Access, Government, Military and Phishing - Information Management Today

Belarus Hackers Targeting Poland, Ukraine With RAT, Phishing

Data Breach Today

JULY 14, 2023

State-Linked Spear-Phishing Campaign Targeting Government, Military Personnel Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans.

Phishing

Phishing Military Government Access

Data Breach Culprits: Phishing and Ransomware Dominate

Data Breach Today

AUGUST 27, 2021

Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports.

Data breaches

Data breaches Phishing Ransomware Military

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers).

Military

Military Phishing Government Sales

Catches of the Month: Phishing Scams for March 2022

IT Governance

MARCH 8, 2022

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. This month, we look at a phishing attack targeting Ukrainian citizens, the latest campaign imitating Tesco and a warning from HSBC.

Phishing

Phishing Military Access Education

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military File names Education Phishing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders.

Ransomware

Ransomware Government Military Access

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. However, the researchers determined that one of methods used by the threat actors to regaining access to the target organizations are spear-phishing emails.

Archiving

Archiving Military Communications Phishing

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. Click to enlarge.

Cloud

Cloud Education Government Phishing

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Security Affairs

FEBRUARY 4, 2022

The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government

Government Military Phishing Information Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military Government Phishing Authentication

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Government Phishing Access

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats.

IT

IT Military Phishing Passwords

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military

Military Phishing Passwords Government

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Pierluigi Paganini.

Government

Government Military Phishing Access

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. ” states the DoJ.

Energy and Utilities

Energy and Utilities Government Cybersecurity Military

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

Russian Gamaredon APT is targeting Ukraine since October

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Military

Military Phishing Government Security

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

CyberheistNews Vol 13 #13 | March 28th, 2023 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO. "A We must ask: 'Is the email expected?

Phishing

Phishing Security awareness Insurance Cybersecurity

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. In recent attacks, the group was observed exploiting a XSS vulnerability, tracked as CVE-2023-5631 , by sending a specially crafted email message.

Military

Military Government Phishing IT

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

The group targeted government and military organizations in Ukraine. The attack chain starts with spear-phishing messages using a self-extracting 7-Zip file, which was downloaded via the system’s default browser. Threat actors also used the legitimate remote desktop protocol (RDP) tools Ammyy Admin and AnyDesk for remote access.

Military

Military Phishing Access Government

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The cyberespionage group continues to target members of defense companies, embassies, governments, and the military.

Phishing

Phishing Military Government Passwords

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 10, 2022

The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. April 8 – Microsoft disrupted APT28 attacks on Ukraine through a court order.

Military

Military Phishing Cybersecurity Government

Unprecedented cyber attack hit State Infrastructure of Montenegro

Security Affairs

AUGUST 27, 2022

An unprecedented cyber attack hit the Government digital infrastructure in Montenegro, the government has timely adopted measures to mitigate its impact. The Government believes that the attack was orchestrated by a nation-state actor. Abazovic said it was politically motivated following the fall of his government last week.”

Military

Military Government Phishing Security

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Phishing

Phishing Healthcare Military Data collection

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The KamiKakaBot malware spreads via phishing emails that contain a malicious ISO file as an attachment.

Phishing

Phishing Encryption Military Government

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

US Government and defense contractor Belcan left its super admin credentials open to the public, Cybernews research team reveals. Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions.

Passwords

Passwords Military Manufacturing Analytics

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 13, 2022

March 9 – Multiple Russian government websites hacked in a supply chain attack. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. March 8 – Ukraine’s CERT-UA warns of phishing attacks against Ukrainian citizens.

Blockchain

Blockchain Phishing Military Passwords

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military Government Phishing Security

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” reads the joint advisory.

Military

Military Access Cybersecurity Education

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. ” states Microsoft.

IT

IT Cloud Military Phishing

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. XDLoc: Gathers nearby SSIDs (such as Wi-Fi access points), probably in order to geo-locate the victim machines.

Military

Military Phishing Passwords Government

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

.” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military IoT Phishing Government

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Malaysia’s MyCERT warns cyber espionage campaign carried out by APT40

Security Affairs

FEBRUARY 10, 2020

Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials.

Government

Government Military Phishing Security

Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 6, 2022

State communications watchdog Roskomnadzor has ordered to block access to Facebook in Russia amid the ongoing invasion of Ukraine. Russian government released a list containing IP addresses and domains behind DDoS attacks that hit Russian infrastructure after the invasion.

Ransomware

Ransomware Phishing Military Government

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

IT Governance

JULY 1, 2021

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process. They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Data breaches

Data breaches Ransomware Computer and Electronics Retail

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Security Affairs

JULY 15, 2023

The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The group often uses spear-phishing emails and messages (Telegram, WhatsApp, Signal) as an initial attack vector.

Military

Military Phishing Government Security

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

APRIL 2, 2020

Princess Cruises and Holland America Line caught out by phishing scam (unknown). Victoria, Australia, school says former student gained unauthorised access to sensitive data (90,000). Tandem Diabetes Care notifies patients of phishing incident (unknown). Staff at Teaching Council hit by phishing email (9,735). Ransomware.

Data breaches

Data breaches Ransomware Energy and Utilities Phishing

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

Mint Sandstorm targets both private and public organizations, including political dissidents, journalists, activists, the Defense Industrial Base (DIB), and employees from multiple government agencies, including individuals protesting oppressive regimes in the Middle East. ” reads the report published by Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. ” concludes Kaspersky.

Military

Military Phishing Passwords Communications

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Libraries Government

FBI is helping Montenegro in investigating the ongoing cyberattack

Security Affairs

SEPTEMBER 1, 2022

A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. The Government believes that the attack was orchestrated by a nation-state actor. said Dusan Polovic, a government official.

Military

Military Government Cybersecurity Ransomware

Belarus Hackers Targeting Poland, Ukraine With RAT, Phishing

Data Breach Culprits: Phishing and Ransomware Dominate

Trending Sources

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Catches of the Month: Phishing Scams for March 2022

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Stark Industries Solutions: An Iron Hammer in the Cloud

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Russian APT groups target European governments ahead of May Elections

US indicted 4 Russian government employees for attacks on critical infrastructure

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Russian Gamaredon APT is targeting Ukraine since October

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked Gamaredon APT continues to target Ukraine

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict

Unprecedented cyber attack hit State Infrastructure of Montenegro

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Dark Pink APT targets Govt entities in South Asia

Defense contractor Belcan leaks admin password with a list of flaws

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Microsoft disrupted APT28 attacks on Ukraine through a court order

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Russia-linked Nobelium APT targets orgs in the global IT supply chain

XDSpy APT remained undetected since at least 2011

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Malaysia’s MyCERT warns cyber espionage campaign carried out by APT40

Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

List of data breaches and cyber attacks in March 2020 – 832 million records breached

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

New Gallmaker APT group eschews malware in cyber espionage campaigns

FBI is helping Montenegro in investigating the ongoing cyberattack

Stay Connected