File names, IT and Military - Information Management Today

File names

Military

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions. GooseEgg is usually deployed with a batch script, commonly named execute.bat or doit.bat. This script creates a file named servtask.bat, which includes commands for saving or compressing registry hives.

Military

Military File names Education Phishing

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military

Military File names Archiving Phishing

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Trending Sources

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military

Military Phishing File names Archiving

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals.

Military

Military Phishing File names Government

Russia-linked Cyclops Blink botnet targeting ASUS routers

Security Affairs

MARCH 18, 2022

“Our data also shows that although Cyclops Blink is a state-sponsored botnet, its C&C servers and bots affect WatchGuard Firebox and Asus devices that do not belong to critical organizations, or those that have an evident value on economic, political, or military espionage.” ” reads the advisory published by TrendMicro.

IoT

IoT Military File names Communications

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” ” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.

Archiving

Archiving CMS File names Phishing

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Libraries Government

SWEED targets precision engineering companies in Italy

Security Affairs

OCTOBER 28, 2019

Precision engineering is a very important business market in Europe, it includes developing mechanical equipment for: automotive, railways, heavy industries and military grade technology. The code execution implements a romantic Drop and Execute code by dropping a Windows PE file from: http[://mail.hajj.zeem.sa/wp-admin/edu/educrety.exe

Passwords

Passwords Encryption File names Military

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

During recent times, Gamaredon is targeting the Ukrainian military and law enforcement sectors too, as officially stated by the CERT-UA. At first glance, it is possible to notice the PowerPoint icon associated to the file, normally not belonging to.scr files. Information about second SFX file. Content of malicious e-mail.

Archiving

Archiving Passwords File names Military

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

MARCH 28, 2019

DLL, handles the extraction of files compressed in ACE data format. The experts pointed out that WinRAR determines the file format by analyzing its content and not the extension, this means that an attacker can change the.ace extension to.rar extension to trick the victims. The issue affects a third-party library, called UNACEV2.DLL

Archiving

Archiving File names Education Libraries

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Webinars

Trending Sources

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Webinars

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Russia-linked Cyclops Blink botnet targeting ASUS routers

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

New Gallmaker APT group eschews malware in cyber espionage campaigns

SWEED targets precision engineering companies in Italy

A month later Gamaredon is still active in Eastern Europe

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Stay Connected