2007, Phishing and Security - Information Management Today

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. ” reads the Google Threat Horizons report.

Security

Security Phishing Information Security Communications

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

National Security Agency and Microsoft addressed it with the release of Microsoft October 2022 Patch Tuesday security updates. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The vulnerability CVE-2022-38028 was reported by the U.S.

Military

Military File names Education Phishing

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

Emerging in 2007 as a banking trojan, QakBot (a.k.a. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders. The DOJ declined to say whether any suspects were questioned or arrested in connection with Qakbot, citing an ongoing investigation.

Ransomware

Ransomware Government Military Access

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . So why do we do these government warnings then?

Phishing

Phishing Military Government Security

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. This information contains, for example, the list of installed security patches.”

Military

Military Phishing Government Security

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Systems administration

Systems administration Military Phishing Government

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. ” wrote Ajax Bash, a Google security engineer from the TAG.

Phishing

Phishing Military Government Security

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. . The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Both clusters served as a C&C server.

Healthcare

Healthcare Phishing Archiving Education

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” Pierluigi Paganini.

Phishing

Phishing Healthcare Military Data collection

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group.

Phishing

Phishing Military Government Passwords

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Phishing Access

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Security firm FireEye dubbed that hacking blitz “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

Government

Government Mining Big data Phishing

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military Phishing Government Communications

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive.

Phishing

Phishing Cloud Government Education

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military Government Phishing Authentication

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware. since Q3 of 2007.

Energy and Utilities

Energy and Utilities Phishing Blockchain Cybersecurity

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Pierluigi Paganini.

Military

Military IoT Phishing Government

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Pierluigi Paganini.

Military

Military Government Phishing Security

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks. Pierluigi Paganini.

Military

Military Phishing Government Security

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

FEBRUARY 9, 2021

The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Phishing

Phishing Security IT Information Security

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

AUGUST 1, 2018

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. SECURITY KEYS. Probably the most secure form of 2FA available involves the use of hardware-based security keys.

Authentication

Authentication Passwords Phishing Data breaches

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military Access Cybersecurity Education

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) North Korea-linked Lazarus APT group is abusing bitmap (.BMP)

Phishing

Phishing Encryption Communications Ransomware

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Healthcare

Healthcare Phishing Passwords Ransomware

Real-life examples of social engineering ? part 2

IT Governance

JUNE 18, 2018

A mystery man walked into an ABN Amro bank in Belgium back in 2007 and walked out with a large amount of diamonds and other gems weighing 120,000 carats. The man, who is still at large, walked in through the front door at regular hours, skipped through all security measures and walked out with the loot. “He No, seriously.

Phishing

Phishing Authentication Marketing Access

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The group keeps updating its toolset to evade security mechanisms.” ” reads t he analysis published by Malwarebytes.

Metadata

Metadata Phishing Communications Ransomware

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

Security experts at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group aimed at political targets. Security researchers at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group (i.e. APT28 , Sednit , Sofacy , Zebrocy , and Strontium ) aimed at political targets.

Phishing

Phishing Military Archiving Security

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Financial Services

Financial Services Government Phishing Security

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. The APT32 also targeted peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors.

Mining

Mining Manufacturing Phishing Government

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

In 2018, researchers at security firm CheckPoint uncovered an extensive surveillance operation conducted by Domestic Kitten aimed at specific groups of domestic individuals that were considered a threat to the Iranian regime. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Phishing

Phishing Security IT Information Security

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. FireEye revealed that the two Russia-linked APT groups carried out spear-phishing attacks to trick victims into revealing government information and credentials. Pierluigi Paganini.

Government

Government Military Phishing Access

Top 8 Cybersecurity Podcasts of 2021

eSecurity Planet

APRIL 23, 2021

Host Ran Levi takes listeners on a journey through the history of cybersecurity through the lens of real hackers, security experts, journalists, and politicians. The Privacy, Security, & OSINT Show. The Privacy, Security, & OSINT Show. Smashing Security. 5 Stars, 558 ratings. 5 Stars, 558 ratings.

Cybersecurity

Cybersecurity Privacy Data breaches Security

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini. SecurityAffairs – hacking, Lazarus).

Encryption

Encryption Access Phishing Passwords

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The post North Korean Lazarus APT stole credit card data from US and EU stores appeared first on Security Affairs.

Retail

Retail Phishing Marketing IT

ICO Fines International Airline Cathay Pacific GBP 500,000 (Maximum Available) for Failing to Secure Customers’ Personal Data

Hunton Privacy

MARCH 5, 2020

On March 4, 2020, the UK Information Commissioner’s Office (“ICO”) fined the international airline Cathay Pacific Airways Limited (“Cathay Pacific”) £500,000 for failing to protect the security of its customers’ personal data. The fine was issued under the Data Protection Act 1998 (the “DPA”) and represents the maximum fine available.

Personal data

Personal data Security Authentication Access

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Earworm group carried out spear-phishing campaigns aimed at delivering the Trojan.Zekapab downloader and the Backdoor.Zekapab. appeared first on Security Affairs.

Military

Military Government Phishing Security

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Experts believe APT threat actors carried out spear-phishing attacks against the bank, malicious messages used Windows executable.

Retail

Retail Libraries Phishing Government

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Attackers carried out a spear-phishing attack using messages with an LNK attachment that would run a series of PowerShell scripts to extract a payload. Pierluigi Paganini.

Military

Military Data collection Phishing IT

Weekly podcast: ICS attacks, Reddit and SIM swap arrests

IT Governance

AUGUST 10, 2018

For the next few days,” Cybereason says, “the honeypot was hit with cryptomining bots, phishing bots, DDoS bots, activity that Internet-connected assets typically experience”. The security basics are really what’s going to prevent a bad day from becoming a catastrophic day”. These included recipients’ usernames and email addresses.

Honeypots

Honeypots Authentication Energy and Utilities Passwords

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

MARCH 4, 2019

Both of these entities are owned by Jesse Willms , a man The Atlantic magazine described in an unflattering January 2014 profile as “The Dark Lord of the Internet” [not to be confused with The Dark Overlord ]. Jesse Willms’ Linkedin profile.

Access

Access Marketing Passwords Risk

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military

Military Phishing Authentication Government

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs.

File names

File names Phishing Libraries IT

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. 7z file.

Phishing

Phishing Communications Archiving Passwords

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. biz, circa 2007. Mind you, I’m not suggesting anyone go do that: Horohorin pointed out that this random number generator was flagged by 20 different antivirus and security products as malicious.

Encryption

Encryption Ransomware Government Communications

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Webinars

Trending Sources

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Webinars

Google warns of APT28 attack attempts against 14,000 Gmail users

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Financially motivated Earth Lusca threat actors targets organizations worldwide

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

China-linked APT41 group spotted using open-source red teaming tool GC2

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

FBI and NSA joint report details APT28’s Linux malware Drovorub

Microsoft disrupted APT28 attacks on Ukraine through a court order

Mandiant identifies 3 hacktivist groups working in support of Russia

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Reddit Breach Highlights Limits of SMS-Based Authentication

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

North Korea-linked Lazarus APT targets the COVID-19 research

Real-life examples of social engineering ? part 2

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

A new Fancy Bear backdoor used to target political targets

Lazarus malware delivered to South Korean users via supply chain attacks

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Russian APT groups target European governments ahead of May Elections

Top 8 Cybersecurity Podcasts of 2021

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

North Korean Lazarus APT stole credit card data from US and EU stores

ICO Fines International Airline Cathay Pacific GBP 500,000 (Maximum Available) for Failing to Secure Customers’ Personal Data

APT28 group return to covert intelligence gathering ops in Europe and South America.

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Weekly podcast: ICS attacks, Reddit and SIM swap arrests

Hackers Sell Access to Bait-and-Switch Empire

APT28 targets key networks in Europe with HeadLace malware

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Long-existing Bandook RAT targets Windows machines

Adventures in Contacting the Russian FSB

Stay Connected