Analysis, Encryption, Government and Groups - Information Management Today

Security Analysis of Threema

Schneier on Security

JANUARY 19, 2023

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

Security

Security Encryption Paper Authentication

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. ” reads the analysis published by Secureworks. .” ” reads the analysis published by Secureworks. Attacks part of this campaign were spotted in June and July 2022. .

Government

Government Archiving Metadata Encryption

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

File names

File names Encryption Manufacturing Libraries

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. The APT group was discovered in June 2022 by Kaspersky which linked it to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. Is it linked to ToddyCat APT?

Government

Government IT Encryption Libraries

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

Security

Security Passwords Cybersecurity Government

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. ” reads the analysis published by Microsoft. ” The attackers use the version.dll DLL to load FoggyWeb which is stored in the encrypted file Windows.Data.TimeZones.zh-PH.pri.

Encryption

Encryption Military Government Access

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

eSecurity Planet

JUNE 24, 2021

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. However, there is a glaring weakness. Putting a Focus on FHE. It’s available on GitHub. DARPA Gets In on the Effort.

Encryption

Encryption Cloud Libraries Privacy

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. Unsought invoice.

Ransomware

Ransomware Phishing Encryption Authentication

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Security Affairs

SEPTEMBER 21, 2021

Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks. Cisco Talos researchers reported that the Russia-linked Turla APT group recently used a new backdoor, dubbed TinyTurla, in a series of attacks against the US, Germany, and Afghanistan. Pierluigi Paganini.

Military

Military Government Encryption Access

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS. ” continues the report.

IT

IT Encryption Authentication Communications

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. MSTIC linked DEV-0530 to another North Korean-based group tracked as PLUTONIUM (aka DarkSeoul or Andariel ). ” concludes Microsoft.

Ransomware

Ransomware Encryption Government Manufacturing

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

RansomExx operation has been active since 2018, the list of its victims includes government agencies, the computer manufacturer and distributor GIGABYTE , and the Italian luxury brand Zegna. ” reads the analysis published by IBM Security X-Force. ” concludes the report. Pierluigi Paganini.

Ransomware

Ransomware Encryption Manufacturing Government

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. “The ISO file also contains a decoy Word document that has an XOR-encrypted section.

Phishing

Phishing Encryption Military Government

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , leverages a steganography-based loader to deliver backdoors on compromised systems. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group.

Libraries

Libraries Encryption Communications Manufacturing

National Academy of Sciences Encryption Study

Data Matters

FEBRUARY 21, 2018

After supporters and opponents of mandated government access to encrypted communications publicly feuded for much of 2016, reprising arguments they’ve had since at least the days of the “Clipper Chip,” these “encryption debates” seemed to quiet down for much of last year. See, e.g., here.)

Encryption

Encryption Government Access Privacy

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs

NOVEMBER 28, 2022

The ransomware is written in.NET and experts noticed that deployment is similar to previous attacks attributed to the Russia-linked Sandworm APT group. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage.

Ransomware

Ransomware IT Encryption Government

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon group.

Military

Military Government Phishing Archiving

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Security Affairs

MAY 15, 2023

The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, as part of a long-running campaign.

Encryption

Encryption Phishing Communications Education

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it. Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship.

Paper

Paper Encryption Government IT

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I’d like to share a comparative analysis of OilRig techniques mutation over time. I would define this group of references as reports. and more personal thoughts.

e-Delivery

e-Delivery Computer and Electronics Phishing Communications

Croatia government agencies targeted with news SilentTrinity malware

Security Affairs

JULY 7, 2019

Croatia government agencies have been targeted by unknown hackers with a new piece of malware tracked as SilentTrinity. A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. Pierluigi Paganini.

Government

Government Computer and Electronics Archiving Phishing

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ” reads the analysis published by TrendMicro. BlackSuit appends the . similarities in blocks, and 98.9%

Ransomware

Ransomware Encryption File names Cybersecurity

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

Security Affairs

JULY 3, 2023

China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the cybersecurity firm Check Point. and Ukraine.

Encryption

Encryption Phishing Government Cybersecurity

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

JULY 17, 2019

Kaspersky researchers revealed that since earlier this year, Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks. Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019. Pierluigi Paganini.

IT

IT Encryption Security Government

GwisinLocker ransomware exclusively targets South Korea

Security Affairs

AUGUST 7, 2022

Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. Pierluigi Paganini. SecurityAffairs – hacking, GwisinLocker ransomware).

Ransomware

Ransomware Healthcare Encryption IT

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. Upon execution, the downloader will check against a blacklist of malware analysis tools by checking for running processes’ specific names (i.e.

File names

File names Passwords Phishing Encryption

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

Kaspersky researchers have found a new advanced backdoor used by the Platinum advanced persistent threat (APT) group in attacks in the wild. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast. ” reads the analysis publisjed by Kaspersky. ” continues the analys i s.

IT

IT Archiving Encryption Passwords

TA505 group updates tactics and expands the list of targets

Security Affairs

AUGUST 28, 2019

Recent campaigns show t hreat actors behind the Dridex and Locky malware families , the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. ” continues the report.

e-Delivery

e-Delivery Insurance Retail Government

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted organizations in the region of the Russo-Ukrainian conflict. The APT group targeted individuals, as well as diplomatic and research organizations in the area of the conflict.

Communications

Communications Agriculture Cloud Archiving

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot.

Phishing

Phishing Military Ransomware Encryption

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021.

Government

Government Access Libraries Education

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

The US government released a joint advisory that provides technical details about the operation of the Lockbit 3.0 “The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. ransomware.

Ransomware

Ransomware Encryption Passwords Cybersecurity

Microsoft spotted a destructive malware campaign targeting Ukraine

Security Affairs

JANUARY 16, 2022

Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware. Virtually all ransomware encrypts the contents of files on the filesystem.

Ransomware

Ransomware Government Encryption Communications

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

The Platinum cyber espionage group uses steganographic technique to hide communications with the Command and Control Servers (C&C). Experts from Kaspersky have linked the Platinum APT group with cyber attacks involving an elaborate, and new steganographic technique used to hide communications with C2 servers.

Communications

Communications Encryption Military Government

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Finisher, aka FinFisher, is a multiplatform surveillance software used by government and law enforcement agencies for their investigations, but unfortunately, it made the headlines because it was also used by oppressive regimes to spy on dissidents, activists, and Journalists. ” continues the analysis.

Encryption

Encryption Communications IT Government

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The forensic analysis conducted by researchers revealed the presence of multiple instances of the general-purpose Dridex malware which was also used to distribute other malware. In a first stage it allocates the memory space where to copy the encrypted data and whose content is executed by the packer. ” continues the report.

Ransomware

Ransomware Encryption IT Government

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

In October, Kaspersky revealed that the CVE-2018-8453 vulnerability has been exploited by the APT group tracked as FruityArmor , a cyber-espionage group that was first observed in 2016 while targeting activists, researchers, and individuals related to government organizations. ” continues the analysis.

Ransomware

Ransomware Encryption Government IT

SolarWinds hackers stole some of Mimecast source code

Security Affairs

MARCH 17, 2021

Back in December, the SolarWinds supply chain attack made the headlines when a Russian cyber espionage group tampered with updates for SolarWinds’ Orion Network Management products that the IT company provides to government agencies, military, and intelligence offices. ” reads the incident report published by mimecast.

Encryption

Encryption Military Access Archiving

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. The second stage installs itself and loads the third stage using an encrypted, hardcoded path.

Communications

Communications Encryption Education Authentication

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that.

Ransomware

Ransomware Encryption Privacy Security awareness

San Francisco 49ers NFL team discloses BlackByte ransomware attack

Security Affairs

FEBRUARY 13, 2022

The analysis of the ransomware revealed that it was developed to avoid infecting systems that primarily use Russian or related languages. Unlike other ransomware that may have a unique key in each session, that version of BlackByte was using the same raw key to encrypt files and it uses the symmetric-key algorithm AES.

Ransomware

Ransomware Agriculture Encryption Cybersecurity

China-linked APT Bronze Starlight deploys ransomware as a smokescreen

Security Affairs

JUNE 26, 2022

Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The HUI Loader is used to decrypt and load a third file containing an encrypted payload that is also deployed to the infected host.

Ransomware

Ransomware Healthcare Manufacturing Encryption

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Security Affairs

OCTOBER 19, 2021

Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is using a custom implant, dubbed Backdoor.Graphon, in attacks aimed at telecommunication providers, IT firms, and government entities in South Asia. At this time, the APT group is mostly targeting organizations in Afghanistan.

Archiving

Archiving Encryption Passwords Government

Security Analysis of Threema

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Webinars

Trending Sources

China-linked APT41 group targets Hong Kong with Spyder Loader

Webinars

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

China-linked APT groups targets orgs via Pulse Secure VPN devices

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

Group-IB detects a series of ransomware attacks by OldGremlin

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Holy Ghost ransomware operation is linked to North Korea

RansomExx Ransomware upgrades to Rust programming language

Dark Pink APT targets Govt entities in South Asia

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

National Academy of Sciences Encryption Study

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Russia-linked Gamaredon group targets Ukraine officials

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

OilRig APT group: the evolution of attack techniques over time

Croatia government agencies targeted with news SilentTrinity malware

New Linux Ransomware BlackSuit is similar to Royal ransomware

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

Turla APT group adds Topinambour Trojan to its arsenal

GwisinLocker ransomware exclusively targets South Korea

New Graphiron info-stealer used in attacks against Ukraine

The Platinum APT group adds the Titanium backdoor to its arsenal

TA505 group updates tactics and expands the list of targets

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Cyber espionage campaign targets Asian countries since 2021

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Microsoft spotted a destructive malware campaign targeting Ukraine

Platinum APT and leverages steganography to hide C2 communications

Unknown FinSpy Mac and Linux versions found in Egypt

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

SolarWinds hackers stole some of Mimecast source code

DePriMon downloader uses a never seen installation technique

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

San Francisco 49ers NFL team discloses BlackByte ransomware attack

China-linked APT Bronze Starlight deploys ransomware as a smokescreen

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Stay Connected