Security Affairs

FEBRUARY 16, 2024

Russia-linked APT group Turla has been spotted targeting Polish non-governmental organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked cyberespionage group Turla has been spotted using a new backdoor dubbed TinyTurla-NG in attacks aimed at Polish non-governmental organizations.

CMS 113

CMS File names Passwords Access 113

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.” Pierluigi Paganini.

Government 124

Government File names Passwords Phishing 124

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. ” continues Symantec. Pierluigi Paganini.

Military 85

Military File names Libraries Government 85

Security Affairs

FEBRUARY 3, 2023

The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). The government experts pointed out that the threat actor continues to evolve its TTPs to avoid detection.

File names 96

File names Archiving Phishing Government 96

Security Affairs

JUNE 15, 2023

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the target networks for three months. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 91

Military File names Archiving Phishing 91

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. The attacks have been attributed to the Russia-linked FancyBear group (aka APT28) and the Belarus-linked Ghostwriter (aka UNC1151) APT group. ” wrote Shane Huntley, Google’s TAG lead. .

Military 100

Military Phishing File names Government 100

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware 123

Ransomware File names Encryption Government 123

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names 135

File names Financial Services Manufacturing Libraries 135

Security Affairs

MAY 23, 2023

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, which has been active since 2019.

File names 90

File names Government Communications IT 90

Security Affairs

NOVEMBER 20, 2018

Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Pierluigi Paganini.

File names 80

File names Phishing Communications Government 80

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon.

Archiving 97

Archiving CMS File names Phishing 97

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. The LuminousMoth campaign has been linked by the experts to a China-linked APT group tracked as HoneyMyte. ” reads the analysis published by Kaspersky. .

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

FEBRUARY 8, 2023

Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. It creates temporary files with the “ lock” and “ trash” extensions. ” Symantec concludes.

File names 89

File names Passwords Phishing Encryption 89

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

File names 95

File names Archiving Phishing Government 95

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. New #ransomware #BlackSuit targets Windows, #Linux. Extension: blacksuit.

Ransomware 98

Ransomware Encryption File names Cybersecurity 98

National Archives Records Express

JUNE 12, 2023

Depending on existing recordkeeping practices and level of intellectual control, information from the project, record series, file unit, or item level can be used. If individual components of a record lack unique descriptions, the series or file unit-level descriptions should be applied to all image files within that grouping.

Metadata 109

Metadata Digital transformation File names Archiving 109

eSecurity Planet

JULY 19, 2022

The victim was a large construction group based in South America, which suggests that the hackers are aiming high – and may also be sensitive to any potential backlash from countries or law enforcement. Official recommendations by security agencies and governments will likely discourage the victims from paying any ransom.

Ransomware 109

Ransomware Encryption File names Government 109

The Texas Record

JUNE 26, 2023

Consistency Choose file naming conventions and stick with them. For example, unless an abbreviation is known and widely used, avoid using it in folder or file names. A consistent approach with folder structure and file naming means there is less need for individual interpretation. Be consistent.

Cleanup 40

Cleanup File names ROT Access 40

Security Affairs

MAY 19, 2021

Government experts speculate the two attacks are part of the same campaign targeting the Irish health sector. The malware involved in the attack is Conti Ransomware v3 (32 bit), which attempted to encrypt all files with the exception of the following file names: – CONTI_LOG.txt – readme.txt – *.FEEDC

Ransomware 88

Ransomware Encryption File names IoT 88

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. million rows of data.

Archiving 96

Archiving File names Access Authentication 96

Security Affairs

SEPTEMBER 5, 2018

Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike.

Metadata 49

Metadata File names Libraries Government 49

IT Governance

NOVEMBER 17, 2022

Australia’s Home Affairs Minister Clare O’Neil rushed to Medibank’s defence , praising the organisation for refusing to pay the criminal’s ransom, while calling the group responsible “scumbags” and “disgraceful human beings”. The first was damaging enough, containing patients’ names, addresses and birthdates. From bad to worse.

IT 107

IT Ransomware Security Data breaches 107

Security Affairs

SEPTEMBER 13, 2023

While ShadowPad is known to be part of the arsenal of multiple China-linked APT groups, the TTPs observed in the attack on the national power grid overlap with previously reported attacks linked to the Chinese APT41 group. The attack is the latest in a series of intrusions against CNI targets. In May 2023, the U.S.,

File names 118

File names Access Encryption Communications 118

Info Source

JUNE 24, 2019

Mekel Technology scanners are utilized in service bureaus, libraries with large public and private collections, archives, utilities, financial institutions, engineering firms, government offices, courts and many other record-keeping organizations. Mekel 2.0,

Archiving 40

Archiving File names Marketing Manufacturing 40

Unwritten Record

OCTOBER 5, 2021

The Still Picture Branch at the National Archives and Records Administration (NARA) accessions new photographic records from various Government agencies every year. Accessing File Metadata on a PC. Select the file you would like to review in “File Explorer.”. Right click the file name and select “Properties.”.

Metadata 51

Metadata Archiving Access File names 51

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. That file invokes the second file, 0.zip,

Passwords 98

Passwords e-Discovery IT Cleanup 98

eSecurity Planet

APRIL 6, 2023

Occasionally cybersecurity officials and researchers obtain the keys or crack the encryption code and make the keys freely available, but ransomware groups will typically respond by quickly changing their encryption approach to render the keys worthless. LockBit This RaaS group has been the most active ransomware group over the last year.

Ransomware 88

Ransomware Encryption Cybersecurity Risk 88

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. It would be important for detection and even for preemptive blocking.

Computer and Electronics 97

Computer and Electronics File names Cybersecurity IT 97

Security Affairs

JULY 22, 2019

The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group ( OilRig , and HelixKitten. Greenbug ) through LinkedIn. xls that was used as a dropper.

File names 93

File names Phishing Passwords Government 93

Security Affairs

MAY 2, 2019

Context: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

Computer and Electronics 92

Computer and Electronics Communications Government File names 92

Security Affairs

NOVEMBER 30, 2018

Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. Threat actors used PowerShell-based first stage backdoor named POWERSTATS, across the time the hackers changed tools and techniques. ” continues the experts.

Communications 89

Communications File names Cloud Government 89

Security Affairs

AUGUST 31, 2018

I will not disclose the found Malware code nor the Malware Command and Control code nor details on attacker’s group since I won’t put on future attackers new Malware source code ready to be used. My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip”

Computer and Electronics 63

Computer and Electronics File names Security Access 63

Troy Hunt

OCTOBER 19, 2017

On March 14 this year, someone sent me a 27GB file called "masterdeeds.sql" which was a MySQL database backup file. There was nothing immediately remarkable about it; there was no clear indication of a source (many similar examples include the source website in the file name) and there were "only" 2.2

Data breaches 83

Data breaches Personal data Government IT 83