Security Affairs

FEBRUARY 16, 2024

Russia-linked APT group Turla has been spotted targeting Polish non-governmental organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked cyberespionage group Turla has been spotted using a new backdoor dubbed TinyTurla-NG in attacks aimed at Polish non-governmental organizations.

CMS 105

CMS File names Passwords Access 105

Security Affairs

FEBRUARY 3, 2023

The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). The government experts pointed out that the threat actor continues to evolve its TTPs to avoid detection.

File names 90

File names Archiving Phishing Government 90

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.” Pierluigi Paganini.

Government 116

Government File names Passwords Phishing 116

Security Affairs

JUNE 15, 2023

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the target networks for three months. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 83

Military File names Archiving Phishing 83

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. ” continues Symantec. Pierluigi Paganini.

Military 82

Military File names Libraries Government 82

Security Affairs

MAY 23, 2023

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, which has been active since 2019.

File names 81

File names Government Communications IT 81

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Pierluigi Paganini.

Ransomware 116

Ransomware File names Encryption Government 116

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names 129

File names Financial Services Manufacturing Libraries 129

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. The attacks have been attributed to the Russia-linked FancyBear group (aka APT28) and the Belarus-linked Ghostwriter (aka UNC1151) APT group. ” wrote Shane Huntley, Google’s TAG lead. .

Military 93

Military Phishing File names Government 93

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. Pierluigi Paganini.

Archiving 93

Archiving CMS File names Phishing 93

Security Affairs

NOVEMBER 20, 2018

Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Pierluigi Paganini.

File names 77

File names Phishing Communications Government 77

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

File names 89

File names Archiving Phishing Government 89

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. The LuminousMoth campaign has been linked by the experts to a China-linked APT group tracked as HoneyMyte. ” reads the analysis published by Kaspersky. .

Archiving 98

Archiving File names Government Libraries 98

IT Governance

NOVEMBER 17, 2022

Australia’s Home Affairs Minister Clare O’Neil rushed to Medibank’s defence , praising the organisation for refusing to pay the criminal’s ransom, while calling the group responsible “scumbags” and “disgraceful human beings”. Things got worse for Medibank after a second database was leaked , containing a file named “abortions”.

IT 107

IT Ransomware Security Data breaches 107

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. New #ransomware #BlackSuit targets Windows, #Linux. Extension: blacksuit.

Ransomware 94

Ransomware Encryption File names Cybersecurity 94

Security Affairs

FEBRUARY 8, 2023

Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. It creates temporary files with the “ lock” and “ trash” extensions. ” Symantec concludes.

File names 80

File names Passwords Phishing Encryption 80

National Archives Records Express

JUNE 12, 2023

Access restrictions include national security considerations, donor restrictions, court orders, and other statutory or regulatory provisions. Depending on existing recordkeeping practices and level of intellectual control, information from the project, record series, file unit, or item level can be used.

Metadata 109

Metadata Digital transformation File names Archiving 109

eSecurity Planet

JULY 19, 2022

The victim was a large construction group based in South America, which suggests that the hackers are aiming high – and may also be sensitive to any potential backlash from countries or law enforcement. Official recommendations by security agencies and governments will likely discourage the victims from paying any ransom.

Ransomware 114

Ransomware Encryption File names Government 114

Security Affairs

MAY 19, 2021

“The National Cyber Security Centre (NCSC) became aware on Thursday of an attempted cyber attack on the Department of Health. ” The National Cyber Security Centre (NCSC) also published an alert titled “Ransomware Attack on Health Sector” that included technical details on the attack. Pierluigi Paganini.

Ransomware 85

Ransomware Encryption File names IoT 85

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. million rows of data.

Archiving 91

Archiving File names Access Authentication 91

Security Affairs

SEPTEMBER 5, 2018

Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike. Pierluigi Paganini.

Metadata 45

Metadata File names Libraries Government 45

Security Affairs

SEPTEMBER 13, 2023

While ShadowPad is known to be part of the arsenal of multiple China-linked APT groups, the TTPs observed in the attack on the national power grid overlap with previously reported attacks linked to the Chinese APT41 group. The attack is the latest in a series of intrusions against CNI targets. In May 2023, the U.S.,

File names 113

File names Access Encryption Communications 113

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. That file invokes the second file, 0.zip,

Passwords 96

Passwords e-Discovery IT Cleanup 96

eSecurity Planet

APRIL 6, 2023

Occasionally cybersecurity officials and researchers obtain the keys or crack the encryption code and make the keys freely available, but ransomware groups will typically respond by quickly changing their encryption approach to render the keys worthless. LockBit This RaaS group has been the most active ransomware group over the last year.

Ransomware 93

Ransomware Encryption Cybersecurity Risk 93

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. I am a computer security scientist with an intensive hacking background. About the author: Marco Ramilli, Founder of Yoroi.

Computer and Electronics 95

Computer and Electronics File names Cybersecurity IT 95

Security Affairs

JULY 22, 2019

The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group ( OilRig , and HelixKitten. Greenbug ) through LinkedIn. xls that was used as a dropper.

File names 87

File names Phishing Passwords Government 87

Security Affairs

MAY 2, 2019

Context: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

Computer and Electronics 86

Computer and Electronics Communications Government File names 86

Security Affairs

NOVEMBER 30, 2018

Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. ” continues the experts. Pierluigi Paganini.

Communications 85

Communications File names Cloud Government 85

Security Affairs

AUGUST 31, 2018

Since blogging is not my business, I do write on my personal blog to share knowledge on Cyber Security, I will describe some of the main steps that took me to own the attacker infrastructure. My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Obfuscation.

Computer and Electronics 56

Computer and Electronics File names Security Access 56

Troy Hunt

OCTOBER 19, 2017

I'm an independent Australian (I have a Microsoft Regional Director title but RDs don't actually work for Microsoft ) and I specialise in security training folks who build online systems. On March 14 this year, someone sent me a 27GB file called "masterdeeds.sql" which was a MySQL database backup file.

Data breaches 83

Data breaches Personal data Government IT 83