Archiving, Information Security and Military - Information Management Today

UAC-0142 APT targets Ukraine’s Delta military intelligence program

Security Affairs

DECEMBER 20, 2022

Ukraine’s CERT-UA revealed the national Delta military intelligence program has been targeted with a malware-based attack. ” states the Ukrainian military. According to CERT-UA, the document contains a link to a malicious ZIP archive (“certificates_rootca.zip”) that is hosted on a bogus Delta domain.

Military

Military Archiving Phishing Government

UK printing company Doxzoo exposed US and UK military docs

Security Affairs

MARCH 20, 2020

UK printing company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military. Security experts at vpnMentor discovered 343GB worth of files belonging to the printing company Doxzoo that were exposed on an AWS server. ” reads the post published by vpnMentor.

Military

Military Archiving Cybersecurity Security

Russian hackers defaced local British news sites

Security Affairs

MAY 13, 2024

” The following image shows an archived version of the East Lothian Courier, which is one of the impacted newspapers, that was published by Reported Future News. According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests.

CMS

CMS Military Archiving Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military. ” reads the analysis from ESET.

Military

Military Archiving Security Government

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

Experts uncovered a new cyber-espionage campaign, dubbed “ Operation In(ter)receptio n,” aimed at aerospace and military organizations in Europe and the Middle East. ” The attackers used password-protected RAR archive files as decoys purported to include a PDF document with details on the salary for specific job positions.

Military

Military Archiving Passwords Communications

OP Glowing Symphony – How US military claims to have disrupted ISIS ‘s propaganda

Security Affairs

JANUARY 22, 2020

US military claims to have disrupted the online propaganda activity of the Islamic State (ISIS) in a hacking operation dating back at least to 2016. “Today the National Security Archive is releasing 6 USCYBERCOM documents obtained through FOIA which shed new light on the campaign to counter ISIS in cyberspace.”

Military

Military FOIA Archiving Security

Autoclerk travel reservations platform data leak also impacts US Government and military

Security Affairs

OCTOBER 22, 2019

. “The data Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.” The list of affected users includes the US government, military, and Department of Homeland Security (DHS). .

Military

Military Government Cloud Archiving

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military

Military Phishing File names Archiving

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Security Affairs

NOVEMBER 5, 2023

The attackers attempted to trick victims into downloading and decompress a ZIP archive (Cross-Platform Bridges.zip) containing the malicious Python code masqueraded by an arbitrage bot. log – SUGARLOADER Stage 3 (Loader)- Discord (fake) – HLOADER Stage 4 (Payload) – KANDYKORN Decompressing the archive, it reveals a Main.py

Blockchain

Blockchain Archiving Military Encryption

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military

Military File names Archiving Phishing

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

The attackers said that the stolen data includes information about the employees of the company involved in military projects, commercial activities, contract agreements and correspondence with other companies. “Hello! ” reads the adv published by the group on a popular hacker forum.

Manufacturing

Manufacturing Military Archiving Cybersecurity

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” “The archive contains documents and images of the bait, as well as VBScript code (Thumbs.db), which will create and run the.NET program “dhdhk0k34.com.” Pierluigi Paganini.

Archiving

Archiving CMS File names Phishing

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

MAY 16, 2021

The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic Leopard) was first spotted by Proofpoint Researchers in Feb 2016, in a series of cyber espionage operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. ” read the analysis published Cisco Talos.

IT

IT Military Phishing Archiving

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Security Affairs

FEBRUARY 17, 2020

Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB ( Federal Security Service ) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against the Ukrainian military power. . Information about first SFX archive.

Archiving

Archiving Military IT Phishing

RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM

Security Affairs

NOVEMBER 4, 2022

The attacks were spotted while analyzing network artifacts associated with RomComRAT infections resulting from attacks targeting Ukrainian military institutions. In the KeePass RomCom campaign threat actors distributed an archive named “KeePass-2.52.zip” ” reads the report published by BlackBerry.

Passwords

Passwords Military Ransomware Archiving

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

The messages use an archive named “501_25_103.zip”, In past campaigns, the group targeted a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. The post Russia-linked InvisiMole APT targets state organizations of Ukraine appeared first on Security Affairs.

Phishing

Phishing Military Archiving Government

Maze ransomware gang leaked Canon USA’s stolen files

Security Affairs

AUGUST 14, 2020

GB archive called “STRATEGICPLANNINGpart62.zip” Maze operators were very active during the past months, they have also stolen data from US military contractor Westech and the ST Engineering group , and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Ransomware

Ransomware Archiving Military Encryption

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

The group targeted multiple industries, including governments, telecom, aerospace, energy, financial institutions, nuclear research, oil and gas, military, transportation, and companies developing encryption technologies. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, backdoor).

Encryption

Encryption Military Archiving Government

Anonymous and Ukraine IT Army continue to target Russian entities

Security Affairs

MAY 6, 2022

GB archive containing 75,000 files, emails and disk images from CorpMSP. GB archive containing 31,990 emails from LLC Capital. According to NB65, the 9GB of files included client contracts and image files of the Ministry of Defense contracts. The Anonymous-linked group leaked a 482.5 Anonymous leaked a 20.4

IT

IT Archiving Military Government

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in some cases compromised their IT infrastructure, taking over systems used to manage security solutions.

Encryption

Encryption Military Archiving Phishing

SolarWinds hackers stole some of Mimecast source code

Security Affairs

MARCH 17, 2021

Back in December, the SolarWinds supply chain attack made the headlines when a Russian cyber espionage group tampered with updates for SolarWinds’ Orion Network Management products that the IT company provides to government agencies, military, and intelligence offices. ” reads the incident report published by mimecast.

Encryption

Encryption Military Access Archiving

NK-linked InkySquid APT leverages IE exploits in recent attacks

Security Affairs

AUGUST 18, 2021

APT37 has been active since at least 2012, it mainly targeted government, defense, military, and media organizations in South Korea. Spawn a thread to recursively search a path and upload files as a ZIP archive. The watering hole attacks on the Daily NK was conducted from March 2021 until early June 2021. services. .

Metadata

Metadata Military Archiving Cybersecurity

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. The backdoor deploys an SFX archive containing a Windows task installation script.

IT

IT Archiving Encryption Passwords

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

The Fancy Bear APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. It also contains an embedded ZIP archive that the macros dropped and extracted.” The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Military Archiving Security

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. Introduction. The macro creates two folders inside %PROGRAMDATA% path, “ systemidleperf ” and “ SppExtComTel ”.

Military

Military Communications Encryption IT

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

He had been working on the Edward Snowden archive for a couple of months, and had a pile of more technical documents that he wanted help interpreting. Those of us in the information security community had long assumed that the NSA was doing things like this. And what I was working on would become public in a few weeks.

Computer and Electronics

Computer and Electronics Encryption Government Privacy

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015.

Phishing

Phishing Encryption Military Archiving

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

During recent times, Gamaredon is targeting the Ukrainian military and law enforcement sectors too, as officially stated by the CERT-UA. The infection chain is composed by different stages of password protected SFX (self extracting archive), each containing vbs or batch scripts. Information about initial SFX file.

Archiving

Archiving Passwords File names Military

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Other news ISO/IEC 27006:2024 published ISO (the International Organization for Standardization) and the IEC (International electrotechnical Commission) have published a new standard in the ISO 27000 information security series. Alternatively, you can view our full archive.

Data Privacy

Data Privacy Privacy Security Data breaches

The return of TA402 Molerats APT after a short pause

Security Affairs

JUNE 18, 2021

Most of the victims of the threat actor were located in Israel and Palestine, they belong to multiple industries including governments, telecommunications, finance, military, universities, and technology.

Archiving

Archiving Passwords Military Government

Information Management Today

UAC-0142 APT targets Ukraine’s Delta military intelligence program

UK printing company Doxzoo exposed US and UK military docs

Webinars

Trending Sources

Russian hackers defaced local British news sites

Webinars

Machete cyber-espionage group targets Latin America military

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

OP Glowing Symphony – How US military claims to have disrupted ISIS ‘s propaganda

Autoclerk travel reservations platform data leak also impacts US Government and military

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Threat actor claims to have hacked European manufacturer of missiles MBDA

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Pakistan-linked Transparent Tribe APT expands its arsenal

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM

Russia-linked InvisiMole APT targets state organizations of Ukraine

Maze ransomware gang leaked Canon USA’s stolen files

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Anonymous and Ukraine IT Army continue to target Russian entities

Chinese actors behind attacks on industrial enterprises and public institutions

SolarWinds hackers stole some of Mimecast source code

NK-linked InkySquid APT leverages IE exploits in recent attacks

The Platinum APT group adds the Titanium backdoor to its arsenal

A new Fancy Bear backdoor used to target political targets

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Snowden Ten Years Later

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

A month later Gamaredon is still active in Eastern Europe

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The return of TA402 Molerats APT after a short pause

Stay Connected