2023, Government, Military and Security - Information Management Today

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. “TAG70 has demonstrated a high level of sophistication in its attack methods.

Military

Military Government Access Risk

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Security Affairs

AUGUST 21, 2023

military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “ HiatusRAT ” that infected over 100 edge networking devices globally. military server used for contract proposals and submissions. military procurement system appeared first on Security Affairs.

Military

Military Manufacturing Government Access

N. Korean Kimsuky APT targets S. Korea-US military exercises

Security Affairs

AUGUST 20, 2023

South Korea military exercise. The military drill, the Ulchi Freedom Guardian summer exercises , will start on Monday, August 21, 2023 , and will last 11 days. The military exercises aim at improving the ability of the two armies to respond to North Korea’s evolving nuclear and missile threats.

Military

Military Phishing Government Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Security Affairs

JUNE 14, 2023

The IT giant pointed out that Cadet Blizzard is distinct from other known APT groups operating under the control of the Russian military intelligence GRU, such as Forest Blizzard ( STRONTIUM ) and Seashell Blizzard (IRIDIUM). Unlike other Russia-linked APT group, CadetBlizzard operations are extremely disruptive.

Military

Military Government IT Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in attacks aimed at European NATO members. The first occurred between March-December 2022 and the second occurred in March 2023.”

Military

Military Government Phishing Authentication

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon?

Security

Security Passwords Military Marketing

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government? A new round of the weekly SecurityAffairs newsletter arrived!

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Security Affairs

JUNE 25, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Military Ransomware Cybersecurity

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Phishing Access

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide. .

Energy and Utilities

Energy and Utilities Military Government Phishing

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

Security

Security Authentication Military Government

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Security Affairs

JANUARY 29, 2024

Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” ” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia.

Military

Military Communications Government Security

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023. Source: Reliaquest.com.

Ransomware

Ransomware Government Military Access

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

“A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165 , also known as APT28, Sofacy Group , Forest Blizzard , Pawn Storm , Fancy Bear , and Sednit , used to conceal and otherwise enable a variety of crimes.”

Military

Military Government Access Cybersecurity

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. x before 1.6.4, x before 1.5.5, x before 1.4.15.

Military

Military Government Phishing IT

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Security Affairs

APRIL 1, 2024

The US government announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy. The US Defense Department announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy (ASD(CP)) as directed in the National Defense Authorization Act for Fiscal Year 2023.

Military

Military Government Security Information Security

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Being Used to Phish So Many of Us?

Security

Security Ransomware Data breaches IoT

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems. ” reads the report. ” The script was hosted on “mocky[.]io,”

Military

Military Phishing Government Security

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. reads the advisory published by the security vendor.

Military

Military Government IT Security

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, x) and Ivanti Policy Secure.

Authentication

Authentication Military Communications Security

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

The Last Watchdog

NOVEMBER 14, 2023

Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies. Yet, there remains much leeway for improvements.

Ransomware

Ransomware Military Government Security

A zero-click vulnerability in Windows allows stealing NTLM credentials

Security Affairs

MAY 11, 2023

Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324 , that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform.

Military

Military Cybersecurity Security Government

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations.

Military

Military File names Archiving Phishing

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The threat actors created bespoke JavaScript payloads designed for each government targets’ webmail portal. CISA orders federal agencies to fix this flaw by April 24, 2023.

IT

IT Military Phishing Passwords

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

” Rosaviatsia is the government agency responsible for the oversight and regulation of civil aviation in Russia. The agency’s primary role is to ensure the safety, security, and efficiency of air transport within the country. In the first 9 months of 2023, 150 cases of aircraft malfunctions were recorded in Russia.

Military

Military Manufacturing Government Authentication

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. In November 2023, the experts noticed that the botnet started targeting Axis IP cameras, such as the M1045-LW, M1065-LW, and p1367-E.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to CERT-UA, this campaign targeted more than 40 Ukrainian organizations, including government entities.

Military

Military Phishing Government Communications

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

The security firm did not provide details about the attacks exploiting this vulnerability. all versions Migrate to a fixed release The security firm also addressed another critical flaw in FortiOS, tracked as CVE-2024-23113 (CVSS score 9.8). Version Affected Solution FortiOS 7.6 Not affected Not Applicable FortiOS 7.4 through 7.4.2

Military

Military Government Security IT

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Security Affairs

NOVEMBER 18, 2023

The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. Most of the attacks began in February/March 2023 and threat actors remained undetected in the target networks until May.

Military

Military Communications IT Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. This domain has been hosted on eight other IPs throughout its history, none of these IPs were directly affiliated with the South African government. Experts added that the IP 196.216.136[.]139

Communications

Communications Military Government Libraries

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. TAG also observed campaigns from this actor targeting attendees of the Munich Security Conference and the Masters of Digital conference.”

Phishing

Phishing Military Ransomware Education

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Chicago, Ill., Also in attendance were Access Living, The College of Lake County, CyberSkills2Work, and Task Force Movement.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

Biden AI Order Enables Agencies to Address Key Risks

Hunton Privacy

OCTOBER 31, 2023

On October 30, 2023, U.S. President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. Standards for AI Safety and Security Red-teaming requirements. Developers must also share the results of “red-team” exercises with the government. AI use by the military and intelligence community.

Risk

Risk Artificial Intelligence Privacy Military

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military

Military Phishing Passwords Government

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. Critical Outlook Zero-Day The Outlook zero-day, CVE-2023-23397 , with a critical CVSS score of 9.8, is being actively exploited.

Energy and Utilities

Energy and Utilities Authentication Ransomware Military

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets.

Phishing

Phishing Encryption Military Government

MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally

The Last Watchdog

MAY 9, 2023

One meeting I had at RSA Conference 2023 , was a briefing about a new partnership , announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust. Honoring data sovereignty Name any business use case: banking, retail, healthcare, government, military, entertainment, elections.

Cloud

Cloud Digital transformation Military Retail

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security.

Security

Security Data breaches Ransomware Military

News alert: Lumifi seeking to acquire MDR cybersecurity firms to accelerate growth

The Last Watchdog

OCTOBER 24, 2023

24, 2023 — Lumifi , a cybersecurity industry leader, is embarking on a strategic expansion plan by targeting cybersecurity firms. The company is now primed to secure 2-4 more acquisitions within the next 6 to 18 months, bolstering its position in the cybersecurity landscape. Scottsdale, Ariz.,

Cybersecurity

Cybersecurity Artificial Intelligence Military Risk

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy

Data Privacy Manufacturing Privacy Security

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Webinars

Trending Sources

N. Korean Kimsuky APT targets S. Korea-US military exercises

Webinars

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

U.S. Hacks QakBot, Quietly Removes Botnet Infections

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

A zero-click vulnerability in Windows allows stealing NTLM credentials

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

FBI chief says China is preparing to attack US critical infrastructure

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Google TAG warns of Russia-linked APT groups targeting Ukraine

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Biden AI Order Enables Agencies to Address Key Risks

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Microsoft Targets Critical Outlook Zero-Day Flaw

Dark Pink APT targets Govt entities in South Asia

MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally

2022 Cyber Security Review of the Year

News alert: Lumifi seeking to acquire MDR cybersecurity firms to accelerate growth

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

Stay Connected