Analysis, Government, Groups and Military - Information Management Today

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Military

Military Government Access Risk

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Military

Military Authentication Access Government

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

KnowBe4

JANUARY 22, 2024

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Government Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military. ” reads the analysis from ESET.

Military

Military Archiving Security Government

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines. Chinese APT group Tropic Trooper, aka KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines, Trend Micro researchers reported. ” continues the report.

Military

Military Government IT Security

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is focused on NATO member states. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Military Phishing Access

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government.

Government

Government Phishing Military IT

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

NOVEMBER 10, 2021

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. SecurityAffairs – hacking, Taiwan Government).

Government

Government Military Information Security Security

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

Threatpost

FEBRUARY 5, 2020

The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets.

Military

Military Government Security IT

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

Autoclerk travel reservations platform data leak also impacts US Government and military

Security Affairs

OCTOBER 22, 2019

vpnMentor’s discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group. Security experts at vpnMentor’s discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group. ” . .

Military

Military Government Cloud Archiving

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. ESET researchers pointed out that is a different vulnerability than CVE-2020-35730 , that the group exploited in other attacks. ” reads the analysis published by ESET.

Military

Military Government Phishing IT

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement.

Military

Military Phishing Government IT

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Security Affairs

NOVEMBER 18, 2023

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) has been active since 2014 and its activity focuses on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo.

Military

Military Communications IT Government

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military

Military Phishing Government Communications

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. ” reads the analysis published by Microsoft. The post Russia-linked Nobelium APT group uses custom backdoor to target Windows domains appeared first on Security Affairs.

Encryption

Encryption Military Government Access

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia.

Military

Military Communications Government Education

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. The attacks have been attributed to the Russia-linked FancyBear group (aka APT28) and the Belarus-linked Ghostwriter (aka UNC1151) APT group. ” wrote Shane Huntley, Google’s TAG lead.

Military

Military Phishing File names Government

LUCKY ELEPHANT campaign targets South Asian governments

Security Affairs

MARCH 27, 2019

The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments.

Government

Government Military Phishing Security

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Security Affairs

SEPTEMBER 21, 2021

Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks. Cisco Talos researchers reported that the Russia-linked Turla APT group recently used a new backdoor, dubbed TinyTurla, in a series of attacks against the US, Germany, and Afghanistan. Pierluigi Paganini.

Military

Military Government Encryption Access

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Military targets in Europe.

Military

Military Government Phishing Security

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. “ Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia.

Manufacturing

Manufacturing Phishing Passwords Military

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon group.

Military

Military Government Phishing Archiving

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. ” continues Symantec. Pierluigi Paganini.

Military

Military File names Libraries Government

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. So why do we do these government warnings then?

Phishing

Phishing Military Government Security

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. Chi-en (Ashley) Shen, a senior security researcher at FireEye, collected evidence that demonstrates that China-linked APT group ICEFOG (aka Fucobha ) is still active.

Agriculture

Agriculture Government Military Communications

China-linked APT40 group hides behind 13 front companies

Security Affairs

JANUARY 13, 2020

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. The Intrusion Truth group has doxed the fourth Chinese state-sponsored hacking operation. “We know that multiple areas of China each have their own APT.”

Libraries

Libraries Information Security Military Government

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Security Affairs

AUGUST 7, 2023

Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups.

Military

Military Communications Manufacturing Phishing

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group (aka GALLIUM , Softcell ) targeting Linux systems with a new variant of PingPull backdoor. In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities.

Communications

Communications Military Government Libraries

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine. ” reads the report published by the TAG team. In one case observed by the TAG team.

Military

Military Phishing Government Ransomware

Kaspersky Analysis Shines Light on DarkUniverse APT Group

Dark Reading

NOVEMBER 7, 2019

Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.

Military

Military Government

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Military

Military IoT Phishing Government

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security

Security Passwords Military Marketing

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. ” reads the analysis published by EclecticIQ. dll), and a decoy Microsoft Word document.

Phishing

Phishing Encryption Military Government

Kaspersky Lab Analysis Shines Light on DarkUniverse APT Group

Dark Reading

NOVEMBER 7, 2019

Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.

Military

Military Government

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. The group was involved also in the string of attacks that targeted 2016 Presidential election. Pierluigi Paganini.

Phishing

Phishing Military Government Security

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Military

Military Phishing Access Government

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Security Affairs

MARCH 2, 2022

A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. The campaign observed in July 2021 was linked to the Belarus-linked APT group Ghostwriter (aka TA445 or UNC1151 ). ” reads the analysis published by ProofPoint.

Phishing

Phishing Military Government Communications

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. ” reads the analysis published by Kaspersky.

Military

Military Phishing Passwords Communications

Ke3chang hacking group adds new Ketrum malware to its arsenal

Security Affairs

MAY 28, 2020

The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. ” Back in 2013, the security researchers at FireEye spotted a group of China-Linked hackers that conducted an espionage campaign on foreign affairs ministries in Europe. Pierluigi Paganini.

IT

IT Military Communications Security

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Security

Security Ransomware Data breaches IoT

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Healthcare Military Data collection

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Authentication

Authentication Military Access Government

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Webinars

Trending Sources

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

Webinars

Machete cyber-espionage group targets Latin America military

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Russian APT groups target European governments ahead of May Elections

Google blocked China-linked APT31’s attacks targeting U.S. Government

Google TAG warns of Russia-linked APT groups targeting Ukraine

Taiwan Government faces 5 Million hacking attempts daily

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Autoclerk travel reservations platform data leak also impacts US Government and military

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Gamaredon group uses a new Outlook tool to spread malware

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

LUCKY ELEPHANT campaign targets South Asian governments

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

APT28 group return to covert intelligence gathering ops in Europe and South America.

China-linked APT Curious Gorge targeted Russian govt agencies

Russia-linked Gamaredon group targets Ukraine officials

New Gallmaker APT group eschews malware in cyber espionage campaigns

Google warns of APT28 attack attempts against 14,000 Gmail users

Hunting the ICEFOG APT group after years of silence

China-linked APT40 group hides behind 13 front companies

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Google TAG details cyber activity with regard to the invasion of Ukraine

Kaspersky Analysis Shines Light on DarkUniverse APT Group

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Dark Pink APT targets Govt entities in South Asia

Kaspersky Lab Analysis Shines Light on DarkUniverse APT Group

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Russia-linked Gamaredon APT continues to target Ukraine

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Ke3chang hacking group adds new Ketrum malware to its arsenal

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Nobelium APT uses new Post-Compromise malware MagicWeb

Stay Connected