article thumbnail

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

article thumbnail

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. Original post at [link].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

According to the government experts, the BLINDINGCAN malware was employed in attacks aimed at US and foreign companies operating in the military defense and aerospace sectors. A threat group with a nexus to North Korea targeted government contractors early this year to gather intelligence surrounding key military and energy technologies.”

article thumbnail

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

“Russian military cyber actors, publicly known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August.” Using a previous version of Exim leaves a system vulnerable to exploitation. The flaw resides in the deliver_message() function in /src/deliver.c

article thumbnail

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

The BlindingCan was employed in attacks on US and foreign companies operating in the military defense and aerospace sectors. The CISA MAR provided indicators of compromise (IoCs), Yara rules, and other technical info that could be used by system administrators to discover compromise systems within their networks.

IT 100
article thumbnail

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

The RCMP said the raid was part of an international coordinated effort with the Federal Bureau of Investigation and the Australian Federal Police, as part of “a series of ongoing, parallel investigations into Remote Access Trojan (RAT) technology. This makes it harder for targets to remove it from their systems.

Marketing 208
article thumbnail

£60 million in recovery costs for Norsk Hydro after refusing ransom demand

IT Governance

On 19 March 2019, Norsk Hydro’s systems were infected with the LockerGoga ransomware. TrendMicro’s analysis into the ransomware found that it was the same system administration tool abused by the likes of SOREBRECT and Bad Rabbit. To access the decoder, the organisation was asked to pay a large ransomin bitcoin.