Groups, Military, Security and Tools - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

Military

Military File names Education Phishing

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. Organizations targeted by the group were located in multiple countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand.

Military

Military Passwords Government Security

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Government Phishing Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The group targeted government and military organizations in Ukraine. ” continues ESET.

Military

Military Phishing Government IT

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military

Military Communications Libraries Encryption

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines. Chinese APT group Tropic Trooper, aka KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines, Trend Micro researchers reported. ” continues the report.

Military

Military Government IT Security

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Military

Military Security Ransomware Insurance

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

Researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the GRU. Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the Russian Main Intelligence Directorate (GRU).

Military

Military Phishing Government Security

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 10, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Military Data breaches Ransomware

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Security Affairs

MARCH 31, 2023

Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. The goal of this activity is assessed to be gaining access to the emails of military, government, and diplomatic organizations across Europe involved in the Russia Ukrainian War.”

Military

Military Phishing Passwords Government

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. “Staying off the radar is not a group priority.

Military

Military Metadata Government Passwords

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

The investigators said the advanced threat actors used a mixture of known and unique malware tools in the attack – which they dubbed Operation Harvest – to compromise the victim’s IT environment, exfiltrate the data and evade detection. Chinese-Linked APT Groups Likely Suspects. Beek wrote. Beek wrote. “We

Military

Military Access Manufacturing Phishing

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Russia-linked group APT28 exploited Microsoft Outlook zero-day to target European NATO members, including a NATO Rapid Deployable Corps. Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military.

Military

Military Government Phishing Authentication

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. The final payload encoded in the image is TClient, which is a backdoor that was used by the Tropic Trooper APT group in past campaigns. The attack aims at making the device unusable. ” the researchers concluded.

Military

Military Encryption Passwords IT

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). ” reads the post published by Microsoft.

Military

Military Manufacturing Access Security

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems. ” reads the report.

Military

Military Phishing Government Security

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Threatpost

DECEMBER 30, 2021

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.

Military

Military Security

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience?

Security

Security Passwords Military Marketing

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. The North Korean regime is known to use stolen cryptocurrencies to fund its military and other state projects.

Phishing

Phishing Blockchain Military Passwords

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Security Affairs

NOVEMBER 18, 2023

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) has been active since 2014 and its activity focuses on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo.

Military

Military Communications IT Government

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Being Used to Phish So Many of Us?

Security

Security Ransomware Data breaches IoT

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Pierluigi Paganini.

Security

Security Military Insurance Cybersecurity

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the target networks for three months. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military

Military File names Archiving Phishing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

Energy and Utilities

Energy and Utilities Military Government Phishing

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The activity of the Russia-linked groups is focused on NATO member states. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Government

Government Military Phishing Access

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

Threatpost

JANUARY 13, 2022

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.

Military

Military IT Government Security

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. “Once NOBELIUM obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools.

Encryption

Encryption Military Government Access

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia.

Military

Military Communications Government Education

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. ” concluded Symantec.

Military

Military File names Libraries Government

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Security Affairs newsletter Round 269

Security Affairs

JUNE 21, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 269 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Military Ransomware Sales

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

Security Affairs

JUNE 26, 2022

A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. That same day, the FBI issued an advisory warning that TRITON malware tools still remain a major threat to industrial systems around the world.” “On March 24 the U.S.

Military

Military Cloud Government Security

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Military targets in Europe.

Military

Military Government Phishing Security

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! billion rubles.

Security

Security Computer and Electronics Ransomware Marketing

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Security Affairs

DECEMBER 14, 2023

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September 2023. Experts warn that the Russia-linked APT29 group has been observed targeting JetBrains TeamCity servers to gain initial access to the targets’ networks. The group used WMIC to facilitate lateral movement.

Authentication

Authentication Military Access Manufacturing

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. ” reads the report.

Blockchain

Blockchain Archiving Military Encryption

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

During a meeting of security chiefs of the Five Eyes alliance held in California, McCallum told BBC that the Chinese cyber espionage reached an epic scale. The BBC reported the case of an acquisition of a sensitive UK tech company involved in UK military supply chains. ” reported BBC.

Military

Military Government Access Cybersecurity

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Military

Military IoT Phishing Government

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

As a part of this effort, each organization made the following commitments: MxD , in collaboration with the University of Maryland, Baltimore County, created the Cybersecurity for Manufacturing Operational Technology (CyMOT) program to increase the security of U.S. million NSA expansion grant funds this effort. manufacturing.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. National Security Agency (NSA) Equation Group. The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization.

Encryption

Encryption Military Archiving Government

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The group rapidly weaponized N-day vulnerabilities in popular enterprise applications by using publicly disclosed POCs. ” reads the report published by Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The goal of this activity is assessed to be gaining access to the emails of military, government, and diplomatic organizations across Europe involved in the Russia Ukrainian War.”

IT

IT Military Phishing Passwords

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Webinars

Trending Sources

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Webinars

Gamaredon group uses a new Outlook tool to spread malware

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Calendar Meeting Links Used to Spread Mac Malware

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

China-linked Moshen Dragon abuses security software to sideload malware

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Russian APT groups target European governments ahead of May Elections

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Symantec uncovered the link between China-Linked Thrip and Billbug groups

New Gallmaker APT group eschews malware in cyber espionage campaigns

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs newsletter Round 269

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

FBI and NSA joint report details APT28’s Linux malware Drovorub

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Stay Connected