Access, Government, Military and Tools - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military

Military File names Education Phishing

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers).

Military

Military Phishing Government Sales

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines. Chinese APT group Tropic Trooper, aka KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines, Trend Micro researchers reported. ” continues the report.

Military

Military Government IT Security

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group mainly focuses on high-profile orgs, including government entities and military orgs. Follow me on Twitter: @securityaffairs and Facebook.

Military

Military Passwords Government Security

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). ” reads the post published by Microsoft.

Military

Military Manufacturing Access Security

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Military

Military Security Ransomware Insurance

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems.

Military

Military Government Phishing Authentication

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

MAY 17, 2022

government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. A sample Common Access Card (CAC). Millions of U.S.

Government

Government Military Access Security

GUEST ESSAY: How tech tricks used by Amazon, Netflix aid Ukraine in repelling Russia’s invasion

The Last Watchdog

OCTOBER 10, 2023

Related: Apple tool used as warfare weapon Ukraine’s defense against Russian invaders has changed the role of video. Accessing video-based intelligence at the right time and place is a very effective method for gaining information about the constantly changing military landscape.

Metadata

Metadata Military Encryption Communications

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

The Last Watchdog

NOVEMBER 14, 2023

Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

Ransomware

Ransomware Military Government Security

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems. ” reads trhe announcement published by DKWOC.

Military

Military Government Phishing Access

NYT report states that ToTok app is a government spy tool.

Security Affairs

DECEMBER 24, 2019

A popular mobile app in the Middle East called ToTok has been removed from both Apple and Google’s online stores because it was a spy tool. According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. ” reported the AFP agency.

Government

Government Military Security IT

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

Also in attendance were Access Living, The College of Lake County, CyberSkills2Work, and Task Force Movement. Access Living is committed to launching an Independent Living Technology Program to address the gap in digital skills in the disability community to reach 150 disabled participants by the end of 2024. Chicago, Ill.,

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Security Affairs

FEBRUARY 4, 2022

The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government

Government Military Phishing Information Security

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

Chinese cyber espionage aims at obtaining commercial secrets and intellectual property to advantage the government of Beijing. Over the past year, British intelligence has observed over 20 cases involving Chinese firms contemplating or actively attempting to access sensitive technology developed by UK entities. ” reported BBC.

Military

Military Government Access Cybersecurity

Catches of the Month: Phishing Scams for March 2022

IT Governance

MARCH 8, 2022

The Ukrainian government and its military were targeted by DDoS (distributed denial-of-service) attacks, while a pro-Ukrainian group attacked the Belarusian railway system with ransomware after discovering that it was being used by Russia to transport tanks and weapons. Beware of remote access takeover scams. Get started.

Phishing

Phishing Military Access Education

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” reads the alert. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar. “the U.S.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Pierluigi Paganini.

Government

Government Military Phishing Access

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military

Military Phishing Passwords Government

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” reads the alert. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar. In fact, the U.S.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats.

IT

IT Military Phishing Passwords

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

JULY 30, 2018

DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. We discussed why encrypted flash drives have become established as a must-have portable business tool in the digital age.

Encryption

Encryption Military Passwords Authentication

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security

Security Passwords Military Marketing

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

OCTOBER 17, 2018

Government Accountability Office audit last week found that the defense department is playing catch up when it comes to securing weapons systems from cyberattacks. military and civilian personnel were compromised. The result: personal information and credit card data of at least 30,000 U.S. million personnel records from the U.S.

Data breaches

Data breaches Security Military Government

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

.” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military IoT Phishing Government

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement.

Military

Military Metadata Government Passwords

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” concludes Microsoft.

Military

Military Government Phishing Security

Biden AI Order Enables Agencies to Address Key Risks

Hunton Privacy

OCTOBER 31, 2023

Notably, the Order requires private companies to share with the federal government the results of “red-team” safety tests for foundation models that pose certain risks, directs the development of new AI standards to guide government agencies’ acquisition and use of AI, creates a new National AI Research Resource to foster U.S.

Risk

Risk Artificial Intelligence Privacy Military

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

The group targeted government and military organizations in Ukraine. Pterodo is a multistage Visual Basic Script (VBS) backdoor designed to collect sensitive information or maintain access to compromised machines. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign.

Military

Military Phishing Access Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. government institutions, and about 250 Ukrainian victims. ” reads the joint advisory. ” continues the advisory.

Military

Military Access Cybersecurity Education

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. ” states Microsoft. ” states Microsoft.

IT

IT Cloud Military Phishing

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 13, 2022

March 10 – Crooks target Ukraine’s IT Army with a tainted DDoS tool. Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. March 9 – Multiple Russian government websites hacked in a supply chain attack.

Blockchain

Blockchain Phishing Military Passwords

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. The tools in the arsenal of the XDSpy APT are quite basic, although efficient, their primary tool is a downloader dubbed named XDDown.

Military

Military Phishing Passwords Government

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” concluded Symantec.

Military

Military File names Libraries Government

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Security Affairs

JULY 1, 2022

. “Dropping an IIS module as a backdoor enables threat actors to maintain persistent, update-resistant and relatively stealthy access to the IT infrastructure of a targeted organization; be it to collect emails, update further malicious access, or clandestinely manage compromised servers that can be leveraged as malicious infrastructure.”

Military

Military Passwords Access Government

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

Mint Sandstorm also used custom tools in selected targets, notably organizations in the energy and transportation sectors. Once gained initial access to an organization, the threat actors deploy a custom PowerShell script to gather intelligence on the target. ” reads the report published by Microsoft. ” concludes Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

The RCMP said the raid was part of an international coordinated effort with the Federal Bureau of Investigation and the Australian Federal Police, as part of “a series of ongoing, parallel investigations into Remote Access Trojan (RAT) technology. I tend to have a violent nature, and have both Martial arts and Military training.

Marketing

Marketing Passwords Systems administration Access

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

A remote attacker can trigger the vulnerability to access restricted resources by bypassing control checks. Sliver 11 is an open-source adversary simulation tool that is gaining popularity among threat actors, since it provides a practical command and control framework.” The flaw CVE-2023-46805 (CVSS score 8.2)

Authentication

Authentication Military Communications Security

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. The Thrip group used both custom malware and legitimate tools to hit its targets that continue to include defense contractors, telecoms companies, and satellite operators.

Military

Military Communications Government Education

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. Experts added that the IP 196.216.136[.]139 softether[.]net

Communications

Communications Military Government Libraries

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). The availability online of PoC exploit tool online pose a serious risk to organizations. The tool chains two of the ProxyLogon vulnerabilities recently addressed by Microsoft.

Authentication

Authentication Military Ransomware Manufacturing

Your Work Email Address is Your Work's Email Address

Troy Hunt

JULY 21, 2021

Let's start with a poll: At your place of work, does your employer have the right to access the contents of your corporate email account if necessary? But there's also a lot of consistency, for example, here's a piece on whether it's legal to access an employee's email account in Australia : The short answer is yes.

Data breaches

Data breaches Military Access Communications

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

“Once NOBELIUM obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools. ” reads the analysis published by Microsoft. “Use of FoggyWeb has been observed in the wild as early as April 2021.”

Encryption

Encryption Military Government Access

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Trending Sources

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

When Your Smart ID Card Reader Comes With Malware

GUEST ESSAY: How tech tricks used by Amazon, Netflix aid Ukraine in repelling Russia’s invasion

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

NYT report states that ToTok app is a government spy tool.

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Catches of the Month: Phishing Scams for March 2022

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Russian APT groups target European governments ahead of May Elections

Russian APT group Winter Vivern targets email portals of NATO and diplomats

FBI chief says China is preparing to attack US critical infrastructure

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

FBI and NSA joint report details APT28’s Linux malware Drovorub

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Microsoft disrupted APT28 attacks on Ukraine through a court order

Biden AI Order Enables Agencies to Address Key Risks

Russia-linked Gamaredon APT continues to target Ukraine

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

XDSpy APT remained undetected since at least 2011

New Gallmaker APT group eschews malware in cyber espionage campaigns

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Canadian Police Raid ‘Orcus RAT’ Author

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Symantec uncovered the link between China-Linked Thrip and Billbug groups

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Your Work Email Address is Your Work's Email Address

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Stay Connected