2021, Government and Manufacturing - Information Management Today

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. Pierluigi Paganini.

Manufacturing

Manufacturing Education Access Security

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware

Ransomware Manufacturing Access Phishing

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023.

Government

Government Manufacturing Education Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018.

Energy and Utilities

Energy and Utilities Government Cybersecurity Military

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

e-Discovery

e-Discovery Communications Ransomware Government

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

US offers $10 million reward for info on Hive ransomware group leaders

Security Affairs

FEBRUARY 8, 2024

Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. According to a report published by blockchain analytics company Chainalysis, the Hive operation is one of the top 10 ransomware strains by revenue in 2021.

Ransomware

Ransomware Blockchain Manufacturing Analytics

Witchetty APT used steganography in attacks against Middle East entities

Security Affairs

OCTOBER 1, 2022

The group used the backdoor in attacks against Middle Eastern governments. The APT group has been continuously improving its toolset by employing new malware in attacks aimed at governments, diplomatic missions, charities, and industrial/manufacturing organizations in the Middle East and Africa.

Manufacturing

Manufacturing Government Cybersecurity IT

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

ransomware attacks against Australian organizations starting July 2021. ransomware attacks against Australian organizations in multiple industry sectors starting July 2021. The Australian agency also published 2021-006: ACSC Ransomware Profile – Lockbit 2.0 ransomware. in Australia since 2020. ” states the advisory.

Ransomware

Ransomware Retail Security Manufacturing

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware attacks against small businesses in multiple countries. The list of victims includes manufacturing organizations, banks, schools, and event and meeting planning companies. ” concludes Microsoft.

Ransomware

Ransomware Encryption Government Manufacturing

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Authentication

Authentication Military Ransomware Manufacturing

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

After looking at 28 of the most popular manufacturers, our research team found 3.5 million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies. Surge in internet-facing cameras.

Passwords

Passwords Manufacturing Authentication Government

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” concludes the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs

DECEMBER 14, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware

Ransomware Blockchain Manufacturing Analytics

Avaddon ransomware gang shuts down their operations and releases decryption keys

Security Affairs

JUNE 11, 2021

— Fabian Wosar (@fwosar) June 11, 2021. link] — Emsisoft (@emsisoft) June 11, 2021. A public Emsisoft decryption tool is coming soon. Do not pay. If you are a victim and want to know if your files can be decrypted, please reach out to fw@emsisoft.com. ” states Emsisoft. . ” states Emsisoft.

Ransomware

Ransomware Passwords Manufacturing Archiving

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

“The Federal Office for Information Security (BSI) warns according to §7BSIlaw before using virus protection software from the Russian manufacturer Kaspersky. BSI remarks that the trust in the reliability and self-protection of a manufacturer as well as his authentic ability to act is crucial for the safe use of any defense software.

Manufacturing

Manufacturing Information Security Military Cybersecurity

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity. Operation Blacksmith involved the exploitation of CVE-2021-44228 , also known as Log4Shell. In March, the threat actors hit a South American agricultural organization. ” reads the analysis published by Talos.

Agriculture

Agriculture Data collection Access Manufacturing

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Security Affairs

DECEMBER 16, 2021

Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations worldwide have been hit by the PseudoManuscrypt spyware. Thus, we cannot say for certain whether the campaign is pursuing criminal mercenary goals or goals correlating with some governments’ interests.

Energy and Utilities

Energy and Utilities Manufacturing Archiving Authentication

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

Security Affairs

FEBRUARY 16, 2024

government offers rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. “FBI identified ALPHV/Blackcat actors as having compromised over 1,000 victim entities in the United States and elsewhere, including prominent government entities (e.g.,

Ransomware

Ransomware Government Manufacturing Access

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild.

Military

Military Manufacturing Access Security

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Security Affairs

NOVEMBER 18, 2022

The authorities reported that from June 2021 through at least November 2022, threat actors employed the Hive ransomware in attacks aimed at a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware

Ransomware Blockchain Manufacturing Analytics

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Security Affairs

MARCH 15, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). Well, I'll say that the ProxyLogon Exchange CVE-2021-26855 Exploit is completely out of the bag by now. pic.twitter.com/ijOGx3BIif — Will Dormann (@wdormann) March 13, 2021.

Ransomware

Ransomware Military Manufacturing Security

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. . The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts. .

Healthcare

Healthcare Phishing Government Manufacturing

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Security

Security Blockchain Manufacturing Analytics

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Security Affairs

FEBRUARY 28, 2024

” Government experts believe that the increase in targeted attacks against the healthcare sector is the response of the group to law enforcement actions against the Blackcat group in early December 2023. municipal governments, defense contractors, and critical infrastructure organizations).” reads the press release. “To

Ransomware

Ransomware Government Insurance Manufacturing

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

“The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

Ransomware

Ransomware Encryption Communications Manufacturing

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

Security Affairs

AUGUST 31, 2022

Over the years, the group hit defence contractors, manufacturers, universities, government agencies, legal firms involved in diplomatic disputes, and foreign companies involved with Australasian policy or South China Sea operations. . In June 2021, the U.S. ” read the report published by the experts. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Manufacturing Phishing Government

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Communications

Communications Manufacturing Education Government

Hive Ransomware Tor leak site apparently seized by law enforcement

Security Affairs

JANUARY 26, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware

Ransomware Blockchain Manufacturing Analytics

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

Because of these efforts, along with the efforts of others in the industry and national governments to combat the rise of commercial spyware, Defendants have been substantially weakened.” In November 2021, Apple sued NSO Group and its parent company Q Cyber Technologies in a U.S. ” reads the court filing.

Risk

Risk Government Manufacturing IT

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. The group is suspected to have been active since mid-2021.

Manufacturing

Manufacturing Education Access Government

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. “According to the report, the sample may have been used in an attack on Taiwanese electronics manufacturing company Delta Electronics Inc. ” reported a statement from the security company cited by CTWANT.

Ransomware

Ransomware Computer and Electronics Manufacturing Encryption

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. ” Since December 2021 Cuba operators are continuing to target U.S. The threat actors behind the Cuba ransomware (aka COLDDRAW, Tropical Scorpius ) have demanded over 145 million U.S.

Ransomware

Ransomware Financial Services Manufacturing Phishing

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Access

US pharmacy outage caused by Blackcat ransomware attack on Optum Solutions

Security Affairs

FEBRUARY 27, 2024

The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies.” FBI identified ALPHV/Blackcat actors as having compromised over 1,000 victim entities in the United States and elsewhere, including prominent government entities (e.g.,

Ransomware

Ransomware Government Insurance Manufacturing

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Cleanup

Cleanup Libraries Access Manufacturing

China-linked APT Bronze Starlight deploys ransomware as a smokescreen

Security Affairs

JUNE 26, 2022

-based media organization with offices in China and Hong Kong, electronic component designers and manufacturers in Lithuania and Japan, a law firm in the U.S., In mid-2021, CTU researchers began tracking a second cluster of activity that uses HUI Loader to load Cobalt Strike Beacon and deploy ransomware.

Ransomware

Ransomware Healthcare Manufacturing Encryption

EU Parliament and Council of the EU Reach Agreement on Data Governance Act

Hunton Privacy

DECEMBER 6, 2021

On November 30, 2021, the European Commission issued a press release indicating that the European Parliament and the Council of the EU ( i.e. , representatives of EU Member States) reached political agreement on the proposed EU Data Governance Act. Background. Other Initiatives. Read the European Commission Press Release.

Government

Government Agriculture Manufacturing Personal data

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

Security Affairs

APRIL 26, 2023

German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. government officials as well as European security authorities, which have warned of the risks associated with Chinese telecoms equipment.” The activity will be completed in the coming months.

Government

Government Communications Risk Cybersecurity

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Ranzy Locker ransomware hit tens of US companies in 2021

Webinars

Trending Sources

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Webinars

US indicted 4 Russian government employees for attacks on critical infrastructure

China’s Volt Typhoon botnet has re-emerged

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

US offers $10 million reward for info on Hive ransomware group leaders

Witchetty APT used steganography in attacks against Middle East entities

Raspberry Robin malware used in attacks against Telecom and Governments

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Holy Ghost ransomware operation is linked to North Korea

Researchers warn of a surge in cyber attacks against Microsoft Exchange

3.5m IP cameras exposed, with US in the lead

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

French authorities arrested a Russian national for his role in the Hive ransomware operation

Avaddon ransomware gang shuts down their operations and releases decryption keys

The German BSI agency recommends replacing Kaspersky antivirus software

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

PseudoManuscrypt, a mysterious massive cyber espionage campaign

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

China-linked Budworm APT returns to target a US entity

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs newsletter Round 303

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Cuba ransomware gang hacked 49 US critical infrastructure organizations

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

China-linked APT Volt Typhoon linked to KV-Botnet

Hive Ransomware Tor leak site apparently seized by law enforcement

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

China-linked Flax Typhoon APT targets Taiwan

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Cuba Ransomware received over $60M in Ransom payments as of August 2022

FBI chief says China is preparing to attack US critical infrastructure

US pharmacy outage caused by Blackcat ransomware attack on Optum Solutions

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

China-linked APT Bronze Starlight deploys ransomware as a smokescreen

EU Parliament and Council of the EU Reach Agreement on Data Governance Act

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

Top IoT Security Solutions of 2021

Raspberry Robin malware used in attacks against Telecom and Governments

Stay Connected