2017, Analysis and Military - Information Management Today

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. The nine-count indictment names Wu Zhiyong (???), Wang Qian (??),

Military

Military Phishing Government Sales

Analysis: Indictments in Equifax Hack

Data Breach Today

FEBRUARY 14, 2020

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.

Military

Military Data breaches Privacy Security

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Military

Military Authentication Access Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

The researchers pointed out that the use of the “script:” prefix demonstrates the exploitation of the vulnerability CVE-2017-8570 , a bypass for CVE-2017-0199. The DLL also implements features to evade detection and avoid analysis by security experts. The PPSX file contains a remote link to an external OLE object.

Military

Military Mining Libraries Security

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military. ” reads the analysis from ESET.

Military

Military Archiving Security Government

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. ” reads the analysis published by ESET. Pierluigi Paganini. SecurityAffairs – hacking, InvisiMole).

Military

Military Communications Libraries Encryption

Kaspersky Analysis Shines Light on DarkUniverse APT Group

Dark Reading

NOVEMBER 7, 2019

Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.

Military

Military Government

Kaspersky Lab Analysis Shines Light on DarkUniverse APT Group

Dark Reading

NOVEMBER 7, 2019

Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.

Military

Military Government

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. ” reads the analysis published by Kaspersky.

Military

Military Phishing Passwords Communications

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to experts from Symantec, the group is now actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Military

Military Government Phishing Security

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

JULY 30, 2020

The threat actors’ job postings messages were crafted to target the following specific US defense programs and groups: F-22 Fighter Jet Program Defense, Space and Security (DSS) Photovoltaics for space solar cells Aeronautics Integrated Fighter Group Military aircraft modernization programs.

Military

Military Data collection Phishing Ransomware

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Libraries Government

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to a report published by Symantec in October, the group was actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Government

Government Military Phishing Access

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. ” reads the analysis published by Symantec. This custom-built backdoor has been used since at least January 2017 to achieve persistence on compromised networks.

Military

Military Communications Government Education

China-linked APT3 was able to modify stolen NSA cyberweapons

Security Affairs

SEPTEMBER 8, 2019

APT3 functions very differently than 3LA, the former Chinese military hacking organization leading to the assumption that APT3 is not part of the military complex. In May 2017, researchers at threat intelligence firm Record Future discovered a clear link between APT3 cyber threat group and China’s Ministry of State Security.

Military

Military Security IT Government

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Security Affairs

FEBRUARY 17, 2020

Security experts from Yoroy-Cybaze ZLab have conducted a detailed analysis of an implant used by the Gamaredon APT group in a recent campaign. It is distributed in a spear-phishing campaign with a weaponized office document that appears to be designed to lure military personnel. . Technical Analysis. Introduction.

Archiving

Archiving Military IT Phishing

APT15 Pokes Its Head Out With Upgraded MirageFox RAT

Threatpost

JUNE 19, 2018

government and military in 2017 (which wasn't made public until 2018). This is the first evidence of the China-linked threat actor's activity since hacked the U.K.

Military

Military IT Government

DHS report – Voting systems in North Carolina county in 2016 were not hacked

Security Affairs

DECEMBER 31, 2019

. “After voter check-in software failed, federal authorities conducted a forensic analysis of the county’s electronic poll books to see if Russian military hackers who targeted the software provider may have tampered with registration information to disrupt voting.” ” reported the AP agency. ” continues AP news.

Computer and Electronics

Computer and Electronics Military Paper Phishing

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

Earlier versions of Agent.BTZ were used to compromise US military networks in the Middle East in 2008. ComRAT v4 appeared in the threat landscape in 2017 and is still used by threat actors , recently a new variant was used in attacks against two Ministries of Foreign Affairs in Eastern Europe and a national parliament in the Caucasus region.

Military

Military Communications Encryption Authentication

Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Security Affairs

JULY 15, 2018

It was a long weekend for the researchers from the Z-Lab at CSE Cybsec that completed the analysis a number of payloads being part of a new cyber espionage campaign conducted by the Russian APT28 group (aka Fancy Bear , Pawn Storm , Sednit , Sofacy, and Strontium ).

Military

Military Communications IT Government

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

Military contractors, shipbuilders, satellite operators, high-tech companies ) in Japan and South Korea. This week, Chi-en (Ashley) Shen presented at the CONFidence cybersecurity conference held in Poland her analysis on new samples of malware associated with the ICEFOG group.

Agriculture

Agriculture Government Military Communications

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here ). The victim was one of the most important leaders in the field of security and defensive military grade Naval ecosystem in Italy. It makes an explicit date control check to 0x7E1 (2017).

Computer and Electronics

Computer and Electronics Encryption Military Security

Recently Cloud Atlas used a new piece of polymorphic malware

Security Affairs

AUGUST 12, 2019

. “From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to this threat actor mostly focused on Russia, Central Asia and regions of Ukraine with ongoing military conflicts.” ” continues the analysis. ” reads the report published by Kaspersky Lab.

Cloud

Cloud Phishing Government Military

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. ” reads the analysis published by ESET. ” reads the analysis published by ESET.

Metadata

Metadata Military Libraries Access

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

2017 analysis of the RAT. I tend to have a violent nature, and have both Martial arts and Military training. “It can also implement a watchdog that restarts the server component or even trigger a Blue Screen of Death (BSOD) if the someone tries to kill its process,” wrote researchers at security firm Fortinet in a Dec.

Marketing

Marketing Passwords Systems administration Access

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

This vulnerability was addressed in Dec 2017 in the 4.14 ” reads the analysis published by Trend Micro. SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities’ Windows machines. ” continues the analysis. LTS kernel [1], AOSP android 3.18

Encryption

Encryption Access Military Marketing

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Security Affairs

MAY 14, 2019

Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea. ” reads the analysis published by Kaspersky Lab. ” continues the analysis. ” continues the analysis. Kaspersky first documented the operations of the group in 2016.

IT

IT Military Manufacturing Government

SWEED targets precision engineering companies in Italy

Security Affairs

OCTOBER 28, 2019

Security expert Marco Ramilli published a quick analysis of an interesting attack carried out by SWEED threat actor targeting precision engineering firms in Italy. Today I’d like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Technical Analysis. Introduction.

Passwords

Passwords Encryption File names Military

Remembering Vietnam

Archives Blogs

NOVEMBER 14, 2017

The National Archives opened our newest exhibition, Remembering Vietnam: Twelve Critical Episodes in the Vietnam War on November 10, 2017. Interviews with veterans, journalists, members of the peace movement, Vietnamese civilians, and leading Vietnam War historians provide first-person testimony and analysis of the events.

Archiving

Archiving Military Education Libraries

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

A Time to Break Silence

Archives Blogs

JUNE 23, 2020

Civilian and military casualty rates rose exponentially, and news outlets around the world broadcast horrific images of the chaos and tragedy of the war. A nation that continues year after year to spend more money on military defense than on programs of social uplift is approaching spiritual death. revolutionary”, CNN , 3 April 2017.

Military

Military Archiving IT

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

Forensic Analysis. Through the years, we’ve seen several strains of ransomware make headlines: CryptoLocker in 2013, Locky in 2016, WannaCry and Hermes in 2017, GandCrab in 2018, and now, Ryuk joins the pack of notable names in criminal malware. Unregulated use of new or unique devices poses an unnecessary risk to your network.

Ransomware

Ransomware Encryption Insurance Cloud

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

Get important figures‘ travel itinerary, and then pose political threats, or military suppression?” Schulte was arrested for possession of child pornography, he was charged on three counts of receipt, possession and transportation of child pornography in August 2017.

Military

Military Government Security IT

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. While 2017 was the year of WannaCry , NotPetya , and BadRabbit ransomware epidemics, 2018 revealed a lack of preparedness for side-channel attacks and threats related to microprocessor vulnerabilities.

IT

IT Military Cybersecurity Phishing

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

FEBRUARY 17, 2020

The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Instead of offering up more layers of defense, they’ve slipped on the shoes of the attackers and taken an offensive approach to defending IT assets.

Digital transformation

Digital transformation Analytics Cloud Risk

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

In January 2017, seeking to provide practical advice for directors to address their oversight responsibilities, the National Association of Corporate Directors (NACD) released its (revised) Handbook on Cyber-Risk Oversight (NACD Handbook). Designing an Enterprise-Level Approach. Mandatory Access Control. Role-Based Access Control.

Cybersecurity

Cybersecurity Risk Passwords Authentication

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

APRIL 12, 2019

Technical Analysis. This Office password protection could be easily bypassed using the classic malware analysis tools and after the code extraction, it’s possible to analyze the plain-text code as follows. Further detail about AMSI have been described in a previous analysis report. Figure 1: Overview of the malicious document.

Passwords

Passwords Metadata Military Government

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Analysis: Indictments in Equifax Hack

Webinars

Trending Sources

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Webinars

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Machete cyber-espionage group targets Latin America military

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Kaspersky Analysis Shines Light on DarkUniverse APT Group

Kaspersky Lab Analysis Shines Light on DarkUniverse APT Group

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

APT28 group return to covert intelligence gathering ops in Europe and South America.

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Google TAG warns of Russia-linked APT groups targeting Ukraine

New Gallmaker APT group eschews malware in cyber espionage campaigns

Russian APT groups target European governments ahead of May Elections

Symantec uncovered the link between China-Linked Thrip and Billbug groups

China-linked APT3 was able to modify stolen NSA cyberweapons

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

APT15 Pokes Its Head Out With Upgraded MirageFox RAT

DHS report – Voting systems in North Carolina county in 2016 were not hacked

New Turla ComRAT backdoor uses Gmail for Command and Control

Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Hunting the ICEFOG APT group after years of silence

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Recently Cloud Atlas used a new piece of polymorphic malware

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Canadian Police Raid ‘Orcus RAT’ Author

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

SWEED targets precision engineering companies in Italy

Remembering Vietnam

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

A Time to Break Silence

Ransomware Protection in 2021

CIA Hacking unit APT-C-39 hit China since 2008

Group-IB presents its annual report on global threats to stability in cyberspace

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

An Approach to Cybersecurity Risk Oversight for Corporate Directors

APT28 and Upcoming Elections: evidence of possible interference

Stay Connected