2007 and IT - Information Management Today

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022.

Government

Government IT Access Information Security

UK, US and its allies blame Russia’s GRU for 2019 cyber-attacks on Georgia

Security Affairs

FEBRUARY 20, 2020

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. That field post number 74455 is the same for the APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ). It resulted in a fifth of Kyiv losing power for an hour.

Military

Military IT Government Encryption

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets.

IT

IT Systems administration Military Cybersecurity

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector.

Computer and Electronics

Computer and Electronics Digital transformation Government IT

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Data Breach Today

APRIL 8, 2020

It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.

Security

Security IT

Meta Delays Data Harvesting for AI Plans in Europe

Data Breach Today

JUNE 14, 2024

Company Says It Will Still Attempt to Use Public Posts Dating to 2007 to Train AI Social media giant Meta will delay plans to train artificial intelligence with data harvested from European Instagram and Facebook users weeks after a rights group lodged a complaint against the company with 11 European data regulators.

Artificial Intelligence

Artificial Intelligence IT

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Security Affairs

SEPTEMBER 5, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth.

Military

Military Cybersecurity Government Security

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

” Now the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). ” reported BleepingComputer.

Authentication

Authentication Data breaches Communications Access

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

JULY 17, 2019

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America and former Soviet bloc nations. ” concludes Kaspersky. . Pierluigi Paganini.

IT

IT Encryption Security Government

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. LockBit ransomware operators have compromised the systems at the helicopter maker Kopter and published them on their darkweb leak site.

Ransomware

Ransomware Encryption Passwords Authentication

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

Since at least 2007, Web Listings Inc. The mailer references the domain name web-listings.net , one of several similarly-named domains registered sometime in 2007 or later to a “ James Madison ,” who lists his address variously as a university in New Britain, Connecticut or a UPS Store mailbox in Niagara Falls, New York.

Marketing

Marketing Sales Financial Services IT

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Security

Security IT Cybersecurity Information Security

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. In 2019, the U.S.

Ransomware

Ransomware Government IT Security

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions.

Military

Military File names Education Phishing

Emissary Panda updated its weapons for attacks in the past 2 years

Security Affairs

MARCH 1, 2019

In 2018, Emissary Panda was observed using an updated version of the ZxShell RAT first developed in 2006 and whom code was released in 2007. The malware includes the well-known HTran packet redirection tool and was signed with digital certificates that were signed by Hangzhou Shunwang Technology. . Windows NT 6.3; Pierluigi Paganini.

IT

IT File names Financial Services Communications

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. In 2019, the U.S.

Ransomware

Ransomware File names Encryption Government

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. ” concludes the report.

Phishing

Phishing Communications Archiving Passwords

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military

Military Phishing Government Authentication

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

“As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. Brovko was involved in the illegal practice between 2007 and 2019. ” reads the press release published by the DoJ.

Data collection

Data collection Access Security IT

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs

MARCH 9, 2020

A couple of weeks ago, the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). CVE-2020-0688 mass scanning activity has begun.

Authentication

Authentication Communications Cybersecurity Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Prior to that, akafitis@gmail.com was used as the email address for the account “ Fitis ,” which was active on Exploit between September 2006 and May 2007. ru in its early years, but for a brief period in 2007 it appears this website was inadvertently exposing all of its file directories to the Internet. account on Carder[.]su

Healthcare

Healthcare Passwords Sales Ransomware

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. There’s also a growing concern about Huawei’s capacity to produce its equipment,” the source added.

Manufacturing

Manufacturing Risk Communications Security

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

Security Affairs

OCTOBER 25, 2018

Facebook has been fined £500,000 by the UK’s Information Commissioner’s Office ( ICO ) for the Cambridge Analytica privacy scandal that exposed data of 87 million users. The announcement was made by the UK’s data protection regulator, Information Commissioner Elizabeth Denham. ” she said.

GDPR

GDPR Access Privacy Security

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Security Affairs

SEPTEMBER 10, 2022

Since at least 2007, the MOIS coordinated a series of cyber operation against government entities and private organizations around the world. Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. ” reads the press release of the U.S.

Government

Government Security IT Information Security

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers, the nation-state actor has been active since at least 2007. Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. ” reads the statement published by the company.

Access

Access Security IT Information Security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. CDHE did not disclose the number of impacted individuals. CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists.

Education

Education Data breaches Ransomware Access

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” reads the advisory published CISA.

Cybersecurity

Cybersecurity Government Security IT

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. , which translates to “to fell”, or “to chop.”

Military

Military IoT Phishing Government

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

This group has been active since at least 2007, in December 2019, the U.S. According to BleepingComputer , the ransomware initially breached the corporate offices and then moved laterally targeting the IT systems of the resorts they operate. Customers of the company were not able to make reservations at the resorts operated by the company.

Ransomware

Ransomware Retail Manufacturing Encryption

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

Security Affairs

SEPTEMBER 26, 2018

The flaw tracked as CVE-2018-14634 affects the kernel versions released between July 2007 and July 2017, Linux Kernel versions 2.6.x, A new integer overflow vulnerability found in Linux Kernel. Dubbed Mutagen Astronomy, it affects Red Hat, CentOS, and Debian Distributions. x and 4.14.x, x, are vulnerable to the Mutagen Astronomy flaw.

Access

Access Security IT

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Cyber Command (USCYBERCOM) North Korea-linked APT group BeagleBoyz was very active since February 2020 targeting banks across the world.

Access

Access Government Ransomware Cybersecurity

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

AUGUST 1, 2018

The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform. “A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Data breaches

Data breaches Access Passwords Authentication

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

SEPTEMBER 22, 2022

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. As we dug into the issue, we realized this was in fact CVE-2007-4559.” Initially we thought we had found a new zero-day vulnerability.

Archiving

Archiving File names Metadata Security

The cyber attack against Austria’s foreign ministry has ended

Security Affairs

FEBRUARY 15, 2020

” The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America and former Soviet bloc nations.

Government

Government IT Security Access

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” reads the analysis published by ESET.

Archiving

Archiving Government Communications IT

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May.

File names

File names Encryption Manufacturing Libraries

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. a South Korean video game company.”

Healthcare

Healthcare Communications IT Security

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

They also leveraged the Sysinternals DebugView tool, the McAfee on-demand scanner, and Microsoft Word 2007.” Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. ” Microsoft said. ” Microsoft said. ” continues the report.

Mining

Mining Manufacturing Government Phishing

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. of the driver. can be used for Turla’s exploit.

Security

Security Government IT Information Security

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2007 Workspace ONE UEM patch 20.7.0.17 .” Below is the list of impacted versions: I mpacted Versions Fixed Version 2109 Workspace ONE UEM patch 21.9.0.13 and above 2105 Workspace ONE UEM patch 21.5.0.37 and above 2102 Workspace ONE UEM patch 21.2.0.27 and above 2101 Workspace ONE UEM patch 21.1.0.27

Access

Access Authentication Cloud Security

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

From 2007 to 2015 TYURIN also conducted cyberattacks against multiple foreign companies. financial sector hacks, from approximately 2007 to mid-2015 TYURIN also conducted cyberattacks against numerous U.S. “In addition to the U.S.

Marketing

Marketing Security Risk Information Security

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. .

Healthcare

Healthcare Phishing Archiving Education

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. IoCs : win_fw.dll A8EF73CC67C794D5AA860538D66898868EE0BEC0 idahelper.dll DE0E23DB04A7A780A640C656293336F80040F387 : Win32/NukeSped.KZ

Cybersecurity

Cybersecurity Ransomware Security IT

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. It communicates with the orchestrator using a named pipe.

Communications

Communications Military Encryption Authentication

The Mask APT is back after 10 years of silence

UK, US and its allies blame Russia’s GRU for 2019 cyber-attacks on Georgia

Webinars

Trending Sources

North Korea-linked Lazarus APT targets the IT supply chain

Webinars

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Meta Delays Data Harvesting for AI Plans in Europe

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Turla APT group adds Topinambour Trojan to its arsenal

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Who’s Behind the ‘Web Listings’ Mail Scam?

Colombian authorities arrested hacker behind the Gozi Virus

Grief ransomware gang hit US National Rifle Association (NRA)

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Emissary Panda updated its weapons for attacks in the past 2 years

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Long-existing Bandook RAT targets Windows machines

APT28 targets key networks in Europe with HeadLace malware

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Belgium telecom operators Proximus and Orange drop Huawei

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

US Cyber Command details implants used in attacks on parliaments and embassies

FBI and NSA joint report details APT28’s Linux malware Drovorub

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

North Korea-linked APT group BeagleBoyz targets banks

Reddit discloses a data breach, a hacker accessed user data

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

The cyber attack against Austria’s foreign ministry has ended

Russia-Linked Turla APT uses new malware in watering hole attacks

China-linked APT41 group targets Hong Kong with Spyder Loader

China-linked Winnti APT targets South Korean Gaming firm

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Financially motivated Earth Lusca threat actors targets organizations worldwide

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

New Turla ComRAT backdoor uses Gmail for Command and Control

Stay Connected