Wave Systems Corp. (fka WAVXQ)

[Genz2]

FireEye: New APT goes after individual targets by hitting telecom, travel companies

https://www.cyberscoop.com/apt39-fireeye-telecom-travel-comapnies-middle-east/?utm_campaign=CyberScoop%20-%20Editorial&utm_content=83835372&utm_medium=social&utm_source=twitter&hss_channel=tw-720664083767435264

A newly identified threat group linked to Iran is surveilling specific individuals of interest by stealing data primarily from companies in the telecommunications and travel industries, a report from FireEye published Tuesday.

FireEye is adding the group to its list of advanced persistent threats as APT39. While not outright saying the group is state-sponsored, researchers said that APT39 appears to be be acting in support of Iranian state interests. That assessment is based on the group’s toolset overlap with other Iran-linked groups like APT33, APT34, Newscaster and Chafer.

Still, FireEye says APT39’s apparent objective and its choices of malware variants warrant classifying it as a new group.

“APT39’s focus on the telecommunications and travel industries suggests intent to perform monitoring, tracking, or surveillance operations against specific individuals that serve strategic requirements related to Iran’s strategic national priorities,” Cristiana Kittner, FireEye principal analyst of cyber-espionage analysis, told CyberScoop by email.

It’s not clear who those individuals are, but FireEye says at least some targets are tied to other governments, which “suggests a potential secondary intent to collect geopolitical data that may benefit nation-state decision making,” the report says.

APT39’s activities have a global reach, but the group is more focused the Middle East, FireEye says. The report says the group has been observed targeting entities in Saudi Arabia, Iraq, Egypt Turkey, the United Arab Emirates, Qatar, Norway, South Korea, the United States and Australia — and is suspected to have targets in in Kuwait and Israel.

FireEye suggests that by targeting travel and telecommunications companies, APT39 can look for data pertaining to customers that are persons of interest to Iran.

“Targeting data supports the belief that APT39’s key mission is to track or monitor targets of interest, collect personal information, including travel itineraries, and gather customer data from telecommunications firms,” Kittner said. “APT39’s targeting not only represents a threat to known targeted industries, but it extends to these organizations’ clientele, which includes a wide variety of sectors and individuals on a global scale.”

FireEye says APT39 uses a combination of custom-made and publicly available hacking tools to compromise its targets. It typically starts with a spearphishing campaign, the report says, using malicious files and links to “domains that masquerade as legitimate web services and organizations that are relevant to the intended target.” Successful phishing results in a backdoor infection, after which the group uses common and custom tools to escalate privileges on the compromised computer and conduct reconnaissance.

Kittner said the group has been active as recently the past six months, although there’s been a “regular pace of activity from APT39 since 2014.”

“APT39’s activity showcases Iran’s potential global operational reach and how it uses cyber operations as a low-cost and effective tool to facilitate the collection of key data on perceived national security threats and gain advantages against regional and global rivals,” the report says.
=================================================================
The market could be substantially benefiting by using Wave Endpoint Monitor and Wave VSC 2.0 solutions. WEM for spotting Advanced Persistent Threats (APTs), and Wave VSC 2.0 for making the phishing of login credentials not worthwhile to the hacker due to VSC 2.0 second factor (TPM). Where anti virus software is inadequate, Wave Endpoint Monitor shines! The previous post highlights some of the important parts of WEM and malware protection and there is some great reading on APTs. Under Key Features below APTs are covered and is applicable to the article above.
==================================================================
https://www.wavesys.com/malware-protection

https://www.wavesys.com/products/wave-endpoint-monitor

Key Features:

Easy security compliance
• Comports with NIST guidelines for BIOS integrity

Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows

Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring

No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead

Windows 8 Tablet Compatibility
• Get the same device integrity assurance on Windows 8 Pro & Enterprise tablets that you want for your enterprise PCs - with Wave Mobility Pro - Tablet Edition