Security Affairs

MARCH 28, 2022

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon.

Archiving 91

Archiving CMS File names Phishing 91

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Military 81

Military File names Libraries Government 81

Security Affairs

JUNE 15, 2023

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the target networks for three months. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 80

Military File names Archiving Phishing 80

Security Affairs

NOVEMBER 20, 2018

Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state.

File names 78

File names Phishing Communications Government 78

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. The LuminousMoth campaign has been linked by the experts to a China-linked APT group tracked as HoneyMyte. ” reads the analysis published by Kaspersky. .

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

FEBRUARY 8, 2023

Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. It creates temporary files with the “ lock” and “ trash” extensions. ” Symantec concludes.

File names 78

File names Passwords Phishing Encryption 78

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

File names 87

File names Archiving Phishing Government 87

Security Affairs

SEPTEMBER 5, 2018

Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike.

Metadata 45

Metadata File names Libraries Government 45

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. That file invokes the second file, 0.zip,

Passwords 94

Passwords e-Discovery IT Cleanup 94

Security Affairs

JULY 22, 2019

The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group ( OilRig , and HelixKitten. Greenbug ) through LinkedIn. xls that was used as a dropper.

File names 87

File names Phishing Passwords Government 87

eSecurity Planet

APRIL 6, 2023

Occasionally cybersecurity officials and researchers obtain the keys or crack the encryption code and make the keys freely available, but ransomware groups will typically respond by quickly changing their encryption approach to render the keys worthless. LockBit This RaaS group has been the most active ransomware group over the last year.

Ransomware 93

Ransomware Encryption Cybersecurity Risk 93

Security Affairs

NOVEMBER 30, 2018

Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. Threat actors used PowerShell-based first stage backdoor named POWERSTATS, across the time the hackers changed tools and techniques. ” continues the experts.

Communications 83

Communications File names Cloud Government 83