Document, Encryption, Government and Groups - Information Management Today

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. 9, 2024, U.S. On July 28 and again on Aug.

Passwords

Passwords Phishing Access Encryption

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. The Bronze President group is targeting political and law enforcement organizations and NGOs in Asia. Attacks part of this campaign were spotted in June and July 2022. .

Government

Government Archiving Metadata Encryption

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In the latest attacks, the group sent messages using RTF documents that trick users into enabling macros.

IT

IT Phishing Military Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

Top aviation company Safran Group left itself vulnerable to cyberattacks, likely for well over a year, underlining how vulnerable big aviation firms are to threat actors, according to research by Cybernews. According to its own estimates, Safran Group ’s revenue for 2022 was above €19 billion.

Manufacturing

Manufacturing Access Risk IT

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Ransomware

Ransomware Security Agriculture Cybersecurity

Iranian Government Hacking Android

Schneier on Security

SEPTEMBER 24, 2020

It looks like the standard technique of getting the victim to open a document or application. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said.

Government

Government Encryption Access Security

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. ” The attackers use the version.dll DLL to load FoggyWeb which is stored in the encrypted file Windows.Data.TimeZones.zh-PH.pri. Follow me on Twitter: @securityaffairs and Facebook.

Encryption

Encryption Military Government Access

Russian government claims to have dismantled REvil ransomware gang

Security Affairs

JANUARY 14, 2022

Russia’s FSB announced to have dismantled the REvil ransomware gang, the infamous group behind Kaseya and JBS USA. The Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string of attacks against large organizations, such as Kaseya and JBS USA.

Ransomware

Ransomware Government Encryption Security

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

Metadata

Metadata Encryption Communications Access

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. Unsought invoice.

Ransomware

Ransomware Phishing Encryption Authentication

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

Steel “Modern cryptography management and cryptographic agility are essential for organizations of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s security group. A broad range of U.S. SandboxAQ is backed by T.

Libraries

Libraries Encryption Access Cybersecurity

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ”).

Phishing

Phishing Computer and Electronics Communications Encryption

Is the LockBit gang resuming its operation?

Security Affairs

FEBRUARY 29, 2024

Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks, after the recent law enforcement operation. The LockBit ransomware group appears to have fully recovered its operations following the recent law enforcement initiative, code-named Operation Cronos , which aimed to disrupt its activities.

IT

IT Ransomware Encryption Government

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon group.

Military

Military Government Phishing Archiving

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

Security Affairs

JULY 3, 2023

China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the cybersecurity firm Check Point. and Ukraine.

Encryption

Encryption Phishing Government Cybersecurity

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. dll), and a decoy Microsoft Word document. dll), and a decoy Microsoft Word document.

Phishing

Phishing Encryption Military Government

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. It consists of two components, the loader and the encrypted main payload. The backdoor uses AES-ECB encryption for C2 communications.

IT

IT Encryption Authentication Communications

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Croatia government agencies targeted with news SilentTrinity malware

Security Affairs

JULY 7, 2019

Croatia government agencies have been targeted by unknown hackers with a new piece of malware tracked as SilentTrinity. A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. Pierluigi Paganini.

Government

Government Computer and Electronics Archiving Phishing

Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware during an ongoing acquisition

Security Affairs

NOVEMBER 29, 2021

The Company states that the security breach did not impact its operations, it notified government authorities and engaged cybersecurity experts and its outside law firm to respond to the incident. The Company continues to operate without interruption and does not currently anticipate paying any ransom amounts to any criminal ransomware group.”

Healthcare

Healthcare Ransomware Encryption Data breaches

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. It’s a surreal experience, paging through hundreds of top-secret NSA documents. Both Greenwald and his employer, the Guardian , are careful about whom they show the documents to.

Computer and Electronics

Computer and Electronics Encryption Government Privacy

TA505 group updates tactics and expands the list of targets

Security Affairs

AUGUST 28, 2019

Recent campaigns show t hreat actors behind the Dridex and Locky malware families , the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. ” continues the report.

e-Delivery

e-Delivery Insurance Retail Government

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Security Affairs

JUNE 9, 2022

SentinelOne documented a series of attacks aimed at government, education, and telecom entities in Southeast Asia and Australia carried out by a previously undocumented Chinese-speaking APT tracked as Aoqin Dragon. “Aoqin Dragon is an active cyberespionage group that has been operating for nearly a decade.

Encryption

Encryption Education Cybersecurity Security

Lilith: The Latest Threat in Ransomware

eSecurity Planet

JULY 19, 2022

The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. The victim was a large construction group based in South America, which suggests that the hackers are aiming high – and may also be sensitive to any potential backlash from countries or law enforcement.

Ransomware

Ransomware Encryption File names Government

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The attack targeted industrial plants, design bureaus and research institutes, government agencies, ministries and departments in several East European countries (Belarus, Russia, and Ukraine), as well as Afghanistan.” The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability.

Encryption

Encryption Military Archiving Phishing

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Cybersecurity

Cybersecurity Digital transformation Computer and Electronics Encryption

FBI issued a flash alert on Lockbit ransomware operation

Security Affairs

FEBRUARY 5, 2022

The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 attempts to encrypt any data saved to any local or remote device but skips files associated with core system functions.” Like other ransomware gangs, Lockbit 2.0 ” reads the flash alert.

Ransomware

Ransomware Encryption Passwords Communications

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

Security Affairs

OCTOBER 1, 2023

The threat actors also claim to have stolen over 27 TB of corporate data and encrypted the company’s VMWare ESXi virtual machines during the attack.” According to BleepingComputer, the ransomware group is demanding $51 million to provide a decryptor, the amount of the ransom was confirmed by Malware Hunter Team researchers.

Ransomware

Ransomware Insurance Cybersecurity Encryption

Ransomware Bites Dental Data Backup Firm

Krebs on Security

AUGUST 29, 2019

-based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. PercSoft did not respond to requests for comment.

Ransomware

Ransomware Insurance Encryption Cloud

Maze ransomware operators stole data from US military contractor Westech

Security Affairs

JUNE 6, 2020

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. Threat actors first compromised the Westech’s network, then stole the documents before encrypting them. The LGM-30 Minuteman is a U.S.

Military

Military Ransomware Encryption Risk

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal” The phishing message use the subject “Azovstal” and a weaponized office document. Upon opening the attachment and enabling the macro, it will start the infection process.

Phishing

Phishing Military Ransomware Encryption

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

A criminal group called Maze has claimed responsibility.” The attack took place on March 14th, 2020, when the Maze Ransomware operators exfiltrated data from the HMR’s network and then encrypt their systems. The research firm revealed that many of the government IDs exposed in the data breach have since expired.

Ransomware

Ransomware Data breaches Encryption Financial Services

Dark Overlord hacking crew publishes first batch of confidential 9/11 files

Security Affairs

JANUARY 6, 2019

The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks. On December 31, 2018, the insurance firm confirmed that the stolen documents included information about the 9/11 events. . “What’s the takeaway? ” reads the post on Pastebin.

Insurance

Insurance Data breaches Sales Government

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. This is the third massive spear-phishing campaign that the Ukrainian government attributed to Russia-linked threat actors this year.

Phishing

Phishing Archiving Government Passwords

Cyber Packs: How They're Key to Improving the Nation's Cybersecurity

Thales Cloud Protection & Licensing

MAY 16, 2022

In a previous blog post, I discussed how The White House Executive Order issued on May 12, 2021 laid out new, rigorous government cyber security standards for federal agencies. The document requires agencies to achieve specific goals for embracing zero trust by the end of Fiscal Year (FY) 2024. Government. MFA and Encryption.

Cybersecurity

Cybersecurity Encryption Cloud Authentication

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Finisher, aka FinFisher, is a multiplatform surveillance software used by government and law enforcement agencies for their investigations, but unfortunately, it made the headlines because it was also used by oppressive regimes to spy on dissidents, activists, and Journalists. ” reads the Amnesty’s report.

Encryption

Encryption Communications IT Government

DoppelPaymer Ransomware hits City of Torrance and demands a 680K+ ransom

Security Affairs

APRIL 22, 2020

. “Based on the names of the archives, this data includes city budget financials, various accounting documents, document scans, and an archive of documents belonging to the City Manager.” The group posted files from the breach as proof. The group posted files from the breach as proof.

Ransomware

Ransomware Archiving Data breaches Encryption

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

The Last Watchdog

APRIL 13, 2021

The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Enterprises should implement email and document signing with certificates to accomplish this. Verify email. Keep high standards.

Security

Security Authentication IoT Phishing

Coca-Cola Investigating Claims that a Ransomware Gang Stole Sensitive Data

IT Governance

APRIL 28, 2022

The group have put the information up for sale on the dark web, requesting just over $64,000 (about £51,000) in bitcoin. Meanwhile, Digital Shadows Senior Cyberthreat Intelligence Analyst Chris Morgan, added: “There are screenshots reportedly highlighting documents taken from Coca Cola’s network. An unusual attack.

Ransomware

Ransomware Phishing Encryption Sales

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Russia-linked cyberespionage group APT28 uses fake NATO training documents as bait in attacks aimed at government bodies. The Russia-linked cyberespionage group APT28 is behind a string of attacks that targeting government bodies with Zebrocy Delphi malware. ” reads the report published QuoIntelligence.

Military

Military Government Encryption Communications

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

Security

Security Ransomware Encryption IoT

New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict

Security Affairs

MARCH 21, 2023

In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. The archive contained two files, a decoy document (i.e.

Agriculture

Agriculture Archiving Communications Phishing

U.S. Security Agencies Release Network Security, Vulnerability Guidance

eSecurity Planet

MARCH 4, 2022

With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too. Here’s some of the advice detailed in the document. Group similar network systems. Limit and encrypt VPNs. Network Architecture and Design.

Security

Security Authentication Cybersecurity Encryption

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Security Affairs

MAY 23, 2023

On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red Stinger), that targeted organizations in the region of the Russo-Ukrainian conflict. The APT group targeted individuals, as well as diplomatic and research organizations in the area of the conflict.

Communications

Communications Agriculture Cloud Archiving

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Webinars

Trending Sources

Donot Team cyberespionage group updates its Windows malware framework

Webinars

Key aerospace player Safran Group leaks sensitive data

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Iranian Government Hacking Android

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Russian government claims to have dismantled REvil ransomware gang

Iran’s Digital Surveillance Tools Leaked

Group-IB detects a series of ransomware attacks by OldGremlin

News alert: SandboxAQ launches new open source framework to simplify cryptography management

Russia-linked APT28 used new malware in a recent phishing campaign

Is the LockBit gang resuming its operation?

Russia-linked Gamaredon group targets Ukraine officials

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

Dark Pink APT targets Govt entities in South Asia

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Croatia government agencies targeted with news SilentTrinity malware

Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware during an ongoing acquisition

Snowden Ten Years Later

TA505 group updates tactics and expands the list of targets

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Lilith: The Latest Threat in Ransomware

Chinese actors behind attacks on industrial enterprises and public institutions

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

FBI issued a flash alert on Lockbit ransomware operation

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

Ransomware Bites Dental Data Backup Firm

Maze ransomware operators stole data from US military contractor Westech

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Maze ransomware gang discloses data from drug testing firm HMR

Dark Overlord hacking crew publishes first batch of confidential 9/11 files

Russia behind a massive spear-phishing campaign that hit Ukraine

Cyber Packs: How They're Key to Improving the Nation's Cybersecurity

Unknown FinSpy Mac and Linux versions found in Egypt

DoppelPaymer Ransomware hits City of Torrance and demands a 680K+ ransom

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

Coca-Cola Investigating Claims that a Ransomware Gang Stole Sensitive Data

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs newsletter Round 286

New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict

U.S. Security Agencies Release Network Security, Vulnerability Guidance

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Stay Connected