article thumbnail

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

article thumbnail

Maze ransomware operators stole data from US military contractor Westech

Security Affairs

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. Threat actors first compromised the Westech’s network, then stole the documents before encrypting them. The LGM-30 Minuteman is a U.S. Pierluigi Paganini.

Military 109
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer , NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. F**k the Russian Military.

article thumbnail

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In the latest attacks, the group sent messages using RTF documents that trick users into enabling macros.

IT 96
article thumbnail

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. ” The attackers use the version.dll DLL to load FoggyWeb which is stored in the encrypted file Windows.Data.TimeZones.zh-PH.pri. Follow me on Twitter: @securityaffairs and Facebook.

article thumbnail

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

article thumbnail

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. National Security Agency (NSA) Equation Group. The name “ Bvp47 ” comes form numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm.