2021, Government and Military - Information Management Today

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Security Affairs

FEBRUARY 16, 2020

billion for cyber operations in next year’s budget for the Department of Defense, a data that confirms the strategic importance of the fifth domain of the warfare for the US Government. billion for fiscal year 2021 on cyber activities, while the previous budget was about $9.6 The US administration requested $9.8

Artificial Intelligence

Artificial Intelligence Military Cybersecurity Risk

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Security Affairs

FEBRUARY 25, 2022

In mid-January, the government of Kyiv attributed the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151. In November 2021, Mandiant Threat Intelligence researchers linked the Ghostwriter disinformation campaign (aka UNC1151) to the government of Belarus. Pierluigi Paganini.

Military

Military Phishing CMS Government

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

NOVEMBER 10, 2021

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. SecurityAffairs – hacking, Taiwan Government).

Government

Government Military Information Security Security

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group mainly focuses on high-profile orgs, including government entities and military orgs. ” reads the report published by Bitdefender.

Military

Military Passwords Government Security

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Government Cybersecurity Military

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

“A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165 , also known as APT28, Sofacy Group , Forest Blizzard , Pawn Storm , Fancy Bear , and Sednit , used to conceal and otherwise enable a variety of crimes.”

Military

Military Government Access Cybersecurity

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military

Military Phishing File names Archiving

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Security Affairs

FEBRUARY 4, 2022

The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government

Government Military Phishing Information Security

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement.

Military

Military Metadata Government Passwords

The Netherlands declares war on ransomware operations

Security Affairs

OCTOBER 8, 2021

The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them.

Ransomware

Ransomware Military Government Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems.

Military

Military Government Phishing Authentication

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Authentication

Authentication Military Ransomware Manufacturing

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers.

IT

IT Cloud Military Phishing

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The researchers noticed that the attackers also commonly employed multiple known vulnerabilities, including CVE-2023-38831 in WinRAR or CVE-2021-40444 in Windows MSHTML.

Military

Military Government Access Phishing

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sécurité des systèmes d’information) warns that the Russia-linked APT28 group has been targeting multiple French organizations, including government entities, businesses, universities, and research institutes and think tanks.

Military

Military Phishing Government Security

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country. link] — Freedom of the Press (@FreedomofPress) January 4, 2021. government will likely appeal the decision. He published thousands of classified diplomatic and military documents on WikiLeaks in 2010.

Military

Military Government Risk Passwords

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

Ransomware

Ransomware Passwords Military Authentication

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. So why do we do these government warnings then? ” Huntley added. “At

Phishing

Phishing Military Government Security

Two former NSA Officials appointed by Joe Biden for prominent cyber roles

Security Affairs

APRIL 12, 2021

The first name was John Chris Inglis, who was nominated as the first-ever National Cyber Director, a role that was introduced by Congress in the Fiscal Year 2021. Inglis retired from NSA in 2014 where he served the US government for 28 years, since 2013 as the agency’s deputy director. I’m proud of what we are building across the U.S.

Military

Military Government Cybersecurity Security

Mandiant links Ghostwriter operations to Belarus

Security Affairs

NOVEMBER 16, 2021

Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked to the government of Belarus. ” reads the report published by Mandiant.

Military

Military CMS Government Security

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to CERT-UA, this campaign targeted more than 40 Ukrainian organizations, including government entities.

Military

Military Phishing Government Communications

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs

DECEMBER 6, 2021

The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. Le CERT-FR vient de publier un rapport sur des campagnes d’hameçonnage du mode opératoire d’attaquants Nobelium contre des entités françaises menées depuis février 2021.

Phishing

Phishing Military Government Cybersecurity

Colonial Pipeline discloses data breach after May ransomware attack

Security Affairs

AUGUST 17, 2021

Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. On May 6, 2021, an unauthorized third party acquired certain records stored in our systems,” states the letter.

Data breaches

Data breaches Ransomware Military Insurance

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year.

Phishing

Phishing Military Government Security

Russian Gamaredon APT is targeting Ukraine since October

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Military

Military Phishing Government Security

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Security Affairs

MAY 28, 2021

The campaign monitored by Microsoft was uncovered in January 2021 and evolved over time, the researchers observed a series of waves demonstrating significant experimentation. If the target is an Apple iOS device, the user was redirected to another server under NOBELIUM control, that attempts to trigger the CVE-2021-1879 flaw.

Phishing

Phishing Military Government IT

NK-linked InkySquid APT leverages IE exploits in recent attacks

Security Affairs

AUGUST 18, 2021

APT37 has been active since at least 2012, it mainly targeted government, defense, military, and media organizations in South Korea. The watering hole attacks on the Daily NK was conducted from March 2021 until early June 2021. ” reads the post published by Volexity. com to malicious subdomains of jquery[.]services.

Metadata

Metadata Military Archiving Cybersecurity

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs of concept are available online,” ESET concludes.

Military

Military Government Phishing IT

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The experts found multiple similarities with the FoggyWeb malware that was detailed by Microsoft in September 2021.

Authentication

Authentication Military Access Government

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild.

Military

Military Manufacturing Access Security

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Security Affairs

MARCH 15, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). Well, I'll say that the ProxyLogon Exchange CVE-2021-26855 Exploit is completely out of the bag by now. pic.twitter.com/ijOGx3BIif — Will Dormann (@wdormann) March 13, 2021.

Ransomware

Ransomware Military Manufacturing Security

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

“Use of FoggyWeb has been observed in the wild as early as April 2021.” Researchers spotted the use of FoggyWeb since early April 2021. ” reads the analysis published by Microsoft. ” The attackers use the version.dll DLL to load FoggyWeb which is stored in the encrypted file Windows.Data.TimeZones.zh-PH.pri.

Encryption

Encryption Military Government Access

Israeli surveillance firm QuaDream emerges from the dark

Security Affairs

FEBRUARY 6, 2022

Like NSO Group, QuaDream develops surveillance malware for government and intelligence agencies. QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik. ” reads the article published by Reuters. ” concludes Reuters.

Government

Government Military IT Security

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Security Affairs

JULY 1, 2021

US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. ” reads the advisory published by the NSA. . ” reads the advisory published by the NSA.

Energy and Utilities

Energy and Utilities Military Cloud Cybersecurity

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

Security Affairs newsletter Round 399 by Pierluigi Paganini

Security Affairs

DECEMBER 25, 2022

Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach impacting 1.5 Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Security

Security Military Ransomware Encryption

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea. The Dolphin backdoor was used as the final payload of a multistage watering-hole attack in early 2021. Kaspersky first documented the operations of the group in 2016.

Military

Military Cloud Communications Access

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

link] — Edward Snowden (@Snowden) September 16, 2021. military and various government contractors, then with a U.S. Edward Snowden expressed concerns about the VPN service offered by ExpressVPN and has warned users to stop using it. If you're an ExpressVPN customer, you shouldn't be. ” reads the response.

Cybersecurity

Cybersecurity Military Privacy Compliance

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Security Affairs

JULY 1, 2022

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021.

Military

Military Passwords Access Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Access Cybersecurity Education

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

In November 2021, Mandiant Threat Intelligence researchers linked the Ghostwriter disinformation campaign (aka UNC1151) to the government of Belarus. Sensitive technical information gathered by the researchers suggests the threat actors were operating from Minsk, Belarus under the control of the Belarusian Military.

Archiving

Archiving CMS File names Phishing

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Webinars

Trending Sources

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Webinars

Taiwan Government faces 5 Million hacking attempts daily

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

US indicted 4 Russian government employees for attacks on critical infrastructure

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

The Netherlands declares war on ransomware operations

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

British Court rejects the US’s request to extradite Julian Assange

Iran-linked APT groups continue to evolve

Google warns of APT28 attack attempts against 14,000 Gmail users

Two former NSA Officials appointed by Joe Biden for prominent cyber roles

Mandiant links Ghostwriter operations to Belarus

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Nobelium APT targets French orgs, French ANSSI agency warns

Colonial Pipeline discloses data breach after May ransomware attack

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Russian Gamaredon APT is targeting Ukraine since October

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

NK-linked InkySquid APT leverages IE exploits in recent attacks

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Nobelium APT uses new Post-Compromise malware MagicWeb

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Israeli surveillance firm QuaDream emerges from the dark

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs newsletter Round 399 by Pierluigi Paganini

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Why Edward Snowden is urging users to stop using ExpressVPN?

SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Stay Connected