Security Affairs

JUNE 12, 2020

Reseaerchers from ESET reported that Russia-linked Gamaredon APT has a new tool in its arsenal, it is a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The group targeted government and military organizations in Ukraine. Pierluigi Paganini.

Military 105

Military Phishing Government IT 105

Security Affairs

APRIL 22, 2021

Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Cellebrite develops forensics tools for law enforcement and intelligence agencies that allow automating physically extracting and indexing data from mobile devices. ” concludes the expert.

Military 90

Military Encryption Security Risk 90

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military 109

Military Government Phishing Authentication 109

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Military 95

Military Security Ransomware Insurance 95

The Last Watchdog

MAY 13, 2020

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today. One new challenge CISOs’ suddenly face is how to lock down web conferencing tools, like Zoom, Skype and Webex, without gutting their usefulness. Related: Why U.S.

Security 309

Security Cybersecurity Military Risk 309

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military 108

Military Phishing Government Security 108

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” concludes the report.

Energy and Utilities 97

Energy and Utilities Military Government Phishing 97

Security Affairs

NOVEMBER 18, 2023

The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. Since the beginning of the Russian invasion of Ukraine, the cyber espionage group has carried out multiple campaigns against Ukrainian targets.

Military 113

Military Communications IT Government 113

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 82

Military File names Archiving Phishing 82

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military 104

Military Government Phishing Access 104

Security Affairs

JUNE 26, 2022

That same day, the FBI issued an advisory warning that TRITON malware tools still remain a major threat to industrial systems around the world.” ” reported the American Military News website. ” continues the American Military News website. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Military 122

Military Cloud Government Security 122

eSecurity Planet

SEPTEMBER 16, 2021

The investigators said the advanced threat actors used a mixture of known and unique malware tools in the attack – which they dubbed Operation Harvest – to compromise the victim’s IT environment, exfiltrate the data and evade detection. PlugX, Winnti and some other custom tools all point to a group that had access to the same tools.

Military 138

Military Access Manufacturing Phishing 138

Security Affairs

DECEMBER 24, 2019

A popular mobile app in the Middle East called ToTok has been removed from both Apple and Google’s online stores because it was a spy tool. According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. appeared first on Security Affairs.

Government 61

Government Military Security IT 61

Security Affairs

NOVEMBER 5, 2021

All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The group targeted government and military organizations in Ukraine.

Military 122

Military Metadata Government Passwords 122

Security Affairs

AUGUST 15, 2021

The MoD is offering a salary of £33k to “work alongside some of the best scientists and engineers within defence and will be tasked with delivering prototype solutions directly to the soldiers and officers of a unique and specialized military unit.” ”What unique and specialised military unit is famously based in Hereford?

Military 102

Military Computer and Electronics Manufacturing Communications 102

Security Affairs

SEPTEMBER 27, 2022

The experts discovered that some APT28 tools were used to compromise the networks of Ukrainian victims, whose data was subsequently leaked on Telegram within 24 hours of wiping activity by APT28. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” Mandiant concludes. Pierluigi Paganini.

Military 85

Military Phishing Government Security 85

Security Affairs

FEBRUARY 8, 2024

The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar. agencies fear the possibility that these actors could gain access to the networks of critical infrastructure to cause disruptive effects in the event of potential geopolitical tensions and/or military conflicts.

Energy and Utilities 109

Energy and Utilities Communications Military Manufacturing 109

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military 86

Military Phishing Passwords Government 86

Security Affairs

AUGUST 13, 2020

.” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military 137

Military IoT Phishing Government 137

Security Affairs

MARCH 10, 2024

Amazon Sells Them Anyway CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack How recent cyberattacks revealed America’s infrastructure weaknesses Taiwan Military Says Hackers Sold Telecom Giant’s Data on Web CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED) CryptoChameleon: (..)

Security 87

Security Military Data breaches Ransomware 87

Security Affairs

MAY 4, 2022

Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. “Container and cloud-based resources are being abused to deploy disruptive tools. ” reported Crowdstrike.

Honeypots 110

Honeypots Military Mining Government 110

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. reads the post published by Proofpoint.

IT 91

IT Military Phishing Passwords 91

Security Affairs

FEBRUARY 4, 2022

One of the clusters analyzed by the experts was used as C2 infrastructure for a custom remote administration tool called Pterodo/Pteranodon backdoor. All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online. reads the announcement published by the SSU.

Government 81

Government Military Phishing Information Security 81

Security Affairs

OCTOBER 22, 2023

The BBC reported the case of an acquisition of a sensitive UK tech company involved in UK military supply chains. The group relies on tools built into the operating system, along with some legitimate software. ” reported BBC.

Military 129

Military Government Access Cybersecurity 129

Security Affairs

NOVEMBER 5, 2023

An arbitrage bot is a tool that allows users to profit from cryptocurrency rate differences between platforms. North Korea-linked threat actors continue to target organizations in the cryptocurrency industry to circumvent international sanctions and finance its military operations. Stage 1 (Dropper) – testSpeed.py

Blockchain 97

Blockchain Archiving Military Encryption 97

Security Affairs

AUGUST 16, 2022

The group targeted government and military organizations in Ukraine. It is distributed in a spear-phishing campaign with a weaponized office document that appears to be designed to lure military personnel. . Threat actors also used the legitimate remote desktop protocol (RDP) tools Ammyy Admin and AnyDesk for remote access.

Military 83

Military Phishing Access Government 83

Security Affairs

DECEMBER 14, 2023

JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains, a software development company known for its developer tools. The flaw impacts on-premises version 2023.05.3 and below, and JetBrains addressed the flaw with the release of version 2023.05.4.

Authentication 98

Authentication Military Access Manufacturing 98

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Players hacked during the matches of Apex Legends Global Series.

Security 99

Security Passwords Military Marketing 99

Security Affairs

JUNE 21, 2020

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP Ransomware attack disrupts operations at Australian beverage company Lion Tech firms suspend use of ‘biased facial recognition technology Accessories giant Claires is the victim of a Magecart attack, credit card data exposed Black Kingdom ransomware operators exploit Pulse VPN flaws (..)

Security 94

Security Military Ransomware Sales 94

Security Affairs

MARCH 9, 2022

APT31 is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after the Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers.

Government 89

Government Phishing Military IT 89

Security Affairs

APRIL 19, 2023

Mint Sandstorm also used custom tools in selected targets, notably organizations in the energy and transportation sectors. In the last stage of the attack, the subgroup deploys a custom malware variant, such as Drokbk or Soldier instead of using publicly available tools and simple scripts. ” concludes Microsoft.

Energy and Utilities 88

Energy and Utilities Military Education Phishing 88

Security Affairs

MARCH 13, 2022

March 10 – Crooks target Ukraine’s IT Army with a tainted DDoS tool. Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs.

Blockchain 85

Blockchain Phishing Military Passwords 85

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. The Thrip group used both custom malware and legitimate tools to hit its targets that continue to include defense contractors, telecoms companies, and satellite operators.

Military 81

Military Communications Government Education 81

Security Affairs

APRIL 19, 2024

The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar. agencies fear the possibility that these actors could gain access to the networks of critical infrastructure to cause disruptive effects in the event of potential geopolitical tensions and/or military conflicts.

Energy and Utilities 98

Energy and Utilities Communications Military Manufacturing 98

Security Affairs

JANUARY 31, 2024

Sliver 11 is an open-source adversary simulation tool that is gaining popularity among threat actors, since it provides a practical command and control framework.” Targets span across the globe, they include both small businesses and large organizations. ” reads the report published by Synacktiv.

Authentication 91

Authentication Military Communications Security 91

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” concludes Microsoft.

Military 110

Military Government Phishing Security 110

Security Affairs

MAY 3, 2022

RedFoxtrot has been active since at least 2014 and focused on gathering military intelligence from neighboring countries, it is suspected to work under the PLA China-linked Unit 69010. The cyperespionage group also uses additional tools, including an LSA notification package and the GUNTERS passive backdoor.

Security 105

Security Military Insurance Cybersecurity 105