2007, Government and Security - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions.

Military

Military File names Education Phishing

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

APRIL 1, 2020

Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier. A robust data archiving strategy puts data into tiers, Lahiri says.

Government

Government Cybersecurity Archiving Access

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. i-SOON is a prominent contractor for various agencies of the Chinese government, including Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army.

Government

Government IoT Marketing Data breaches

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government

Government Encryption Communications IT

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Emerging in 2007 as a banking trojan, QakBot (a.k.a. government has used court orders to remotely disinfect systems compromised with malware.

Ransomware

Ransomware Government Military Access

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. e-Estonia refers to a movement by the government of Estonia to facilitate citizen interactions with the state through the use of electronic solutions. Pierluigi Paganini.

Computer and Electronics

Computer and Electronics Digital transformation Government IT

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Pierluigi Paganini.

Government

Government Military Phishing Access

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Security Affairs

SEPTEMBER 10, 2022

Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July.

Government

Government Security IT Information Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems.

Military

Military Government Phishing Authentication

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

In recent attacks spotted by Microsoft’s Threat Intelligence, the nation-state actors primarily targeted government, energy, transportation, and non-governmental organizations in the US, Europe, and the Middle East. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems.

Military

Military Government Phishing Access

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems. ” The script was hosted on “mocky[.]io,”

Military

Military Phishing Government Security

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Security firm FireEye dubbed that hacking blitz “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

Government

Government Mining Big data Phishing

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

An Untrustworthy TLS Certificate in Browsers

Schneier on Security

NOVEMBER 10, 2022

government agencies for more than a decade. […]. Vostrom filed papers in 2007 to do business as Packet Forensics, according to Virginia state records. Cory Doctorow does a great job explaining the context and the general security issues. More details by Reardon.

Paper

Paper Communications Government Security

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Krebs on Security

JULY 1, 2021

Before, you likely had to manually provide this info to lenders, creditors or government agencies. At the time, all you needed to view someone’s entire work and salary history was their Social Security number and date of birth. a data broker acquired by Equifax in 2007. It didn’t help that for roughly half the U.S.

Financial Services

Financial Services Government Authentication IT

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. So why do we do these government warnings then? Pierluigi Paganini.

Phishing

Phishing Military Government Security

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to CERT-UA, this campaign targeted more than 40 Ukrainian organizations, including government entities.

Military

Military Phishing Government Communications

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. The US Government announced sanctions for ransomware negotiation firms that will support victims of the Evil Corp group in the ransom payments. Pierluigi Paganini.

Ransomware

Ransomware Government IT Security

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions. The cybersurveillance equipment was used by the Egyptian government to track down opponents. A weapon of choice for authoritarian governments.” “In short, Cerebro can suck up any data that is not encrypted.

Sales

Sales Government Encryption Communications

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Microsoft disrupted APT28 attacks on Ukraine through a court order appeared first on Security Affairs.

Military

Military Government Phishing Security

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Finally, the targeting of Taiwanese media illustrates the continued overlap of public sector threat actors targeting private sector organizations with limited government ties.

Phishing

Phishing Cloud Government Education

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Security Affairs

JUNE 28, 2022

For this reason, the behavior of each actor in the cyber arena is becoming a national security concern for every government. Looking back at 2007, Estonia fell victim to a powerful cyber-attack that shut down government services, telecommunications, and banks in the country. Pierluigi Paganini.

Paper

Paper Military Government IT

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. The US Government announced sanctions for ransomware negotiation firms that will support victims of the Evil Corp group in the ransom payments. Pierluigi Paganini.

Ransomware

Ransomware File names Encryption Government

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” Follow me on Twitter: @securityaffairs and Facebook.

Healthcare

Healthcare Phishing Archiving Education

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

The Last Watchdog

JUNE 26, 2023

. “Based on the strong value proposition and impact of Flexxon’s hardware-based solutions, I look forward to driving the adoption of this novel approach and supporting management, partners and customers in making this transition towards a safer and more secure digital footprint for businesses, governments and individuals globally.”

Cybersecurity

Cybersecurity Marketing Communications Government

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. ” wrote Ajax Bash, a Google security engineer from the TAG. SecurityAffairs – hacking, cyber security).

Phishing

Phishing Military Government Security

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. The government agencies recommend that US organizations update any Linux system to a version running kernel version 3.7 Pierluigi Paganini.

Military

Military IoT Phishing Government

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Zebrocy is mainly used against governments and commercial organizations engaged in foreign affairs.

Phishing

Phishing Healthcare Military Data collection

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. government institutions, and about 250 Ukrainian victims. ” reads the joint advisory.

Military

Military Access Cybersecurity Education

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

File names

File names Encryption Manufacturing Libraries

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

JULY 30, 2018

Co-founder Jay took a business trip to South Korea in the fall of 2007. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. You need to rely on external storage to securely transport your data.

Encryption

Encryption Military Passwords Authentication

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit and the Cybersecurity and Infrastructure Security Agency (CISA) uploaded the samples on the Virus Total online virus scan platform. The post US Cyber Command details implants used in attacks on parliaments and embassies appeared first on Security Affairs.

Cybersecurity

Cybersecurity Government Security IT

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. The post Belgium telecom operators Proximus and Orange drop Huawei appeared first on Security Affairs.

Manufacturing

Manufacturing Risk Communications Security

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities. He is currently housed in a federal prison in Michigan, serving the final stretch of a 60-month sentence.

Computer and Electronics

Computer and Electronics Passwords Sales Government

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Russia-linked cyberespionage group APT28 uses fake NATO training documents as bait in attacks aimed at government bodies. The Russia-linked cyberespionage group APT28 is behind a string of attacks that targeting government bodies with Zebrocy Delphi malware. ” reads the report published QuoIntelligence. Pierluigi Paganini.

Military

Military Government Encryption Communications

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Mandiant identifies 3 hacktivist groups working in support of Russia appeared first on Security Affairs.

Military

Military Phishing Government Security

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. government. Researchers at cybersecurity firm Lookout pointed out that APT41’s activity has not slowed down since recent indictments by the U.S.

File names

File names Libraries Cybersecurity IT

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The cyberespionage group continues to target members of defense companies, embassies, governments, and the military. ” reads the report published by Trend Micro.

Phishing

Phishing Military Government Passwords

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Financial Services

Financial Services Phishing Government Security

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. Pierluigi Paganini.

Archiving

Archiving Government Communications IT

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. The hackers targeted organizations across multiple industries and have also hit foreign governments, dissidents, and journalists. ” Microsoft said.

Mining

Mining Manufacturing Phishing Government

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. Pierluigi Paganini. SecurityAffairs – hacking, Turla).

Security

Security Government IT Information Security

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

Specifically, it is looking for a DLL named snxhk.dll , which is a memory protection component of another company’s endpoint security product, in order to sabotage that protection.”. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware

Ransomware Encryption IT Government

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

Webinars

Trending Sources

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Webinars

Russia-linked Turla APT hacked European government organization

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Russian APT groups target European governments ahead of May Elections

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

An Untrustworthy TLS Certificate in Browsers

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Google warns of APT28 attack attempts against 14,000 Gmail users

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Grief ransomware gang hit US National Rifle Association (NRA)

French court indicted Nexa Technologies for complicity in acts of torture

Microsoft disrupted APT28 attacks on Ukraine through a court order

China-linked APT41 group spotted using open-source red teaming tool GC2

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Financially motivated Earth Lusca threat actors targets organizations worldwide

News Alert: Flexxon selects a Chief Technology Strategist, signals intent to expand into the US

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

FBI and NSA joint report details APT28’s Linux malware Drovorub

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

China-linked APT41 group targets Hong Kong with Spyder Loader

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

US Cyber Command details implants used in attacks on parliaments and embassies

Belgium telecom operators Proximus and Orange drop Huawei

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Russia-linked APT28 targets govt bodies with fake NATO training docs

Mandiant identifies 3 hacktivist groups working in support of Russia

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Lazarus malware delivered to South Korean users via supply chain attacks

Russia-Linked Turla APT uses new malware in watering hole attacks

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Connecting the dots between SolarWinds and Russia-linked Turla APT

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Stay Connected