Information Management Today

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

KnowBe4

JANUARY 22, 2024

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Government Security

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Military

Military Government Access Risk

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The researchers uncovered a phishing campaign conducted by a Russia-linked threat actor tracked as COLDRIVER (aka Calisto ) against a NATO Centre of Excellence and Eastern European militaries. Pierluigi Paganini.

Military

Military Phishing Government Ransomware

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Google: Analysis of Cyberattacks Targeting Ukraine Shed Light on What a Cyberwar Strategy Looks Like

KnowBe4

MARCH 10, 2023

A look back at the last year of attacks on Ukraine by Google’s Threat Analysis Group (TAG) provides insight into attacks on NATO countries to gain a cyberspace advantage.

Security awareness

Security awareness Phishing Security

RomCom RAT attackers target groups supporting NATO membership of Ukraine

Security Affairs

JULY 10, 2023

Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT. The researchers discovered two lure documents submitted from an IP address in Hungary, both targeting upcoming NATO Summit guests who are providing support to Ukraine. docx “).

Phishing

Phishing Government IT Security

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

The actors are positioning themselves as an elite cyber offensive group targeting NATO infrastructure and performing cyberespionage to steal sensitive data. Prior to that, “Cyber Spetsnaz” members have been distributing domains assigned to the NATO infrastructure, by doing so they could plan an effective attack.

Government

Government Cybersecurity IoT Security

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. The researchers investigated the TURLA’s infrastructures starting from the domains in the TAG report: wkoinfo.webredirect[.]org Researchers from SEKOIA.IO org jadlactnato.webredirect[.]org.

Government

Government Communications Cybersecurity Security

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

In March 2023, security firm Proofpoint observed the group actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The messages were sent from team.managment@outlook[.]com ” reads the analysis published by ESET.

Military

Military Government Phishing IT

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Security Affairs

JULY 15, 2023

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise The source code of the BlackLotus UEFI Bootkit was leaked on GitHub US CISA warns of Rockwell Automation ControlLogix flaws Indexing Over 15 Million WordPress Websites with PWNPress New AVrecon botnet remained under the radar for two (..)

Security

Security Data breaches Government Analytics

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

Russia-linked Cold River APT targeted US nuclear research laboratories

Security Affairs

JANUARY 9, 2023

In March 2022, the Google Threat Analysis Group (TAG) spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine. The researchers uncovered a phishing campaign conducted by the COLDRIVER (aka Calisto ) APT against a NATO Centre of Excellence and Eastern European militaries.

Military

Military Phishing Cybersecurity Passwords

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 3, 2022

Mar 31 – Google TAG details cyber activity with regard to the invasion of Ukraine. The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group.

Personal data

Personal data Phishing Security IT

Security Affairs newsletter Round 371 by Pierluigi Paganini

Security Affairs

JUNE 26, 2022

SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Flagstar Bank discloses a data breach that impacted 1.5

Security

Security Data breaches Phishing Ransomware

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

The APT primarily targets NATO countries, but experts also observed campaigns targeting the Baltics, Nordics, and Eastern Europe regions, including Ukraine. Google TAG researchers warn that COLDRIVER is evolving tactics, techniques and procedures (TTPs), to improve its detection evasion capabilities. ” reads TAG’s analysis.

Phishing

Phishing Encryption Military Archiving

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

In mid-September, researchers from the Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that the three Apple zero-days (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) addressed in the same period were used as part of an exploit to install Cytrox Predator spyware.

Marketing

Marketing Libraries Sales Government

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Security

Security Artificial Intelligence Data breaches Ransomware

Information Management Today

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Webinars

Trending Sources

Google TAG details cyber activity with regard to the invasion of Ukraine

Webinars

Google: Analysis of Cyberattacks Targeting Ukraine Shed Light on What a Cyberwar Strategy Looks Like

RomCom RAT attackers target groups supporting NATO membership of Ukraine

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Google TAG warns of Russia-linked APT groups targeting Ukraine

Russia-linked Cold River APT targeted US nuclear research laboratories

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict

Security Affairs newsletter Round 371 by Pierluigi Paganini

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Stay Connected