and commercial capacities, as well as organizations in the energy sector with ties to petrochemical production. Attack vectors: APT33 sent spear-phishing emails to employees whose jobs related to the aviation industry. These emails included recruitment themed lures and contained links to malicious HTML application.
Overview: Recent activity targeting private interests in Vietnam suggests that APT32 poses a threat to companies doing business, manufacturing or preparing to invest in the country. While the specific motivation for this activity remains opaque, it could ultimately erode the competitive advantage of targeted organizations. Attack vectors: APT32 actors leverage ActiveMime files that employ social engineering methods to entice the victim into enabling macros.
Upon execution, the initialized file typically downloads multiple malicious payloads from a remote server. APT32 actors delivers the malicious attachments via spear phishing emails. Evidence has shown that some may have been sent via Gmail. Overview: APT30 is noted not only for sustained activity over a long period of time but also for successfully modifying and adapting source code to maintain the same tools, tactics and infrastructure since at least Evidence shows that the group prioritizes targets, most likely works in shifts in a collaborative environment and builds malware from a coherent development plan.
The group has had the capability to infect air-gapped networks since Attack vectors: APT30 uses a suite of tools that includes downloaders, backdoors, a central controller and several components designed to infect removable drives and cross air-gapped networks to steal data. Target sectors: Western European governments, foreign policy groups and other similar organizations.
Advanced Persistent Threat Activity Exploiting Managed Service Providers | CISA
By using legitimate popular web services, the group can also take advantage of encrypted SSL connections, making detection even more difficult. APT29 is one of the most evolved and capable threat groups. It deploys new backdoors to fix its own bugs and add features. It monitors network defender activity to maintain control over systems. APT29 uses only compromised servers for CnC communication.
It counters attempts to remediate attacks. Dive in and see!
Conducting Network Penetration and Espionage in a Global Environment by Bruce Middleton
As the Star Wars franchise continues to grow, change, and churn out money-making film after film now under the control of Disney, we can bet that the desire to own Star Wars collectibles will also continue to grow. Check out our gallery of goodies from a galaxy far, far away What makes Biblio different? Facebook Instagram Twitter. Sign In Register Help Cart. Cart items. Toggle navigation. Malware Analysis - Tools and resources for analysts. Python Programming by svaksha - General Python programming.
Python Programming by vinta - General Python programming. Python tools for penetration testers - Lots of pentesting tools are written in Python. Ruby Programming by Sdogruyol - The de-facto language for writing exploits. Ruby Programming by dreikanter - The de-facto language for writing exploits.
Ruby Programming by markets - The de-facto language for writing exploits. SecLists - Collection of multiple types of lists used during security assessments. Security Talks - Curated list of security conferences. Security - Software, libraries, documents, and other resources. Serverless Security - Curated list of awesome serverless security resources such as e books, articles, whitepapers, blogs and research papers. Shell Scripting - Command line frameworks, toolkits, guides and gizmos.
Penetration Testing Report Templates Public Pentesting Reports - Curated list of public penetration test reports released by several consulting firms and academic security groups. Operating System Distributions Android Tamer - Distribution built for Android security professionals that includes tools required for Android security testing.
BackBox - Ubuntu-based distribution for penetration tests and security assessments. Parrot - Distribution similar to Kali, with support for multiple hardware architectures. PentestBox - Open source pre-configured portable penetration testing environment for the Windows Operating System. Periodicals The Hacker Quarterly - American publication about technology and computer "underground" culture. Phrack Magazine - By far the longest running hacker zine. Physical Access Tools AT Commands - Use AT commands over an Android device's USB port to rewrite device firmware, bypass security mechanisms, exfiltrate sensitive information, perform screen unlocks, and inject touch events.
Packet Squirrel - Ethernet multi-tool designed to enable covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Poisontap - Siphons cookies, exposes internal LAN-side router and installs web backdoor on locked computers. WiFi Pineapple - Wireless auditing and penetration testing platform. Reverse Engineering Tools See also awesome-reversing.
Capstone - Lightweight multi-platform, multi-architecture disassembly framework. Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Ghidra - Suite of free software reverse engineering tools developed by NSA's Research Directorate originally exposed in WikiLeaks's "Vault 7" publication and now maintained as open source software.
About the author
Immunity Debugger - Powerful way to write exploits and analyze malware. Medusa - Open source, cross-platform interactive disassembler. OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis. Radare2 - Open source, crossplatform reverse engineering framework. Voltron - Extensible debugger UI toolkit written in Python. NET assemblies. Generates indented pseudo-code with colored syntax code.
Cybrary - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Environments'.
- Collecting Miniature Books;
- Britain since 1945?
Open Security Training - Training material for computer security classes. Side-channel Tools ChipWhisperer - Complete open-source toolchain for side-channel power analysis and glitching attacks. Social Engineering Tools Beelogger - Tool for generating keylooger. Catphish - Tool for phishing and corporate espionage written in Ruby. Evilginx2 - Standalone man-in-the-middle attack framework.
Evilginx - MITM attack framework used for phishing credentials and session cookies from any Web service. FiercePhish - Full-fledged phishing framework to manage all phishing engagements. Gophish - Open-source phishing framework. King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. Modlishka - Flexible and powerful reverse proxy with real-time two-factor authentication.
ReelPhish - Real-time two-factor phishing tool. ShellPhish - Social media site cloner and phishing tool built atop SocialFish. Social Engineer Toolkit SET - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly. SocialFish - Social media phishing framework that can run on an Android phone or in a Docker container. Static Analyzers Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
FindBugs - Free software static analyzer to look for bugs in Java code. Progpilot - Static security analysis tool for PHP code. Vulnerability Databases Bugtraq BID - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc. CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security. Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources. Inj3ct0r - Exploit marketplace and vulnerability information aggregator.
Onion service. Microsoft Security Advisories - Archive of security advisories impacting Microsoft software. Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. SecuriTeam - Independent source of software vulnerability information.
Join Kobo & start eReading today
Vulnerability Lab - Open forum for security advisories organized by category of exploit target. Vulners - Security database of software vulnerabilities. Vulmon - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database. Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. Web Exploitation BlindElephant - Web application fingerprinter.
Burp Suite - Integrated platform for performing security testing of web applications. Commix - Automated all-in-one operating system command injection and exploitation tool.
EyeWitness - Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible. Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools. FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. GitTools - Automatically find and download Web-accessible.