Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. The post China-linked APT41 group targets Hong Kong with Spyder Loader appeared first on Security Affairs. ” continues the report. Follow me on Twitter: @securityaffairs and Facebook.

File names 110

File names Encryption Manufacturing Libraries 110

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. no fly list from 2019 containing over 1.56

Archiving 91

Archiving File names Access Authentication 91

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware 116

Ransomware Phishing File names Encryption 116

Security Affairs

MAY 19, 2021

“The National Cyber Security Centre (NCSC) became aware on Thursday of an attempted cyber attack on the Department of Health. ” reads an update published by the Irish Department of the Environment, Climate and Communications. FEEDC (extension added by Conti Ransomware to filenames of encrypted files) – *.msi

Ransomware 86

Ransomware Encryption File names IoT 86

Security Affairs

MARCH 30, 2020

Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known as Zloader or Terdot , that focus on government relief payments. . Spam messages sent to the victims claim to provide information related to the Coronavirus outbreak and government relief payments. ” continues the post.”Next,

File names 102

File names Passwords Sales Authentication 102

Security Affairs

NOVEMBER 20, 2018

The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. ” Cannon acts as a downloader and relies on emails to communicate with the C2 server and receive instructions. Security Affairs – Sofacy APT, Cannot tool).

File names 77

File names Phishing Communications Government 77

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity 96

Cybersecurity Access Metadata Energy and Utilities 96

eSecurity Planet

FEBRUARY 3, 2021

A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. Since then, much has been learned about the tactics, techniques, and procedures (TTPs) deployed and what steps organizations are taking to harden their network and application security.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. Two files are obtained from 2 AWS S3 buckets.

Passwords 96

Passwords e-Discovery IT Cleanup 96

Security Affairs

MAY 2, 2019

The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organisations leads FireEye to assess that those sectors are a primary concern of APT34. Source: MISP Project ).

Computer and Electronics 87

Computer and Electronics Communications Government File names 87

Security Affairs

SEPTEMBER 13, 2023

UK, Australian, Canadian, and New Zealand governments issued a joint alert about China-linked threat actors targeting CNI organizations and using living off the land to evade detection. “On May 29, the attackers returned and used a renamed version of ProcDump (file name: alg.exe) to dump credentials from LSASS.”

File names 114

File names Access Encryption Communications 114

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain.

Communications 96

Communications Cloud Phishing Encryption 96

The Texas Record

JUNE 1, 2021

Records created and stored outside the business network are in contravention of the government records accessibility requirement —this negatively affects that government’s ability to perform regular business operations efficiently. Create a safe communication channel with the employee. What is the risk?

Records Management 71

Records Management File names Risk Government 71

Security Affairs

JULY 22, 2019

APT34 is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries. The fake profiles asked the victims to open the weaponized excel file named ERFT-Details.

File names 88

File names Phishing Passwords Government 88

Security Affairs

NOVEMBER 30, 2018

Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. But, unlike previous incidents using POWERSTATS, the command and control (C&C) communication and data exfiltration in this case is done by using the API of a cloud file hosting provider.”

Communications 85

Communications File names Cloud Government 85

Security Affairs

AUGUST 31, 2018

Since blogging is not my business, I do write on my personal blog to share knowledge on Cyber Security, I will describe some of the main steps that took me to own the attacker infrastructure. My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Obfuscation.

Computer and Electronics 57

Computer and Electronics File names Security Access 57