Government, Groups, Security and Tools - Information Management Today

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools.

Ransomware

Ransomware Encryption Insurance Manufacturing

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

Military

Military File names Education Phishing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. 9, 2024, U.S. On July 28 and again on Aug.

Passwords

Passwords Phishing Access Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Phishing

Phishing Cloud Government Education

Group Behind WannaCry Now Using New Malware

Data Breach Today

MAY 14, 2020

CISA Warns That Lazarus Group Has Added 3 New Tools A sophisticated hacking group associated with the North Korean government that's been tied to a number of high-profile attacks, including WannaCry, is using three new malware variants, according to the U.S.

Cybersecurity

Cybersecurity Government Security

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

(USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Resecurity, Inc.

Government

Government Cybersecurity IoT Security

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. from April 29, 2018, to May 10, 2020). from April 29, 2018, to May 10, 2020).

IT

IT Government Security Information Security

Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups

The Security Ledger

DECEMBER 12, 2022

Humanitarian groups, local governments and non-profits will be able to use Cloudflare’s Zero Trust One suite of security tools at no cost, the company announced. The post Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups appeared first on The Security Ledger with Paul F.

Risk

Risk Security Government IT

Israeli Court Dismisses Complaint Against NSO Group

Data Breach Today

JULY 14, 2020

Amnesty International Accused Tech Company of Violating Human Rights An Israeli court has dismissed a petition filed by Amnesty International that sought to revoke the security export license of NSO Group, a tech firm that's been accused of selling hacking tools to governments for targeting dissidents, journalists and lawyers.

Government

Government Security

Top Code Debugging and Code Security Tools

eSecurity Planet

AUGUST 26, 2021

In fact, there are more than a few flaws present, as well as the occasional gaping security hole. Code debugging and code security tools exist to find and help developers fix the problems that occur. Such tools typically capture exceptions as they occur and provide diagnostic and contextual data to make resolution easier.

Security

Security Libraries IT Cloud

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT group that breached 70 organizations worldwide. The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities.

Government

Government Phishing Access Passwords

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Also charged with treason was Ruslan Stoyanov , then a senior employee at Russian security firm Kaspersky Lab [the Forbes.ru

Ransomware

Ransomware Government Cybersecurity Blockchain

Getting Started with Microsoft 365 Governance

AIIM

NOVEMBER 22, 2022

Now imagine cloud-based collaboration tools were never invented. There are no video meetings, digital whiteboards, or real-time document collaboration tools. The US economy took some punches during the height of the COVID pandemic, but nothing like it would have if these incredible tools didn’t exist. How does business get done?

Government

Government Information governance Cloud Compliance

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Government Phishing Access

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The group targeted government and military organizations in Ukraine. ” continues ESET.

Military

Military Phishing Government IT

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions.

IT

IT Education Cybersecurity Risk

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

Security Affairs

NOVEMBER 14, 2023

USA) protecting major Fortune 100 and government agencies globally has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Department of Homeland Security in their recently published Intelligence Enterprise Homeland Threat Assessment.

Ransomware

Ransomware Government Security Access

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

NOVEMBER 1, 2022

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.

Metadata

Metadata Encryption Communications Access

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. The APT group targets telecommunication and travel industries in the Middle East to gather intelligence on Iran’s geopolitical interests. ” continues the report.

Government

Government Cybersecurity Paper Phishing

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks.

Security

Security Passwords Cybersecurity Government

Iranian Hackers Exploiting Unpatched Vulnerabilities

Data Breach Today

SEPTEMBER 16, 2020

CISA Alert Says 'Pioneer Kitten' Group Targeting U.S. Businesses, Agencies The hacking group "Pioneer Kitten," which has suspected ties to the Iranian government, is taking advantage of several unpatched vulnerabilities and using open source tools to target U.S.

Government

Government Cybersecurity Security

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is focused on NATO member states. The group was involved also in the string of attacks that targeted 2016 Presidential election. Pierluigi Paganini.

Government

Government Military Phishing Access

Buckeye APT group used Equation Group tools prior to ShadowBrokers leak

Security Affairs

MAY 7, 2019

China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. The APT3 cyberespionage group had been active since at least 2009 and its last operation was uncovered in mid-2017. ” reads the analysis published by Symantec.

Access

Access Security IT Cybersecurity

Hacker groups support protestors in Iran using Telegram, Signal and Darkweb

Security Affairs

SEPTEMBER 30, 2022

Several hacker groups are assisting protestors in Iran using Telegram, Signal and other tools to bypass government censorship. Check Point Research (CPR) observed multiple hacker groups using Telegram, Signal and the darkweb to support protestors in Iran in bypassing regime censorship. Pierluigi Paganini.

Government

Government Communications Access Security

Previously undetected Earth Longzhi APT group is a subgroup of APT41

Security Affairs

NOVEMBER 15, 2022

Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. The new APT group used spear-phishing emails as an attack vector to deliver Earth Longhzhi’s malware.

Archiving

Archiving Passwords Metadata Insurance

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

JUNE 20, 2021

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018.

Government

Government Passwords Access Cloud

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government. government.

Government

Government Phishing Military IT

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. The Bronze President group is targeting political and law enforcement organizations and NGOs in Asia. Attacks part of this campaign were spotted in June and July 2022. Pierluigi Paganini.

Government

Government Archiving Metadata Encryption

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. “With different levels of superiority, command lines and tasking. Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Security Government

Threat Group Continuously Updates Malware to Evade Antivirus Software

eSecurity Planet

NOVEMBER 7, 2022

Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Can Security Tools Stop Evolving Threats? Clearly, companies and individuals should not rely exclusively on built-in security.

Security awareness

Security awareness Phishing Passwords Risk

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Government

Government Privacy IT Security

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. with the new PowerExchange backdoor.

Communications

Communications File names Archiving Phishing

Information Governance – 3 Common Pitfalls and How to Avoid Them

AIIM

SEPTEMBER 7, 2021

What is Information Governance, and Why is it Important? There are many benefits to constructing an Information Governance program plan. How to Avoid Information Governance Pitfalls. Vendor-neutral research, or case studies, can be valuable tools when communicating with internal decision-makers.

Information governance

Information governance Government Communications Education

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. The tools have no code similarities with any known tool used by other threat actors. All the tools connect to the same infrastructure, which is associated with China-linked APT ToddyCat.

Government

Government IT Encryption Libraries

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

Government

Government Mining Archiving Encryption

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . These malware strains did not present any similarities with malware associated with other APT groups.

Cybersecurity

Cybersecurity Government Education Security

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Security Affairs

MARCH 31, 2023

Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. The threat actors created bespoke JavaScript payloads designed for each government targets’ webmail portal. TA473’s cyber operations align with the support of Russian and/or Belarussian geopolitical goals.

Military

Military Phishing Passwords Government

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Cleanup

Cleanup Cybersecurity Government Cloud

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. government. ” reads the report published by Lookout.

File names

File names Libraries Cybersecurity IT

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. “Staying off the radar is not a group priority.

Military

Military Metadata Government Passwords

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Military

Military Security Ransomware Insurance

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Webinars

Trending Sources

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Webinars

China-linked APT41 group spotted using open-source red teaming tool GC2

Group Behind WannaCry Now Using New Malware

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Cloudflare Targets Security Poverty Line With Free Tools For At-Risk Groups

Israeli Court Dismisses Complaint Against NSO Group

Top Code Debugging and Code Security Tools

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Earth Krahang APT breached tens of government organizations worldwide

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Getting Started with Microsoft 365 Governance

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Gamaredon group uses a new Outlook tool to spread malware

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

Iran’s Digital Surveillance Tools Leaked

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

China-linked APT groups targets orgs via Pulse Secure VPN devices

Iranian Hackers Exploiting Unpatched Vulnerabilities

Russian APT groups target European governments ahead of May Elections

Buckeye APT group used Equation Group tools prior to ShadowBrokers leak

Hacker groups support protestors in Iran using Telegram, Signal and Darkweb

Previously undetected Earth Longzhi APT group is a subgroup of APT41

Norway blames China-linked APT31 for 2018 government hack

Google blocked China-linked APT31’s attacks targeting U.S. Government

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Threat Group Continuously Updates Malware to Evade Antivirus Software

Pegasus Project – how governments use Pegasus spyware against journalists

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Raspberry Robin malware used in attacks against Telecom and Governments

New PowerExchange Backdoor linked to an Iranian APT group

Information Governance – 3 Common Pitfalls and How to Avoid Them

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

APT hacked a US municipal government via an unpatched Fortinet VPN

Purple Lambert, a new malware of CIA-linked Lambert APT group

Russian APT group Winter Vivern targets email portals of NATO and diplomats

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected