<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>advanced persistent threats &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/advanced-persistent-threats/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 09 May 2023 15:24:22 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>PIPEDREAM Malware against Industrial Control Systems</title>
		<link>https://noise.getoto.net/2023/05/09/pipedream-malware-against-industrial-control-systems/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 09 May 2023 15:20:59 +0000</pubDate>
				<category><![CDATA[advanced persistent threats]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[russia]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67330</guid>

					<description><![CDATA[<p>Another <a href="https://angle.ankura.com/post/102icqx/russian-linked-malware-targets-u-s-critical-infrastructure">nation-state malware</a>, Russian in origin:</p>
<blockquote><p>In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial control systems (ICSs).</p>
<p>The malware was built to manipulate the network communication protocols used by programmable logic controllers (PLCs) leveraged by two critical producers of PLCs for ICSs within the critical infrastructure sector, Schneider Electric and OMRON...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Another Malware with Persistence</title>
		<link>https://noise.getoto.net/2023/03/10/another-malware-with-persistence/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 10 Mar 2023 01:33:57 +0000</pubDate>
				<category><![CDATA[advanced persistent threats]]></category>
		<category><![CDATA[backdoors]]></category>
		<category><![CDATA[china]]></category>
		<category><![CDATA[firmware]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67035</guid>

					<description><![CDATA[<p><a href="https://arstechnica.com/information-technology/2023/03/malware-infecting-widely-used-security-appliance-survives-firmware-updates/">Here’s</a> a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates.</p>
<blockquote><p>On Thursday, security firm Mandiant published a <a href="https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall">report</a> that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware.</p>
<p>“The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Attacks on Managed Service Providers Expected to Increase</title>
		<link>https://noise.getoto.net/2022/05/17/attacks-on-managed-service-providers-expected-to-increase/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 17 May 2022 11:10:09 +0000</pubDate>
				<category><![CDATA[advanced persistent threats]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[infrastructure]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65431</guid>

					<description><![CDATA[CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs &#8212; as a vector to their customers &#8212; are likely to increase. No details about what this prediction is based on. Makes sense, though. T...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Hardening Your VPN</title>
		<link>https://noise.getoto.net/2021/09/30/hardening-your-vpn/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 30 Sep 2021 16:51:40 +0000</pubDate>
				<category><![CDATA[advanced persistent threats]]></category>
		<category><![CDATA[NSA]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vpn]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63717</guid>

					<description><![CDATA[The NSA and CISA have released a document on how to harden your VPN.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Symantec Reports on Cicada APT Attacks against Japan</title>
		<link>https://noise.getoto.net/2020/11/20/symantec-reports-on-cicada-apt-attacks-against-japan/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 20 Nov 2020 12:05:06 +0000</pubDate>
				<category><![CDATA[advanced persistent threats]]></category>
		<category><![CDATA[china]]></category>
		<category><![CDATA[japan]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60494</guid>

					<description><![CDATA[<p>Symantec is <a href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage">reporting</a> on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere.</p>
<blockquote><p>Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware &#8212; Backdoor.Hartip &#8212; that Symantec has not seen being used by the group before. Among the machines compromised during this attack campaign were domain controllers and file servers, and there was evidence of files being exfiltrated from some of the compromised machines...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 31/103 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 22:24:13 by W3 Total Cache
-->