2007, Military and Security - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

National Security Agency and Microsoft addressed it with the release of Microsoft October 2022 Patch Tuesday security updates. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military File names Education Phishing

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation. “In order to ESCAPE the law, you need to KNOW the law. This is the most important thing. ” Mr. .

Military

Military IT Communications Risk

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The 85th Main Centre for Special Services (GTsSS) is the military unit of the Russian government also tracked as APT28 (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ).

Military

Military Government IT Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Phishing Authentication

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

Experts uncovered a new cyber-espionage campaign, dubbed “ Operation In(ter)receptio n,” aimed at aerospace and military organizations in Europe and the Middle East. The post Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East appeared first on Security Affairs.

Military

Military Archiving Passwords Communications

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Government Phishing Access

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). .

Military

Military Phishing Government Security

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Phishing Government Communications

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

Emerging in 2007 as a banking trojan, QakBot (a.k.a. According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads.

Ransomware

Ransomware Government Military Access

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Mandiant identifies 3 hacktivist groups working in support of Russia appeared first on Security Affairs.

Military

Military Phishing Government Security

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Systems administration

Systems administration Military Phishing Government

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. So why do we do these government warnings then? ” Huntley added. “At

Phishing

Phishing Military Government Security

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. The post FBI and NSA joint report details APT28’s Linux malware Drovorub appeared first on Security Affairs. Pierluigi Paganini.

Military

Military IoT Phishing Government

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

JULY 30, 2018

Co-founder Jay took a business trip to South Korea in the fall of 2007. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. You need to rely on external storage to securely transport your data.

Encryption

Encryption Military Passwords Authentication

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Microsoft disrupted APT28 attacks on Ukraine through a court order appeared first on Security Affairs.

Military

Military Government Phishing Security

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

” wrote Ajax Bash, a Google security engineer from the TAG. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. SecurityAffairs – hacking, cyber security).

Phishing

Phishing Military Government Security

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Access Cybersecurity Education

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The cyberespionage group continues to target members of defense companies, embassies, governments, and the military. ” reads the report published by Trend Micro.

Phishing

Phishing Military Government Passwords

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Even today, less than half of the known antivirus engines are flagging the infection on VirusTotal , as observed by BleepingComputer: The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military

Military Government Encryption Communications

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Security Affairs

JUNE 28, 2022

Non-state actors include multinational corporations, collectives of hacktivists, non-governmental organizations (NGOs), cybercrime syndicates, private military organizations, media outlets, terrorist groups, labor unions, organized ethnic groups, lobby groups, criminal organizations, private businesses, and others. Pierluigi Paganini.

Paper

Paper Military Government IT

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to experts from Symantec, the group is now actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Military

Military Government Phishing Security

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to a report published by Symantec in October, the group was actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Government

Government Military Phishing Access

Estonia's Volunteer Cyber Militia

Schneier on Security

FEBRUARY 19, 2019

The volunteers, who've inspired a handful of similar operations around the world, are readying themselves to defend against the kind of sustained digital attack that could cause mass service outages at hospitals, banks, and military bases, and with other critical operations, including voting systems.

Military

Military IT Security

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware appeared first on Security Affairs.

Phishing

Phishing Healthcare Military Data collection

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Cybersecurity and Infrastructure Security Agency (CISA) in August 2020. ” reads the report published by Kaspersky.

IT

IT Systems administration Military Cybersecurity

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Garda and military intelligence agencies believe the Russian agents were sent by the military intelligence branch of the Russian armed forces, the GRU. The post Russian spies are attempting to tap transatlantic undersea cables appeared first on Security Affairs. Source [link]. Pierluigi Paganini.

Military

Military Communications Data collection Access

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. link] #MSFTatBlackHat — Security Response (@msftsecresponse) August 5, 2019. Pierluigi Paganini.

IoT

IoT Military Access Education

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Security Affairs

DECEMBER 3, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. In September 2018, security experts from ESET spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. . Pierluigi Paganini.

Military

Military Government Security IT

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

Security experts at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group aimed at political targets. Security researchers at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group (i.e. APT28 , Sednit , Sofacy , Zebrocy , and Strontium ) aimed at political targets.

Phishing

Phishing Military Archiving Security

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Its author maintains Orcus is a legitimate R emote A dministration T ool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a R emote A ccess T rojan. Tips from international private cyber security firms triggered the investigation.”.

Marketing

Marketing Passwords Systems administration Access

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities. Penchukov) — fled his mandatory military service orders and was arrested in Geneva, Switzerland. 9, 2024).

Computer and Electronics

Computer and Electronics Passwords Sales Government

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

Earlier versions of Agent.BTZ were used to compromise US military networks in the Middle East in 2008. Thus, it is able to bypass some security controls because it doesn’t rely on any malicious domain.” The post New Turla ComRAT backdoor uses Gmail for Command and Control appeared first on Security Affairs.

Military

Military Communications Encryption Authentication

UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers

Security Affairs

OCTOBER 21, 2019

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” reported the FT. Pierluigi Paganini.

Government

Government Military Security IT

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security Affairs

SEPTEMBER 27, 2018

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security experts have debated for a long about UEFI rootkits that are very dangerous malware hard to detect and that could resist to the operating system reinstallation and even to the hard disk replacement.

Military

Military Manufacturing Government Security

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The post Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs –APT, Sofact).

Military

Military Data collection Phishing Government

Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Security Affairs

JULY 15, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. This malware immediately caught the attention of the expert because it contacts a C2 with the name “ marina-info.net ” a clear reference to the Italian Military corp, Marina Militare.

Military

Military Communications IT Government

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

Turla is the name of a Russian cyber espionage APT group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private businesses. The post Latest Turla backdoor leverages email PDF attachments as C&C mechanism appeared first on Security Affairs.

Metadata

Metadata Military Libraries Access

Best Enterprise VPN Solutions for 2021

eSecurity Planet

JULY 3, 2021

Ongoing innovation in connectivity lessened the potential economic impact of the COVID-19 pandemic, in part because organizations quickly adopted solutions like VPNs to secure a remote workforce. Also Read: Best Enterprise Network Security Tools & Solutions for 2021. The CyberGhost VPN app has an average 4.1/5 Encrypt.me.

Encryption

Encryption Communications Marketing Cloud

Katyn Massacre Records Show Need to Prioritize Disclosure of Historical Information with Significant Public Interest

Archives Blogs

FEBRUARY 28, 2020

The prisoners represented a majority of Poland’s governing elite—military, police, and civil society leaders captured in 1939, when the Soviet Union and Nazi Germany invaded and divided Poland by secret diplomatic agreement.

Government

Government Military Archiving Access

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Our military systems are vulnerable. We need to face that reality by halting the purchase of insecure weapons and support systems and by incorporating the realities of offensive cyberattacks into our military planning. Over the past decade, militaries have established cyber commands and developed cyberwar doctrine.

Military

Military Cybersecurity Communications Manufacturing

The Hacker Mind Podcast: Hacking the Art of Invisibility

ForAllSecure

MARCH 1, 2022

SO I only mention Ross Ulbricht in talks because I use him as an example of an Operation Security, or OpSec failure. Operational Security is typically a military process. Welcome to the hacker mind that original podcast from for all secure it's about challenging our expectations about the people who hack for a living.

Privacy

Privacy IT Passwords Encryption

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

and Israel get Stuxnet onto the highly secured Natanz plant? In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems. “[T ” wrote the journalists.

Military

Military Manufacturing Access Security

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 29, 2020

While digital voting systems are more secure today, what about the larger ecosystem, starting from the moment you register until your vote is counted? Who’s keeping those systems secure? Clearly having individual vendors provide the security wasn’t working, so the state moved toward adopting open source software.

Blockchain

Blockchain Paper Security IT

The Hacker Mind Podcast: Hacking Voting Systems

ForAllSecure

OCTOBER 29, 2020

While digital voting systems are more secure today, what about the larger ecosystem, starting from the moment you register until your vote is counted? Who’s keeping those systems secure? Clearly having individual vendors provide the security wasn’t working, so the state moved toward adopting open source software.

Blockchain

Blockchain Paper Security IT

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

From Cybercrime Saul Goodman to the Russian GRU

Webinars

Trending Sources

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Webinars

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Mandiant identifies 3 hacktivist groups working in support of Russia

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Google warns of APT28 attack attempts against 14,000 Gmail users

FBI and NSA joint report details APT28’s Linux malware Drovorub

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

Microsoft disrupted APT28 attacks on Ukraine through a court order

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Russia-linked APT28 targets govt bodies with fake NATO training docs

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

APT28 group return to covert intelligence gathering ops in Europe and South America.

Russian APT groups target European governments ahead of May Elections

Estonia's Volunteer Cyber Militia

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

North Korea-linked Lazarus APT targets the IT supply chain

Russian spies are attempting to tap transatlantic undersea cables

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

A new Fancy Bear backdoor used to target political targets

Canadian Police Raid ‘Orcus RAT’ Author

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

New Turla ComRAT backdoor uses Gmail for Command and Control

UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Best Enterprise VPN Solutions for 2021

Katyn Massacre Records Show Need to Prioritize Disclosure of Historical Information with Significant Public Interest

Vulnerabilities in Weapons Systems

The Hacker Mind Podcast: Hacking the Art of Invisibility

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

The Hacker Mind Podcast: Hacking Voting Systems

The Hacker Mind Podcast: Hacking Voting Systems

Stay Connected