Злоумышленники перенимают опыт коллег: что общего между SilverFox и APT41. Разбор атаки

Привет, Хабр! На связи Евгения Устинова, старший аналитик сетевой безопасности группы компаний «Гарда» . В статье хочу рассказать, как нам удалось связать инструментарий двух группировок через особенности реализации сетевых протоколов. Отследить эволюцию инструментов группировки SilverFox – например, ПО Winos – по отпечатку процедуры сетевой коммуникации оказалось довольно сложной задачей, поэтому я решила поделиться кейсом. Подключайтесь к расследованию

https://habr.com/ru/companies/garda/articles/962222/

#разбор_атаки #Winos #Silverfox #вредоносы #фишинг #ValleyRAT #apt41 #winnti

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html

#Infosec #Security #Cybersecurity #CeptBiro #Winnti #APT41 #JapaneseFirms #RevivalStone #CyberEspionageCampaign

Trend Micro reported on the attack chain of a cyberespionage group Earth Freybug, which they claim is a subset of the Chinese state-sponsored APT41 (Winnti Group). No information about the targets or timeline, but they describe a new UNAPIMON malware used for defense evasion ( prevent child processes from being monitored). One SHA256 provided, which isn't recognized in VirusTotal. 🔗 https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

#China #cyberespionage #EarthFreybug #APT41 #Winnti #UNAPIMON #threatintel #IOC

Recorded Future publishes a 24 page report on i-SOON and their connections to offensive cyberespionage operations attributed to RedHotel, RedAlpha and POISON CARP. The links indicate that they are likely sub-teams focused on specific missions within the same company. i-SOON's victims span 22 countries, with government, telco and education being the most targeted sectors. i-SOON also supports domestic including the targeting of ethnic and religious minorities and the online gambling industry. i-SOON very likely uses and sells access to custom malware families like Winnti and ShadowPad. IOC provided. 🔗 https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups

#ISOON #cyberespionage #China #APT #threatintel #IOC #redhotel #redalpha #poisoncarp #winnti #shadowpad

i-SOON: another company in the APT 41 network. Is Sichuan i-SOON an APT? Could Sichuan i-SOON stand behind Redhotel/Earth Lusca operations?

https://nattothoughts.substack.com/p/i-soon-another-company-in-the-apt41
#APT #apt41 #RedHotel #China #Earth Lusca #Winnti #chengdu404 #i-SOON