File names and Government - Information Management Today

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Google TAG team notified Ukrainian government organizations that were targeted by Chinese intelligence. government. government. China is working hard here too. Pierluigi Paganini.

Government

Government File names Phishing Security

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions. Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America.

Military

Military File names Education Phishing

Chinese APT FunnyDream targets a South East Asian government

Security Affairs

NOVEMBER 17, 2020

Most of the victims were in Vietnam, the group focuses on foreign government organizations of countries in Southeast Asia. . ” The name of the group comes from a powerful backdoor employed in the attacks of the APT group. . ” reads the report published by BitDefender. ” continues the report.

Government

Government File names Communications Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.” Pierluigi Paganini.

Government

Government File names Passwords Phishing

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military

Military Phishing File names Archiving

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

CMS

CMS File names Passwords Access

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Security Affairs

FEBRUARY 3, 2023

The government experts pointed out that the threat actor continues to evolve its TTPs to avoid detection. The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk”

File names

File names Archiving Phishing Government

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. DiskCryptor is not inherently malicious but has been weaponized.”

Ransomware

Ransomware Encryption File names Passwords

Digitizing Records: Understanding Metadata Requirements

National Archives Records Express

JUNE 12, 2023

Metadata Capture Requirements Agencies must adhere to the following metadata capture requirements: Capturing Metadata at the File or Item Level Agencies must capture the metadata specified in paragraphs (c) through (e) of the regulation at the file or item level as part of the digitization project.

Metadata

Metadata Digital transformation File names Archiving

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” ” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.

Archiving

Archiving CMS File names Phishing

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar”

Archiving

Archiving File names Government Libraries

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The US Government announced sanctions for ransomware negotiation firms that will support victims of the Evil Corp group in the ransom payments.

Ransomware

Ransomware File names Encryption Government

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. with the new PowerExchange backdoor.

Communications

Communications File names Archiving Phishing

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. A novelty observed in the recent attacks is the use of a USB propagation malware.

Military

Military File names Archiving Phishing

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

Security Affairs

MAY 23, 2023

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. The group focuses on government and diplomatic entities in the Middle East and South Asia. “The fake Skype installer was a.NET executable file named skype32.exe

File names

File names Government Communications IT

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. The attacks detailed by Cybereason targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” continues the report.

File names

File names Encryption Manufacturing Libraries

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. New #ransomware #BlackSuit targets Windows, #Linux. Extension: blacksuit.

Ransomware

Ransomware Encryption File names Cybersecurity

DownEx cyberespionage operation targets Central Asia

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

File names

File names Archiving Phishing Government

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

Tips for Folder Structure Design and Cleanup

The Texas Record

JUNE 26, 2023

Consistency Choose file naming conventions and stick with them. For example, unless an abbreviation is known and widely used, avoid using it in folder or file names. A consistent approach with folder structure and file naming means there is less need for individual interpretation. Be consistent.

Cleanup

Cleanup File names ROT Access

Hacker breached Perceptics, a US maker of license plate readers

Security Affairs

MAY 26, 2019

The name ‘Boris’ is not new for the cyber security industry, it is the name of the hacker who breached the IT provider CityComp at the end of April. “The file names and accompanying directories – numbering almost 65,000 – fit with the focus of the surveillance technology biz.”

File names

File names Data breaches Manufacturing Cybersecurity

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

It creates temporary files with the “ lock” and “ trash” extensions. It uses hardcoded file names designed to masquerade as Microsoft office executables: OfficeTemplate.exe and MicrosoftOfficeDashboard.exe” reads the analysis published by Symantec.

File names

File names Passwords Phishing Encryption

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

government. “It then receives a response containing a file name which the malware uses to download additional rooting binaries from C2 infrastructure if one exists for the specified device.” ” continues the report. ” The report also includes Indicators of Compromise (IoCs) for both spyware.

File names

File names Libraries Cybersecurity IT

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing File names Encryption

Lilith: The Latest Threat in Ransomware

eSecurity Planet

JULY 19, 2022

According to Cyble, “The ransomware searches for files to encrypt on the local system by enumerating the file directories […] It ignores the file extensions such as EXE, DLL, and SYS and excludes a list of directory and file names from the encryption process.”.

Ransomware

Ransomware Encryption File names Government

What are the Best Document Management Capabilities?

AIIM

APRIL 8, 2021

It serves in many ways to apply a formal governance framework to the document creation and collaborative editing processes. This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history.

ECM

ECM Cloud Access File names

Guest Post - How important is digital document consistency?

AIIM

OCTOBER 30, 2017

Obviously digital document accuracy is particularly important for government and regulated industries. Consistent document capture and file naming. Another area that lends itself to mixed results is in file naming structure. A client number or name can be taken from the barcode and appended to the filename.

e-Delivery

e-Delivery File names Compliance ECM

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

The phishing messages use Trojan sample associated with a file named “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar,” experts from MalwareHunterTeam noticed that the malicious code was only detected by ESET AV. "Company The operators behind the campaign use COVID-19 lure promising victims tax relief.

Phishing

Phishing File names Access Government

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known as Zloader or Terdot , that focus on government relief payments. . Spam messages sent to the victims claim to provide information related to the Coronavirus outbreak and government relief payments.

File names

File names Passwords Sales Authentication

Intelligent Search – Strategies to Find What You Need

AIIM

AUGUST 26, 2021

Often, you can make some good initial decisions right away by examining things like file name, path name, and file extensions before you attempt to migrate, read, or index the content itself. Sift and Aggregate: With so much information to manage, it can help to reduce the chaos.

Digital transformation

Digital transformation Search queries Artificial Intelligence Healthcare

Tik Tok, Tick Tock…Boom.

John Battelle's Searchblog

OCTOBER 14, 2019

There’s nothing in Tik Tok’s TOS or Privacy Policy that stops it from sending all the information it collects to the Chinese government. If you think Tik Tok isn’t sending information to the Chinese government, you’re sweet, but you should stay inside and stick to rotary phones.

Artificial Intelligence

Artificial Intelligence Privacy File names Government

Researcher found US ‘No Fly List’ on an unsecured server

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. no fly list from 2019 containing over 1.56

Archiving

Archiving File names Access Authentication

Conti ransomware gang also breached Ireland Department of Health (DoH)

Security Affairs

MAY 19, 2021

Government experts speculate the two attacks are part of the same campaign targeting the Irish health sector. The malware involved in the attack is Conti Ransomware v3 (32 bit), which attempted to encrypt all files with the exception of the following file names: – CONTI_LOG.txt – readme.txt – *.FEEDC

Ransomware

Ransomware Encryption File names IoT

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Libraries Government

Catches of the month: Phishing scams for August 2021

IT Governance

AUGUST 10, 2021

The example above, for instance, contains a graphic with a file name and a link to open it – just as would happen if someone genuinely shared something with you. The post Catches of the month: Phishing scams for August 2021 appeared first on IT Governance UK Blog. Get started.

Phishing

Phishing File names Security Risk

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. since August.

File names

File names Libraries Ransomware Security

RIM Month Virtual Colloquium, date and lineup announcement for April 7th 1-3pm EST!

The Schedule

MARCH 3, 2021

A case study in creating a Getty retention compliant electronic file naming system for Procurement. Buyers could then easily name their files according to department naming conventions, and apply retention without having to take any action beyond filling out the checklist. Jennifer Thompson, J. Paul Getty Trust.

Records Management

Records Management Archiving File names Government

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

GOBLIN PANDA was focused on Vietnam, most of the targets were in the defense, energy, and government sectors. “Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” ” reads the analysis published by CrowdStrike.

Metadata

Metadata File names Libraries Government

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

NOVEMBER 20, 2018

The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ docx’ for their campaigns.

File names

File names Phishing Communications Government

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

JANUARY 21, 2019

A rogue server could send a LOAD DATA LOCAL statement to the client to get access to any file for which the client has read permission. “In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement.”

Passwords

Passwords File names Access Sales

Improve Business File Organization and Collaboration With Document Control

OneHub

JULY 5, 2021

Employees should be able to immediately identify the most up-to-date version of a file so they can complete their work with total confidence. Without consistent rules governing approvals and revisions, document collaboration can get messy. Document control ensures that when a file is approved, everyone working on it knows.

File names

File names Access Government Risk

Medibank Defends its Security Practices as its Ransomware Woes Worsen

IT Governance

NOVEMBER 17, 2022

Things got worse for Medibank after a second database was leaked , containing a file named “abortions”. A fourth file was then leaked, labelled “psychos”, which contained hundreds of claims from policyholders who have undergone mental health treatment. From bad to worse.

IT

IT Ransomware Security Data breaches

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

NOVEMBER 16, 2018

The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. The following code is the execution path that drives Stage 2 to Stage 3. var run = new ActiveXObject(‘WSCRIPT.Shell’).Run(powershell

Computer and Electronics

Computer and Electronics File names Security IT

China-linked threat actors are targeting the government of Ukraine

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Webinars

Trending Sources

Chinese APT FunnyDream targets a South East Asian government

Webinars

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

FBI published a flash alert on Mamba Ransomware attacks

Digitizing Records: Understanding Metadata Requirements

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

China-linked LuminousMoth APT targets entities from Southeast Asia

Evil Corp rebrands their ransomware, this time is the Macaw Locker

New PowerExchange Backdoor linked to an Iranian APT group

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

China-linked APT41 group targets Hong Kong with Spyder Loader

New Linux Ransomware BlackSuit is similar to Royal ransomware

DownEx cyberespionage operation targets Central Asia

China-linked Budworm APT returns to target a US entity

Tips for Folder Structure Design and Cleanup

Hacker breached Perceptics, a US maker of license plate readers

New Graphiron info-stealer used in attacks against Ukraine

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Lilith: The Latest Threat in Ransomware

What are the Best Document Management Capabilities?

Guest Post - How important is digital document consistency?

QNodeService Trojan spreads via fake COVID-19 tax relief

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Intelligent Search – Strategies to Find What You Need

Tik Tok, Tick Tock…Boom.

Researcher found US ‘No Fly List’ on an unsecured server

Conti ransomware gang also breached Ireland Department of Health (DoH)

New Gallmaker APT group eschews malware in cyber espionage campaigns

Catches of the month: Phishing scams for August 2021

Emotet operators are running Halloween-themed campaigns

RIM Month Virtual Colloquium, date and lineup announcement for April 7th 1-3pm EST!

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Sofacy APT group used a new tool in latest attacks, the Cannon

A flaw in MySQL could allow rogue servers to steal files from clients

Improve Business File Organization and Collaboration With Document Control

Medibank Defends its Security Practices as its Ransomware Woes Worsen

Using Microsoft Powerpoint as Malware Dropper

Stay Connected