2022, Blog, Military and Security - Information Management Today

Anonymous targets the Russian Military and State Television and Radio propaganda

Security Affairs

APRIL 5, 2022

Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children.

Military

Military Cybersecurity Security Government

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

2022 will go down as the year where some semblance of normality returned. Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. These were truly precedented times.

Security

Security Data breaches Ransomware Military

Catches of the Month: Phishing Scams for March 2022

IT Governance

MARCH 8, 2022

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. As the Russian invasion continues, many cyber security experts have advised that conflicts could play out in cyberspace. Get started.

Phishing

Phishing Military Access Education

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals. reads the post published by Proofpoint.

IT

IT Military Phishing Passwords

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! billion rubles.

Security

Security Computer and Electronics Ransomware Marketing

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

Energy and Utilities

Energy and Utilities Military Government Phishing

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

.” The Snatch ransomware was first spotted at the end of 2019, Sophos researchers discovered a piece of the Snatch ransomware that reboots computers it infects into Safe Mode to bypass resident security solutions. In October 2022, the Snatch ransomware group claimed to have hacked the French company HENSOLDT France.

Ransomware

Ransomware Computer and Electronics Agriculture Military

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. electronics manufacturers and distributors between approximately October 2012 and January 2022.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. ” reads the report published by Symantec.

Military

Military File names Archiving Phishing

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

IT Governance

MARCH 1, 2022

The cyber security industry, much like the rest of the world, is on edge. In the final days of February, there were a flurry of security incidents related, either directly or indirectly, to the Ukraine conflict. Meanwhile, you can find the full list of cyber attacks and data breaches for February 2022 below.

Data breaches

Data breaches Ransomware Government Blockchain

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

RedFoxtrot has been active since at least 2014 and focused on gathering military intelligence from neighboring countries, it is suspected to work under the PLA China-linked Unit 69010. The threat actor systematically utilized software distributed by security vendors to sideload ShadowPad and PlugX variants.” Pierluigi Paganini.

Security

Security Military Insurance Cybersecurity

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The group targeted government and military organizations in Ukraine. To nominate, please visit:?

Military

Military Phishing File names Archiving

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

IT Governance

NOVEMBER 1, 2022

Welcome to our October 2022 review of data breaches and cyber attacks. We identified 102 security incidents throughout the month, which is the second largest figure so far this year – trailing only August (112). As always, you can find the full list of data breaches and cyber attacks below, divided into their respective categories.

Data breaches

Data breaches Ransomware Insurance Phishing

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Phishing

Phishing Military Ransomware Education

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS ) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022.

Energy and Utilities

Energy and Utilities Military Education Phishing

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. “The German investigators were also able to secure the content of the Russian’s email accounts, who are said to have used Apple user accounts, among other things. ” continues the post.

Military

Military Access Cybersecurity Security

The strange link between Industrial Spy and the Cuba ransomware operation

Security Affairs

MAY 28, 2022

Very strange… pic.twitter.com/on0v3IryKB — MalwareHunterTeam (@malwrhunterteam) April 15, 2022. We public schemes, drawings, technologies, political and military secrets, accounting reports and clients databases. link] — MalwareHunterTeam (@malwrhunterteam) May 24, 2022. in their IT infrastructure.

Ransomware

Ransomware Military Security Cybersecurity

Russia-linked threat actors launched hundreds of cyberattacks on Ukraine

Security Affairs

APRIL 27, 2022

The experts pointed out that starting just before the invasion threat actors linked to the military intelligence service GRU launched destructive wiper attacks on hundreds of systems in Ukraine. The post Russia-linked threat actors launched hundreds of cyberattacks on Ukraine appeared first on Security Affairs. Pierluigi Paganini.

Military

Military Government Cybersecurity Security

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Systems administration

Systems administration Military Phishing Government

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

Threat actors could perform reverse engineering of military-made malicious code and use their own versions in attacks in the wild. “The same applies for the digital weapons that, maybe today are used by the military, developed by military, and tomorrow will be available for criminals,” he explained. .

Military

Military Government Communications Security

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

. “ Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. ” wrote Google TAG Security Engineer Billy Leonard. To nominate, please visit:? Pierluigi Paganini.

Manufacturing

Manufacturing Phishing Passwords Military

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 10, 2022

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict.

Military

Military Phishing Cybersecurity Government

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

MAY 4, 2022

Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. The post Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites appeared first on Security Affairs.

Honeypots

Honeypots Military Mining Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

PingPull, was first spotted by Unit 42 in June 2022, the researchers defined the RAT as a “difficult-to-detect” backdoor that leverages the Internet Control Message Protocol (ICMP) for C2 communications. However, the attackers chose a domain name that gives the impression of a connection to the South African military. softether[.]net

Communications

Communications Military Government Libraries

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e. In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e.

Risk

Risk Military Marketing Data Privacy

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Since February the notorious cybercrime operation Trickbot is controlled by Conti ransomware, the ransomware gang that publicly announced its support to Russia after the invasion of Ukraine by Russian cyber militaries. The alert published by the Ukraine CERT-UA includes Indicators of Compromise (IoCs) for this campaign and recommendations.

Phishing

Phishing Military Ransomware Encryption

Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN)

Security Affairs

MAY 8, 2022

The agency is responsible for national, military and police intelligence, as well as counterintelligence. Clearly, an attack against an intelligence agency could lead to the disclosure of secret and confidential documents and pose a risk to national security. The ransomware gang claimed to have stolen 9.41 GB of data.

Ransomware

Ransomware Military Cybersecurity Risk

Experts spotted Industrial Spy, a new stolen data marketplace

Security Affairs

APRIL 18, 2022

Very strange… pic.twitter.com/on0v3IryKB — MalwareHunterTeam (@malwrhunterteam) April 15, 2022. We public schemes, drawings, technologies, political and military secrets, accounting reports and clients databases. The post Experts spotted Industrial Spy, a new stolen data marketplace appeared first on Security Affairs.

Military

Military Sales Ransomware Cybersecurity

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs

APRIL 10, 2022

F**k the Russian Military. pic.twitter.com/BZDMPb0JxN — NB65 (@xxNB65) April 3, 2022. The post NB65 group targets Russia with a modified version of Conti’s ransomware appeared first on Security Affairs. And what kind of chincy ass soviet connection are you guys using? You know how long it took us to exfil?!?

Ransomware

Ransomware Encryption Military Cybersecurity

A zero-click vulnerability in Windows allows stealing NTLM credentials

Security Affairs

MAY 11, 2023

Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324 , that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform. We are in the final!

Military

Military Cybersecurity Security Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Access Cybersecurity Education

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. Below are the slides presented by the Kaspersky researcher Noushin Shabab at the BlackHat Asia 2022: Download Slides. To nominate, please visit:? Pierluigi Paganini.

Encryption

Encryption Military Phishing Communications

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

Cloud

Cloud Education Government Phishing

White hat hackers showed how to take over a European Space Agency satellite

Security Affairs

APRIL 30, 2023

Cyber security of satellite systems is becoming crucial due to the growing number of commercial and military applications that rely on them. .” Thales pointed out that throughout the entire exercise, ESA had access to the satellite’s systems to retain control. ” said Pierre-Yves Jolivet, VP Cyber Solutions, Thales.

Cybersecurity

Cybersecurity Military Access Education

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Microsoft disrupted APT28 attacks on Ukraine through a court order appeared first on Security Affairs.

Military

Military Government Phishing Security

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane. The attack chain observed by the researchers starts with spear-phishing messages using weaponized Word document disguised as a news report related to military affairs in Iran.

IT

IT Military Communications Phishing

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere.

Phishing

Phishing Passwords Military Education

Conti ransomware is shutting down operations, what will happen now?

Security Affairs

MAY 20, 2022

VK_Intel pic.twitter.com/gMSXhlHVSb — Yelisey Boguslavskiy (@y_advintel) May 19, 2022. The agency is responsible for national, military and police intelligence, as well as counterintelligence. The FBI estimates that as of January 2022, the gang obtained $150,000,000 in ransom payments from over 1,000 victims. GB of data.

Ransomware

Ransomware Government Military IT

New ToddyCat APT targets high-profile entities in Europe and Asia

Security Affairs

JUNE 21, 2022

The affected organizations, both governmental and military, show that this group is focused on very high-profile targets and is probably used to achieve critical goals, likely related to geopolitical interests. ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. .”

Military

Military Cybersecurity Security IT

Pro-Russian hacktivists target Italy government websites

Security Affairs

MAY 14, 2022

The Italian police is investigating the attack, while the National Computer Security Incident Response Team (CSIRT) confirmed that the websites were hit with DDoS attacks. Our Legion conducts military cyber exercises in your countries in order to improve their skills. To nominate, please visit:? Pierluigi Paganini.

Government

Government Military Cybersecurity Data breaches

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The sanctioned entities conducted operations to steal funds to support the military strategy of the regime. In December 2022, South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 ” reads the announcement. trillion won ($1.2

Government

Government Military Financial Services IT

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

The latest samples of this spyware were detected by the researchers in April 2022, four months after a series of nation-wide protests against government policies that were violently suppressed. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Military

Military Manufacturing Government Security

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

“The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. ” reads the press release published by DoJ.

Military

Military Government Cybersecurity Ransomware

Anonymous targets the Russian Military and State Television and Radio propaganda

2022 Cyber Security Review of the Year

Trending Sources

Catches of the Month: Phishing Scams for March 2022

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

China-linked Moshen Dragon abuses security software to sideload malware

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

Google TAG warns of Russia-linked APT groups targeting Ukraine

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Russian APT28 hacker accused of the NATO think tank hack in Germany

The strange link between Industrial Spy and the Cuba ransomware operation

Russia-linked threat actors launched hundreds of cyberattacks on Ukraine

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Nation-state malware could become a commodity on dark web soon, Interpol warns

China-linked APT Curious Gorge targeted Russian govt agencies

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN)

Experts spotted Industrial Spy, a new stolen data marketplace

NB65 group targets Russia with a modified version of Conti’s ransomware

A zero-click vulnerability in Windows allows stealing NTLM credentials

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

SideWinder carried out over 1,000 attacks since April 2020

Stark Industries Solutions: An Iron Hammer in the Cloud

White hat hackers showed how to take over a European Space Agency satellite

Microsoft disrupted APT28 attacks on Ukraine through a court order

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Conti ransomware is shutting down operations, what will happen now?

New ToddyCat APT targets high-profile entities in Europe and Asia

Pro-Russian hacktivists target Italy government websites

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

US dismantled the Russia-linked Cyclops Blink botnet

Stay Connected