-
Chinese Origin
#Threat Group Targets#HongKong Universities with New#Backdoor Variant https://www.ehackingnews.com/2020/02/chinese-origin-threat-group-targets.html …#APT#Winnti#ShadowPad#malware#APT17#WickedPanda#cyberwar#cyberattack -
The Chinese-linked threat group
#Winnti operating under the same cover as#Axiom,#Barium,#Group72,#Blackfly, and#APT41, was observed using a new variant of the#ShadowPad#backdoor, the group’s flagship tool, to target and attack Hong Kong universities.pic.twitter.com/JcqJvwNg6k
-
high likely fake
#winnti sample detected: macro code in this doc is similar to the one reported below used to exec hermes ransomware :) https://app.any.run/tasks/b87d950b-c1c4-41ea-aae6-ed855a54e8a5/ … https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/password-protected-word-document-delivers-hermes-ransomware/ … https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ …pic.twitter.com/7aG4ZbqGex
-
Winnti Group Infected Hong Kong Universities With Malware
#HongKong#winnti https://www.bleepingcomputer.com/news/security/winnti-group-infected-hong-kong-universities-with-malware/ … -
heisec: RT heiseonline: Spionageversuch: Chemiekonzern Lanxess im vergangenen Jahr gehackt https://www.heise.de/newsticker/meldung/Spionageversuch-Chemiekonzern-Lanxess-im-vergangenen-Jahr-gehackt-4650706.html …
#winnti#hackerangriff -
The Winnti Group is targeting Hong Kong universities using ShadowPad and Winnti malware, according to new research
#winnti#hongkong#HK#university#malware#research#infosechttps://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ … -
Sigma rule to detect
#Winnti malware process starts as described in ESET's recent blog post on a campaign against HK universities (derived from sandbox reports - won't share them yet) Sigma Rule https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml … Report https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ …pic.twitter.com/NOF1Flx5i0
-
#Winnti targets Hong Kong Universities to find the protest source. https://www.technadu.com/the-winnti-group-chinese-hackers-targeted-hong-kong-universities/91297/ … -
#APTGroup,#Winnti#WinntiAPTGroup,#Backdoor,#ShadowPad,#China,#Espionage,#Hacking,#Malware,#CyberCrime,#CyberAttack,#CyberSecurity Winnti APT Group targeted Hong Kong Universities . https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 … https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ …pic.twitter.com/QfJIIJK7eh
-
#Winnti Group has compromised computer systems at two Hong Kong universities during the Hong Kong protests that started in March 2019. https://securityaffairs.co/wordpress/97111/apt/winnti-apt-hong-kong-universities.html …#HongKong#ShadowPad -
2020-01-31:
#Winnti#APT Targets#HongKong Universities
#ShadowPad|XOR Decoder|#Yara rule apt_win32_winnti_xordec { strings: $decoder_xor = { 8B C3 C1 E3 10 C1 E8 10 03 D8 6B DB 77 83 C3 13 } condition: $decoder_xor } Ref
https://twitter.com/ESETresearch/status/1223191846970634240 …pic.twitter.com/KmdkYmureE
-
ESET has released their report on new variants of
#Shadowpad/#Winnti, used against two universities in Hongkong. https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ …Prikaži ovu nit -
#Winnti Group targeting universities in Hong Kong https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ … -
#Breaking:@ESET researchers uncover a new campaign by the#WinntiGroup, known for attacks against various high-profile targets. This time, the WinntiGroup took aim at Hong Kong universities.#Winnti#ShadowPad#malware#infosec#cybersecurity https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ … -
#ESETresearch uncovered a new campaign of the#Winnti Group targeting#HongKong universities with ShadowPad and Winnti.@mathieutartare https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ … 1/3pic.twitter.com/d57V1rhBR1
Prikaži ovu nit -
“IBM used a 23-tonne state-of-the-art truck to teach me about cybersecurity” https://buff.ly/2UlcdQy
#Cybercrime#Security#CyberSecurity#Skills#InfoSec#Tech#SIEM https://buff.ly/2MslFSf - Cross Europe - https://buff.ly/2J62jh9#IBM#databreaches#WinnTi#Hacker#bepreparedpic.twitter.com/ScTJPJqkMe
-
#Cybersecurity: Dive Into A Cyber-Attack Disaster Simulation With IBM’s X-Force Command https://buff.ly/36JuSeH#FIC2020#cyberattack#truck#ransomware#Cyber#Security - Cross Europe - https://buff.ly/2J62jh9#IBM#databreaches#WinnTi#Infosec#Hacker#bepreparedpic.twitter.com/vBQG5PS8UW
-
2020-01-30:
Possible #Winnti#APT 64-Bit DLL User J#Loader|
Main (dynamic_api_load -> v alloc/memcpy)
Original DLL Loader Name “stone64.dll”
Reference Winnti Espionage Involvement in 
Lanxess / Rheinchemie Hack
h/t @cyb3rops Link & Sample https://twitter.com/cyb3rops/status/1223148923973447680 …pic.twitter.com/iKZWJgPLN9
-
In January, a sample popped up on VT, had a lot of infosec-researchers scratch their heads. A
#Winnti sample, compiled in 2015, with the campaign ID "Rheinchemie." (part of Lanxess). This variant of Winnti was very well understood by then. (2/6)Prikaži ovu nit -
New: Another huge german company in the chemical industry was hacked by
#Winnti: Lanxess. A spokesperson confirmed that the company became aware of the intrusion in the "second half of 2019". Short thread: (1/6) https://www.tagesschau.de/investigativ/ndr/hackerangriff-chemieunternehmen-101.html …Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.