Analysis, Government, Military and Phishing - Information Management Today

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

KnowBe4

JANUARY 22, 2024

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Government Security

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers).

Military

Military Phishing Government Sales

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government. government.

Government

Government Phishing Military IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Security Affairs

MARCH 2, 2022

A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. The phishing messages included a weaponized attachment designed to download a Lua-based malware dubbed SunSeed. ” reads the analysis published by ProofPoint. Pierluigi Paganini.

Phishing

Phishing Military Government Communications

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. To nominate, please visit:?

Phishing

Phishing Military Ransomware Encryption

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Security Affairs

MAY 28, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The phishing campaign detected by MSTIC leveraged the Google Firebase platform to provide an ISO file containing the malicious code.

Phishing

Phishing Military Government IT

LUCKY ELEPHANT campaign targets South Asian governments

Security Affairs

MARCH 27, 2019

The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments. Pierluigi Paganini.

Government

Government Military Phishing Security

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . ” Huntley added. “At

Phishing

Phishing Military Government Security

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. The analysis of the email HTML source code revealed the presence of a SVG tag at the end, which contains a base64-encoded payload. ” reads the analysis published by ESET.

Military

Military Government Phishing IT

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The researchers uncovered a phishing campaign conducted by a Russia-linked threat actor tracked as COLDRIVER (aka Calisto ) against a NATO Centre of Excellence and Eastern European militaries.

Military

Military Phishing Government Ransomware

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Educate your employees on threats and risks such as phishing and malware.

Cybersecurity

Cybersecurity Military Passwords Education

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Pierluigi Paganini.

Government

Government Military Phishing Access

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ” states Recorded Future.

Military

Military Phishing Government Communications

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. The attack chain associated with ARCHIPELAGO starts with phishing emails that embed malicious links. Upon clicking the link, the recipient is redirected to a phishing page that masquerades as a login prompt.

Phishing

Phishing Passwords Military Education

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Phishing

Phishing Military Government Security

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Phishing

Phishing Healthcare Military Data collection

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The KamiKakaBot malware spreads via phishing emails that contain a malicious ISO file as an attachment.

Phishing

Phishing Encryption Military Government

Russia-linked Gamaredon APT continues to target Ukraine

Security Affairs

AUGUST 16, 2022

The group targeted government and military organizations in Ukraine. The attack chain starts with spear-phishing messages using a self-extracting 7-Zip file, which was downloaded via the system’s default browser. . ” reads the analysis published by Symantec.

Military

Military Phishing Access Government

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

.” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military IoT Phishing Government

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Security Affairs

AUGUST 7, 2023

NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military spacecraft. Treasury Department in July 2014 due to its support to the Russian government in attempting of destabilizing eastern Ukraine and its ongoing occupation of Crimea. The Russian firm was sanctioned by the U.S.

Military

Military Communications Manufacturing Phishing

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. Additional details are included in the analysis published by ESET. lnk formats. .

Military

Military Phishing Government IT

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011.

Military

Military Phishing Passwords Government

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Security

Security Ransomware Data breaches IoT

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. ” reads the analysis published by Kaspersky.

Military

Military Phishing Passwords Communications

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. The phishing messages include links to a malicious website that serves the malware, experts pointed out that the emails had subject lines that were customized for each targeted organization.

Manufacturing

Manufacturing Phishing Military Retail

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to experts from Symantec, the group is now actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Military

Military Government Phishing Security

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Libraries Government

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. ” continues the analysis.

Military

Military Government Phishing Archiving

Recently Cloud Atlas used a new piece of polymorphic malware

Security Affairs

AUGUST 12, 2019

Cloud Atlas threat actors used a new piece of polymorphic malware in recent attacks against government organizations. The Cloud Atlas cyberespionage group, aka Inception, continues to carry out attacks against government organizations and was observed using a new piece of polymorphic malware dubbed VBShower.

Cloud

Cloud Phishing Government Military

Targeted Attacks hit multiple embassies with Trojanized TeamViewer

Security Affairs

APRIL 23, 2019

Security experts at CheckPoint uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer and malware disguised as a top-secret US government document to target officials in several embassies in Europe. ” reads the analysis published by CheckPoint. ” continues the analysis. .

Military

Military Phishing Government Security

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. ” reads the analysis published by the expert. ” continues the analysis. ” continues Kaspersky.

Communications

Communications Encryption Military Government

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Security Affairs

FEBRUARY 17, 2020

Security experts from Yoroy-Cybaze ZLab have conducted a detailed analysis of an implant used by the Gamaredon APT group in a recent campaign. It is distributed in a spear-phishing campaign with a weaponized office document that appears to be designed to lure military personnel. . Technical Analysis. Introduction.

Archiving

Archiving Military IT Phishing

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

The Fancy Bear APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. ” reads the analysis published by ESET. ” reads the analysis published by ESET. Chain of compromise overview – Source ESET. dotm hosted at Dropbox.

Phishing

Phishing Military Archiving Security

Kaspersky links GreyEnergy and Zebrocy activities

Security Affairs

JANUARY 24, 2019

Zebrocy’s targets are widely spread across the Middle East, Europe and Asia and the targets’ profiles are mostly government-related.” ” reads the analysis published by Kaspersky. The two malware were used simultaneously in June 2018 and both have been used in attacks aimed at a number of industrial companies in Kazakhstan.

Military

Military Phishing Government Security

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

£60 million in recovery costs for Norsk Hydro after refusing ransom demand

IT Governance

JUNE 27, 2019

TrendMicro’s analysis into the ransomware found that it was the same system administration tool abused by the likes of SOREBRECT and Bad Rabbit. The ransomware was accompanied by a note: “Your files are encrypted with the strongest military algorithms. Cyber security experts and governments urge victims to never pay the ransom.

Ransomware

Ransomware Phishing Insurance Systems administration

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. ” reads the analysis published by Palo alto Networks. reads the analysis published by Palo Alto Networks.

Military

Military Data collection Phishing Government

Best Ransomware Removal and Recovery Services

eSecurity Planet

OCTOBER 5, 2021

Here are the services that stood out in our analysis. Training of employees to prevent phishing from both email and social media, as well endpoint protection and other cybersecurity safeguards to prevent future attacks. It has a particular focus on medical, legal, and government agencies but works with businesses of all sizes.

Ransomware

Ransomware Encryption Cybersecurity Insurance

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. So, Cybaze-Yoroi ZLab team decided to dive deep into technical analysis. Technical Analysis.

Military

Military Communications Encryption IT

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. ” reads the analysis publisjed by Kaspersky.

IT

IT Archiving Encryption Passwords

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Webinars

Trending Sources

Google blocked China-linked APT31’s attacks targeting U.S. Government

Webinars

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

LUCKY ELEPHANT campaign targets South Asian governments

Google warns of APT28 attack attempts against 14,000 Gmail users

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Google TAG details cyber activity with regard to the invasion of Ukraine

China-linked APT Curious Gorge targeted Russian govt agencies

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Russian APT groups target European governments ahead of May Elections

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Google TAG warns of Russia-linked APT groups targeting Ukraine

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Dark Pink APT targets Govt entities in South Asia

Russia-linked Gamaredon APT continues to target Ukraine

FBI and NSA joint report details APT28’s Linux malware Drovorub

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Gamaredon group uses a new Outlook tool to spread malware

XDSpy APT remained undetected since at least 2011

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

New Gallmaker APT group eschews malware in cyber espionage campaigns

Russia-linked Gamaredon group targets Ukraine officials

Recently Cloud Atlas used a new piece of polymorphic malware

Targeted Attacks hit multiple embassies with Trojanized TeamViewer

Platinum APT and leverages steganography to hide C2 communications

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

A new Fancy Bear backdoor used to target political targets

Kaspersky links GreyEnergy and Zebrocy activities

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

£60 million in recovery costs for Norsk Hydro after refusing ransom demand

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Best Ransomware Removal and Recovery Services

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

The Platinum APT group adds the Titanium backdoor to its arsenal

Stay Connected