When it comes to hacking most people use multi-hop VPN's and or hijack the operations of another PC remotely to obfuscate the origin of contact; Its too easy and totally untraceable. Any claims of "this country" or "that country" are bogus claims.
Well said, it makes great news that Russia or NK has hacked someone, but in reality it is impossible to find out, unless it is done by script kiddies, who would be unable to hack anyone. Unfortunately majority of people do not understand, how it works and they are left to trust "experts", who just provide "facts" given by the government, like once they said, that they traced the hack to the Russian IP, rofl. In the meantime, the real cyberwarfare is waged in silence.
APT33 devised a code injection technique dubbed Early Bird to evade detection by anti-malware tools https://securityaffairs.co/wordpress/71309/apt/apt33-early-bird.html
Holy crap, so this is yet another never seen before variation of the infamous "process hollowing" attack. I wonder which security tools could block this, I'm guessing not a whole lot. I know what you mean, how can you make an OS with so many attack vectors, and with no easy way to mitigate them all? And most of these "features" are not even used by legitimate software.
Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign https://securityaffairs.co/wordpress/74123/apt/charming-kitten-clearsky-phishing.html
‘Domestic Kitten’ Mobile Spyware Campaign Aims at Iranian Targets Spreading via fake Android apps, the malware lifts a range of sensitive information from victims’ devices. September 7, 2018 https://threatpost.com/domestic-kitten-mobile-spyware-campaign-aims-at-iranian-targets/137304/
Report: Iranian APT Actors Regroup After Main Security Forum Shuts Down January 16, 2019 https://securityledger.com/2019/01/...regroup-after-main-security-forum-shuts-down/ Recorded Future Blog: The History of Ashiyane: Iran's First Security Forum
Iran-Linked Hackers Use Array of Tools to Steal Data: FireEye January 29, 2019 https://www.securityweek.com/iran-linked-hackers-use-array-tools-steal-data-fireeye FireEye blog entry: APT39: An Iranian Cyber Espionage Group Focused on Personal Information
Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities January 30, 2019 https://securelist.com/chafer-used-remexi-malware/89538/
Cyber War and Iranian Cyber Army March 10, 2019 https://cybershafarat.com/2019/03/1...the-name-of-ashrar-an-article-by-ashrar-team/
Iran continues to be a major cyber threat to the Middle East Iranian hackers are linked to cyber attacks that targeted thousands of people at more than 200 companies globally April 1, 2019 https://www.thenational.ae/business...ajor-cyber-threat-to-the-middle-east-1.843851 CrowdStrike: Key Trends From the CrowdStrike 2019 Global Threat Report 2019 CrowdStrike® Global Threat Report - Adversary Tradecraft and The Importance of Speed
Leak Reveals Activity of Iranian Hacking Group May 13, 2019 https://www.securityweek.com/leak-reveals-activity-iranian-hacking-group ClearSky: "Iranian Nation-State APT Groups 'Black Box' Leak - Overview and Analysis of Exposed Documents" (PDF - 1.54 MB): https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf
DHS CISA warns of Iranian hackers' habit of deploying data-wiping malware https://www.zdnet.com/article/dhs-c...ckers-habit-of-deploying-data-wiping-malware/
A few snippets taken from the article linked in the thread's original post: It's really nothing to get excited or up in arms about. Security threat Articles like that one are well written to scare people, just like a good horror movie.
The Kittens Are Back in Town Charming Kitten – Campaign Against Academic Researchers September 15, 2019 https://www.clearskysec.com/the-kittens-are-back-in-town/ Report: "The Kittens Are Back in Town - Charming Kitten Campaign Against Academic Researchers" (PDF - 1.13 MB): https://www.clearskysec.com/wp-content/uploads/2019/09/The-Kittens-Are-Back-in-Town-Charming-Kitten-2019.pdf
Group said to be behind campaign hack also going after cybersecurity researchers October 8, 2019 https://www.cyberscoop.com/iran-hacking-clearsky-microsoft-charming-kitten/
ClearSky Report: The Kittens Are Back in Town 2 - Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods - October 2019 (PDF - 1.43 MB): https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2.pdf
Iranian hacking group built its own VPN network November 14, 2019 https://www.zdnet.com/article/iranian-hacking-group-built-its-own-vpn-network/ Trend Micro: More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
Charming Kitten Hackers Impersonate Journalist in Phishing Attacks February 5, 2020 https://www.bleepingcomputer.com/ne...s-impersonate-journalist-in-phishing-attacks/
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world February 16, 2020 https://www.zdnet.com/article/irani...lant-backdoors-in-companies-around-the-world/ ClearSky: Fox Kitten – Widespread Iranian Espionage-Offensive Campaign