Security Affairs

DECEMBER 7, 2023

Russia-linked group APT28 exploited Microsoft Outlook zero-day to target European NATO members, including a NATO Rapid Deployable Corps. Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military.

Military 111

Military Government Phishing Authentication 111

Security Affairs

SEPTEMBER 27, 2022

Researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the GRU. Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the Russian Main Intelligence Directorate (GRU).

Military 90

Military Phishing Government Security 90

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government. government.

Government 93

Government Phishing Military IT 93

Security Affairs

NOVEMBER 5, 2021

Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. “Staying off the radar is not a group priority.

Military 122

Military Metadata Government Passwords 122

Security Affairs

FEBRUARY 4, 2022

The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government 86

Government Military Phishing Information Security 86

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems. ” reads the report.

Military 111

Military Phishing Government Security 111

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities 99

Energy and Utilities Military Government Phishing 99

Security Affairs

JUNE 23, 2022

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. The final payload encoded in the image is TClient, which is a backdoor that was used by the Tropic Trooper APT group in past campaigns. The attack aims at making the device unusable. ” the researchers concluded.

Military 104

Military Encryption Passwords IT 104

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Military 97

Military Security Ransomware Insurance 97

Security Affairs

MARCH 16, 2021

Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). ” reads the post published by Microsoft.

Military 99

Military Manufacturing Access Security 99

Security Affairs

NOVEMBER 18, 2023

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) has been active since 2014 and its activity focuses on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo.

Military 115

Military Communications IT Government 115

Security Affairs

JUNE 15, 2023

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the target networks for three months. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 87

Military File names Archiving Phishing 87

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. ” concluded Symantec.

Military 83

Military File names Libraries Government 83

Security Affairs

SEPTEMBER 9, 2019

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia.

Military 83

Military Communications Government Education 83

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities 111

Energy and Utilities Communications Military Manufacturing 111

Threatpost

JANUARY 13, 2022

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.

Military 86

Military IT Government Security 86

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. “Once NOBELIUM obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools.

Encryption 89

Encryption Military Government Access 89

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. The sanctioned entities conducted operations to steal funds to support the military strategy of the regime.

Government 86

Government Military Financial Services IT 86

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities 100

Energy and Utilities Communications Military Manufacturing 100

Security Affairs

OCTOBER 7, 2018

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Military targets in Europe.

Military 91

Military Government Phishing Security 91

Security Affairs

OCTOBER 22, 2023

Chinese cyber espionage aims at obtaining commercial secrets and intellectual property to advantage the government of Beijing. The espionage activity used different means to conceal the involvement of the Chinese government, including financial investments. ” reported BBC.

Military 131

Military Government Access Cybersecurity 131

Security Affairs

JUNE 26, 2022

A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. Department of Justice brought charges against four Russian nationals suspected of using TRITON malware in cyber attacks on behalf of the Russian government between 2012 and 2018.

Military 119

Military Cloud Government Security 119

Schneier on Security

APRIL 28, 2022

However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions. […].

Military 88

Military Government IT 88

Security Affairs

APRIL 8, 2022

Microsoft obtained a court order to take over seven domains used by the Russia-linked APT28 group to target Ukraine. Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine.

Military 112

Military Government Phishing Security 112

IT Governance

MARCH 8, 2022

The Ukrainian government and its military were targeted by DDoS (distributed denial-of-service) attacks, while a pro-Ukrainian group attacked the Belarusian railway system with ransomware after discovering that it was being used by Russia to transport tanks and weapons. Beware of remote access takeover scams. Get started.

Phishing 144

Phishing Military Access Education 144

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Military 135

Military IoT Phishing Government 135

The Last Watchdog

SEPTEMBER 21, 2023

The program also commits to providing free training for transitioning military, first responders, veterans, military spouses, women, underrepresented minorities, and government personnel. factories with the digital tools, cybersecurity, and workforce expertise needed to begin building every part better than the last.

Cybersecurity 147

Cybersecurity Manufacturing Military Artificial Intelligence 147

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats.

IT 94

IT Military Phishing Passwords 94

Security Affairs

FEBRUARY 23, 2022

Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. National Security Agency (NSA) Equation Group. The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization.

Encryption 114

Encryption Military Archiving Government 114

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security 102

Security Passwords Military Marketing 102

Security Affairs

AUGUST 16, 2022

Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm , Actinium , Armageddon , Primitive Bear , and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.

Military 88

Military Phishing Access Government 88

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. “The Sofacy threat group continues to carry out attacks using their Zebrocy tool.

Military 92

Military Data collection Phishing Government 92

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The group rapidly weaponized N-day vulnerabilities in popular enterprise applications by using publicly disclosed POCs. ” reads the report published by Microsoft.

Energy and Utilities 92

Energy and Utilities Military Education Phishing 92

Security Affairs

APRIL 26, 2023

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group (aka GALLIUM , Softcell ) targeting Linux systems with a new variant of PingPull backdoor. softether[.]net

Communications 97

Communications Military Government Libraries 97

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs.

Military 135

Military Phishing Passwords Government 135

Security Affairs

MAY 28, 2020

The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. ” Back in 2013, the security researchers at FireEye spotted a group of China-Linked hackers that conducted an espionage campaign on foreign affairs ministries in Europe. Pierluigi Paganini.

IT 66

IT Military Communications Security 66

Security Affairs

APRIL 19, 2023

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military 90

Military Access Cybersecurity Education 90