Information Management Today

Phishing in the Service of Espionage

KnowBe4

JANUARY 9, 2023

The group is circumstantially but convincingly linked to Russian intelligence services (possibly the FSB, although that's unclear) through its Russophone operations and the location of at least one of its personnel in the northern city of Syktyvkar, capital of the Komi region.

Phishing

Phishing IT

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The threat actors used the botnet harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools. The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. ” reported Trend Micro. ” reported Trend Micro.

Healthcare

Healthcare Phishing e-Discovery Mining

Phishing Attacks Traced to Indian Commercial Espionage Firm

Data Breach Today

JUNE 9, 2020

Researchers at Citizen Lab Accuse Indian Firm of Criminal Hacking for Hire Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services. It's led by Sumit Gupta, who was indicted by the U.S.

Phishing

Phishing Cybersecurity IT

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC. A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches

Data breaches Security MDM Ransomware

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 8, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Phishing

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). For about two hours starting around 5 p.m. Image: Escrow.com.

Phishing

Phishing Encryption Passwords Sales

Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor

Security Affairs

JULY 28, 2023

The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor called GraphicalProton. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor called GraphicalProton. ” continues the report.

Phishing

Phishing Government Sales Communications

China-linked RedAlpha behind multi-year credential theft campaign

Security Affairs

AUGUST 17, 2022

Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of China. Experts also noticed that the attackers used domains spoofing major email and storage service providers like Yahoo (135 typosquat domains), Google (91 typosquat domains), and Microsoft (70 typosquat domains).

Phishing

Phishing Information Security Government Communications

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

They are each charged with three counts of conspiracy to commit computer fraud, economic espionage and wire fraud. They are each charged with three counts of conspiracy to commit computer fraud, economic espionage and wire fraud. The nine-count indictment names Wu Zhiyong (???), Wang Qian (??), and Liu Lei (??)

Military

Military Phishing Government Sales

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Security Affairs

AUGUST 13, 2020

Threat Intel firm Group-IB has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage. This could indicate that RedCurl’s attacks might have been commissioned for the purpose of corporate espionage. From Russia to Canada.

Cloud

Cloud Phishing Analytics Access

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

’ This firewall even goes as far as to block the latest versions of the encryption service TLS (v1.3) As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. Related: How China challenged Google in Operation Aurora.

Passwords

Passwords Access Cloud Government

Types of cyberthreats

IBM Big Data Hub

SEPTEMBER 1, 2023

Learn more about malware Social engineering and phishing Frequently referred to as “human hacking,” social engineering manipulates targets into taking actions that expose confidential information, threaten their own or their organization’s financial well-being, or otherwise compromise personal or organizational security.

Phishing

Phishing Passwords IoT Cybersecurity

Costaricto APT: Cyber mercenaries use previously undocumented malware

Security Affairs

NOVEMBER 12, 2020

“During the past six months, the BlackBerry Research and Intelligence team have been monitoring a cyber-espionage campaign that is targeting disparate victims around the globe.” ” reads the analysis published by BlackBerry. ” reads the analysis published by BlackBerry.

Phishing

Phishing Ransomware Marketing IT

Kimsuky APT poses as journalists and broadcast writers in its attacks

Security Affairs

JUNE 3, 2023

Some targeted entities may discount the threat posed by these social engineering campaigns, either because they do not perceive their research and communications as sensitive in nature, or because they are not aware of how these efforts fuel the regime’s broader cyber espionage efforts. A joint advisory from the FBI, the U.S.

IT

IT Phishing Systems administration Communications

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

The attackers carried out both phishing campaigns and DDoS attacks. This activity ranges from espionage to phishing campaigns.” ” FancyBear has conducted several large credential phishing campaigns aimed at the users of Ukrainian media company UkrNet. ” wrote Shane Huntley, Google’s TAG lead. .”

Military

Military Phishing File names Government

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft’s Threat Intelligence is warning of Russia-linked cyber-espionage group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.

Military

Military Government Phishing Access

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Military Phishing Sales

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Phishing Authentication

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries.

Phishing

Phishing Education Security IT

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Related: Cyber espionage is in a Golden Age. The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. allied countries, and businesses steadily increases.

Cybersecurity

Cybersecurity Military Passwords Education

China-linked TA413 group targets Tibetan entities with new backdoor

Security Affairs

SEPTEMBER 26, 2022

Experts noticed that the threat actors have regularly reused phishing email sender addresses for up to several years (such as tseringkanyaq@yahoo[.]com Experts noticed that the threat actors have regularly reused phishing email sender addresses for up to several years (such as tseringkanyaq@yahoo[.]com com and mediabureauin@gmail[.]com),

Phishing

Phishing Access Security IT

Barracuda ESG zero-day exploited by China-linked APT

Security Affairs

JUNE 15, 2023

“Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors.” ” reads the report published by Mandiant. reads the update provided by the company.

Access

Access Security Phishing IT

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 13, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Honeypots Artificial Intelligence

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Security Affairs

JULY 15, 2023

The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. Since the beginning of the Russian invasion of Ukraine, the cyber espionage group has carried out multiple campaigns against Ukrainian targets.

Military

Military Phishing Government Security

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military

Military File names Archiving Phishing

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Vietnam-linked APT group APT32 , also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on the COVID-19 crisis.

Agriculture

Agriculture IT Retail Manufacturing

Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT

Security Affairs

SEPTEMBER 27, 2020

Microsoft announced this week to have removed 18 Azure Active Directory applications from its Azure portal that were created by a China-linked cyber espionage group tracked as APT group Gadolinium (aka APT40 , or Leviathan ). ” states Microsoft’s report. . ” states Microsoft’s report. ” continues the analysis.

Cloud

Cloud Phishing IT Security

Russian Gamaredon APT is targeting Ukraine since October

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. Palo Alto Network experts mapped out three large clusters of the infrastructure used by the nation-state APT group used to support different phishing and malware campaigns.

Military

Military Phishing Government Security

Russia-linked Cold River APT targeted US nuclear research laboratories

Security Affairs

JANUARY 9, 2023

Threat actors created fake login pages for each organization and sent spear-phishing messages to nuclear scientists in an attempt to trick them into providing their passwords. In March 2022, the Google Threat Analysis Group (TAG) spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine.

Military

Military Phishing Cybersecurity Passwords

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Security Affairs

AUGUST 29, 2023

Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors.” reads the report published by Mandiant. reads the report published by Mandiant.

Government

Government Access Security Cybersecurity

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV Date of breach: 19 September 2013 (AlphV uploaded first part of data to its website on 19 October 2023). International Criminal Court says cyberattack was attempted espionage Date of breach: 19 September 2023 ( update on 20 October 2023).

Data Privacy

Data Privacy Privacy Security Data breaches

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. TA453 also employed multi-persona impersonation in its unending espionage quest.”

Archiving

Archiving Cloud File names Metadata

Dark Basin, a hack-for-hire group that remained under the radar for 7 years

Security Affairs

JUNE 11, 2020

Dark Basin is a group of cyber mercenaries that conducted commercial espionage for its customers, the researchers from Citizen Lab linked it to BellTroX InfoTech Services (“ BellTroX ”), an Indian technology company. Citizen Lab first uncovered the activity of the group in 2017 while investigating phishing attacks against a journalist.

Phishing

Phishing Communications Government IT

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

“The TA also provides additional services such as a web panel for managing victims, meta mask brute-forcing for stealing seed and private keys, crypto checker, and dmg installer, after which it shares the logs via Telegram. These services are offered at a price of $1000 per month.” ” concludes the report.

Passwords

Passwords Archiving Education Phishing

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

WizCase’s security team discovered an unsecured ElasticSearch server owned by AMT Games which exposed 1.47 TB of data. This leak exposed users’ email addresses, IP addresses, Facebook data, and more to potential attack. The leaked data numbers in the millions and was accessible to anyone who possessed the link. The leak has since been secured.

Data breaches

Data breaches Phishing Access Personal data

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

Passwords

Passwords Government Access Security

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs

JUNE 17, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Military

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S.

Computer and Electronics

Computer and Electronics Phishing Communications Privacy

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The so-called hacktivist groups conducted distributed denial-of-service (DDoS) and defacement attacks against Ukrainian websites, but the experts believe that they are a front for information operations and destructive cyber activities coordinated by the Kremlin. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military

Military Phishing Government Security

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The United States Department of Homeland Security (DHS) is warning of ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs). The DHS issued an alert on ongoing attacks aimed at global managed service providers (MSPs) that are carried out by an advanced APT group.

Communications

Communications Manufacturing Cybersecurity Phishing

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Security Affairs

MARCH 3, 2021

WizCase experts found a major breach in phone-tracking service Ringostat ’s database, millions of Phone Numbers, Recordings, and Call Logs Compromised. WizCase security team has found a major breach in phone-tracking service Ringostat ’s database. The leak has since been secured. What’s Happening? What Data Was Leaked?

Data breaches

Data breaches Metadata Phishing B2B

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

Being Used to Phish So Many of Us? A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches IoT

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

In April 2019, China-linked cyber-espionage group tracked as APT10 has added two new loaders to its arsenal and used it against government and private organizations in Southeast Asia. In September 2018, researchers from FireEye uncovered and blocked a campaign powered by the Chinese APT10 cyber espionage group aimed at Japanese media sector.

Libraries

Libraries Phishing Government Cloud

XLoader, a $49 spyware that could target both Windows and macOS devices

Security Affairs

JULY 21, 2021

FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is capable of extracting data from HTTP sessions, keystroke logging, stealing clipboard contents. The customers pay for access to the platform and generate their executable files as a service. ” continues the report.

Sales

Sales Phishing Communications IT

Phishing in the Service of Espionage

Russia-linked APT28 and crooks are still using the Moobot botnet

Trending Sources

Phishing Attacks Traced to Indian Commercial Espionage Firm

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor

China-linked RedAlpha behind multi-year credential theft campaign

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

Types of cyberthreats

Costaricto APT: Cyber mercenaries use previously undocumented malware

Kimsuky APT poses as journalists and broadcast writers in its attacks

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

China-linked TA413 group targets Tibetan entities with new backdoor

Barracuda ESG zero-day exploited by China-linked APT

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT

Russian Gamaredon APT is targeting Ukraine since October

Russia-linked Cold River APT targeted US nuclear research laboratories

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Iran-linked APT TA453 targets Windows and macOS systems

Dark Basin, a hack-for-hire group that remained under the radar for 7 years

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Microsoft sued North Korea-linked Thallium group

Mandiant identifies 3 hacktivist groups working in support of Russia

DHS issued an alert on attacks aimed at Managed Service Providers

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

APT10 is back with two new loaders and new versions of known payloads

XLoader, a $49 spyware that could target both Windows and macOS devices

Stay Connected