2021, IT and Military - Information Management Today

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Military

Military IT Communications Risk

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Security Affairs

FEBRUARY 25, 2022

In November 2021, Mandiant Threat Intelligence researchers linked the Ghostwriter disinformation campaign (aka UNC1151) to the government of Belarus. The post Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing appeared first on Security Affairs. It is for you for your past, the future and the future.

Military

Military Phishing CMS Government

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group mainly focuses on high-profile orgs, including government entities and military orgs. ” reads the report published by Bitdefender.

Military

Military Passwords Government Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

“A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165 , also known as APT28, Sofacy Group , Forest Blizzard , Pawn Storm , Fancy Bear , and Sednit , used to conceal and otherwise enable a variety of crimes.”

Military

Military Government Access Cybersecurity

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers.

IT

IT Cloud Military Phishing

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic Leopard) was first spotted by Proofpoint Researchers in Feb 2016, in a series of cyber espionage operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. ” read the analysis published Cisco Talos. Pierluigi Paganini.

IT

IT Military Phishing Archiving

Indian-linked Patchwork APT infected its own system revealing its ops

Security Affairs

JANUARY 10, 2022

The APT group has been active since at least 2015, previous operations targeted military and political individuals across the world, it shows a specific interest in organizations in Pakistan. The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. Pierluigi Paganini.

IT

IT Military Phishing Government

New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

Hunton Privacy

AUGUST 2, 2021

Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. On June 16, 2021, Connecticut Governor Ned Lamont signed HB 5310, An Act Concerning Data Privacy Breaches. On July 6, 2021, Governor Ned Lamont signed HB 6607, An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses.

Cybersecurity

Cybersecurity Insurance Military Data Privacy

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” concludes the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

IT Governance

JULY 1, 2021

We found a comparatively low 9,780,931 breached records from publicly disclosed security incidents in June 2021. The post List of data breaches and cyber attacks in June 2021 – 9.8 But don’t be fooled by that number – it comes from 106 incidents, which is roughly average for the year. Data breaches. million drivers’ details (3.3

Data breaches

Data breaches Ransomware Computer and Electronics Retail

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

“Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. .” HENSOLDT is a company specializing in military and defense electronics.

Ransomware

Ransomware Computer and Electronics Military Agriculture

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

Also Read: Best Encryption Tools & Software for 2021. The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. A ransomware attack is about as bad as a cyber attack can get. Jump to: What is ransomware? How ransomware works. Preventing ransomware.

Ransomware

Ransomware Encryption Insurance Cloud

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Recorded Future’s Insikt Group believes that the campaign has been active since November 2021.

Military

Military Phishing Government Communications

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Phishing Authentication

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework.

IT

IT Phishing Military Encryption

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The researchers noticed that the attackers also commonly employed multiple known vulnerabilities, including CVE-2023-38831 in WinRAR or CVE-2021-40444 in Windows MSHTML.

Military

Military Government Phishing Access

Best Enterprise VPN Solutions for 2021

eSecurity Planet

JULY 3, 2021

Also Read: Best Enterprise Network Security Tools & Solutions for 2021. With 3000 servers in 160 locations and 94 countries, ExpressVPN boasts its military-grade encryption and leak-proofing features, including a kill switch and unlimited bandwidth for clients. Also Read: Best IAM Tools & Solutions for 2021. Encrypt.me.

Encryption

Encryption Communications Marketing Cloud

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. agencies fear the possibility that these actors could gain access to the networks of critical infrastructure to cause disruptive effects in the event of potential geopolitical tensions and/or military conflicts. .”

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The document provides details about the tactics, techniques and procedures (TTP) associated with threar actors since the second half of 2021. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). ” The script was hosted on “mocky[.]io,”

Military

Military Phishing Government Security

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013.

Military

Military Phishing File names Archiving

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

Effective October 1, 2021, an amendment [1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. 1] [link]. [2] 2] C.R.S. §

Data breaches

Data breaches IT Insurance Passwords

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Security Affairs

MARCH 2, 2022

Experts found similarities between the infection chain associated with this campaign, tracked as Asylum Ambuscade, and other attacks Proofpoint observed in July 2021, a circumstance that suggests they were conducted by the same threat actor. net) that appears to belong to a compromised Ukranian armed service member.”

Phishing

Phishing Military Government Communications

Security Affairs newsletter Round 399 by Pierluigi Paganini

Security Affairs

DECEMBER 25, 2022

Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach impacting 1.5 Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Security

Security Military Ransomware Encryption

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

However, in our research, Investing in Cyber Resilience (2021) we found that only 49 percent of companies have a fully implemented and rolled out cyber security strategy, indicating pervasive barriers to cyber strategy adoption. And this is where strategic intelligence feeds into the cyber security puzzle.

Risk

Risk Military Marketing Data Privacy

Colonial Pipeline discloses data breach after May ransomware attack

Security Affairs

AUGUST 17, 2021

Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. On May 6, 2021, an unauthorized third party acquired certain records stored in our systems,” states the letter. The pipeline allows carrying 2.5 The pipeline allows carrying 2.5

Data breaches

Data breaches Ransomware Military Insurance

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. In the period 2017-2021 this group implemented the most numerous cyberintelligence actions on various vectors of public administration.

Military

Military Metadata Government Passwords

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube.

Military

Military Government Phishing IT

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

NOVEMBER 10, 2021

On the other end, the Chinese government considers the island its territory and does not exclude its military occupation in the future. billion “anomalies” from 2019 to August 2021, according to the report shared by Taiwan’s defence ministry. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Government

Government Military Information Security Security

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

ForAllSecure

AUGUST 18, 2021

The new Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, opened Day 2 of Black Hat USA 2021 with a remote presentation on Hacking the Cybersecurity Puzzle. She is a daughter of a military father and so she went to West Point Academy, as one of the first female cadets.

Cybersecurity

Cybersecurity Mining Military Education

REvil ransomware gang hit US nuclear weapons contractor Sol Oriens

Security Affairs

JUNE 15, 2021

Sol Oriens statement to us now: “In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted our network environment.” H/t @mcwellons — Eamon Javers (@EamonJavers) June 10, 2021. The ransomware gang threatened to leak relevant documentation and data belonging to military agencies. states the company.

Ransomware

Ransomware Military Personal data Cybersecurity

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. agencies fear the possibility that these actors could gain access to the networks of critical infrastructure to cause disruptive effects in the event of potential geopolitical tensions and/or military conflicts.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Authentication

Authentication Military Ransomware Manufacturing

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

DECEMBER 30, 2021

DataVault is an advanced encryption software to protect user data, it provides comprehensive military grade data protection and security features to multiple systems. ” The vulnerabilities have been tracked as CVE-2021-36750 and CVE-2021-36751. Multiple vendors, including WD, Sony and Lexar use the DataVault software.

Encryption

Encryption Passwords Military Security

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Some info for people who got the warning and a reminder what it means: [link] and also in this — Shane Huntley (@ShaneHuntley) October 7, 2021. — Shane Huntley (@ShaneHuntley) October 7, 2021. TAG sent a above average batch of government-backed security warnings yesterday. Pierluigi Paganini.

Phishing

Phishing Military Government Security

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Security Affairs

JULY 1, 2022

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021.

Military

Military Passwords Access Government

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Security Affairs

JUNE 25, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Military Ransomware Cybersecurity

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. “So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Military Government Security

Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict

Security Affairs

FEBRUARY 27, 2022

February 25 – Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing. February 15 – Ukraine: Military defense agencies and banks hit by cyberattacks. Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021.

Military

Military Phishing Ransomware Security

The Netherlands declares war on ransomware operations

Security Affairs

OCTOBER 8, 2021

The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them.

Ransomware

Ransomware Military Government Security

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Access Cybersecurity Education

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs

DECEMBER 6, 2021

The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. Le CERT-FR vient de publier un rapport sur des campagnes d’hameçonnage du mode opératoire d’attaquants Nobelium contre des entités françaises menées depuis février 2021.

Phishing

Phishing Military Government Cybersecurity

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

In July 2021, the French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. In August 2021, the APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia.

Government

Government Phishing Military IT

Russian Gamaredon APT is targeting Ukraine since October

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement.

Military

Military Phishing Government Security

NK-linked InkySquid APT leverages IE exploits in recent attacks

Security Affairs

AUGUST 18, 2021

APT37 has been active since at least 2012, it mainly targeted government, defense, military, and media organizations in South Korea. The watering hole attacks on the Daily NK was conducted from March 2021 until early June 2021. ” reads the post published by Volexity. com to malicious subdomains of jquery[.]services.

Metadata

Metadata Military Archiving Cybersecurity

From Cybercrime Saul Goodman to the Russian GRU

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Webinars

Trending Sources

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Webinars

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Pakistan-linked Transparent Tribe APT expands its arsenal

Indian-linked Patchwork APT infected its own system revealing its ops

New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Ransomware Protection in 2021

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Donot Team cyberespionage group updates its Windows malware framework

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Best Enterprise VPN Solutions for 2021

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Connecticut Tightens its Data Breach Notification Laws

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Security Affairs newsletter Round 399 by Pierluigi Paganini

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Colonial Pipeline discloses data breach after May ransomware attack

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Taiwan Government faces 5 Million hacking attempts daily

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

REvil ransomware gang hit US nuclear weapons contractor Sol Oriens

FBI chief says China is preparing to attack US critical infrastructure

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Flaws in DataVault encryption software impact multiple storage devices

Google warns of APT28 attack attempts against 14,000 Gmail users

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict

The Netherlands declares war on ransomware operations

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Nobelium APT targets French orgs, French ANSSI agency warns

Google blocked China-linked APT31’s attacks targeting U.S. Government

Russian Gamaredon APT is targeting Ukraine since October

NK-linked InkySquid APT leverages IE exploits in recent attacks

Stay Connected