Security Affairs

MARCH 12, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Authentication 359

Authentication Military Ransomware Manufacturing 359

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013.

Military 347

Military Phishing File names Archiving 347

Security Affairs

NOVEMBER 17, 2021

The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

Ransomware 338

Ransomware Passwords Military Authentication 338

Security Affairs

NOVEMBER 5, 2021

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. In the period 2017-2021 this group implemented the most numerous cyberintelligence actions on various vectors of public administration.

Military 349

Military Metadata Government Passwords 349

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities 333

Energy and Utilities Military Government Phishing 333

Security Affairs

OCTOBER 25, 2021

Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers.

IT 324

IT Cloud Military Phishing 324

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military 336

Military Government Phishing Authentication 336

Security Affairs

DECEMBER 15, 2023

“Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. .” HENSOLDT is a company specializing in military and defense electronics.

Ransomware 336

Ransomware Computer and Electronics Agriculture Military 336

Security Affairs

OCTOBER 8, 2021

The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them.

Ransomware 350

Ransomware Military Government Security 350

Security Affairs

OCTOBER 27, 2023

The document provides details about the tactics, techniques and procedures (TTP) associated with threar actors since the second half of 2021. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military 349

Military Phishing Government Security 349

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Recorded Future’s Insikt Group believes that the campaign has been active since November 2021.

Military 246

Military Phishing Government Communications 246

Security Affairs

DECEMBER 30, 2021

DataVault is an advanced encryption software to protect user data, it provides comprehensive military grade data protection and security features to multiple systems. ” The vulnerabilities have been tracked as CVE-2021-36750 and CVE-2021-36751. Multiple vendors, including WD, Sony and Lexar use the DataVault software.

Encryption 338

Encryption Passwords Military Security 338

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The researchers noticed that the attackers also commonly employed multiple known vulnerabilities, including CVE-2023-38831 in WinRAR or CVE-2021-40444 in Windows MSHTML.

Military 324

Military Government Access Phishing 324

Security Affairs

DECEMBER 6, 2021

The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. Le CERT-FR vient de publier un rapport sur des campagnes d’hameçonnage du mode opératoire d’attaquants Nobelium contre des entités françaises menées depuis février 2021.

Phishing 283

Phishing Military Government Cybersecurity 283

Security Affairs

AUGUST 17, 2021

Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. On May 6, 2021, an unauthorized third party acquired certain records stored in our systems,” states the letter.

Data breaches 283

Data breaches Ransomware Military Insurance 283

Security Affairs

NOVEMBER 10, 2021

On the other end, the Chinese government considers the island its territory and does not exclude its military occupation in the future. billion “anomalies” from 2019 to August 2021, according to the report shared by Taiwan’s defence ministry. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Government 278

Government Military Information Security Security 278

Security Affairs

AUGUST 18, 2021

APT37 has been active since at least 2012, it mainly targeted government, defense, military, and media organizations in South Korea. The watering hole attacks on the Daily NK was conducted from March 2021 until early June 2021. ” reads the post published by Volexity. com to malicious subdomains of jquery[.]services.

Metadata 300

Metadata Military Archiving Cybersecurity 300

Security Affairs

OCTOBER 8, 2021

Some info for people who got the warning and a reminder what it means: [link] and also in this — Shane Huntley (@ShaneHuntley) October 7, 2021. — Shane Huntley (@ShaneHuntley) October 7, 2021. TAG sent a above average batch of government-backed security warnings yesterday.

Phishing 274

Phishing Military Government Security 274

Security Affairs

OCTOBER 14, 2021

Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. “So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing 246

Phishing Military Government Security 246

Security Affairs

APRIL 12, 2021

The first name was John Chris Inglis, who was nominated as the first-ever National Cyber Director, a role that was introduced by Congress in the Fiscal Year 2021. Easterly has worked in the cybersecurity division at Morgan Stanley for the past four years, she has served 14 years in government and military service.

Military 292

Military Government Cybersecurity Security 292

Security Affairs

JANUARY 4, 2021

[link] — Freedom of the Press (@FreedomofPress) January 4, 2021. He published thousands of classified diplomatic and military documents on WikiLeaks in 2010. Let’s close with the comment of the NSA whistleblower Edward Snowden : Holy s**t [link] — Edward Snowden (@Snowden) January 4, 2021. Of course, the U.S.

Military 356

Military Government Risk Passwords 356

Security Affairs

MARCH 16, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild.

Military 315

Military Manufacturing Access Security 315

Security Affairs

MARCH 15, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). Well, I'll say that the ProxyLogon Exchange CVE-2021-26855 Exploit is completely out of the bag by now. pic.twitter.com/ijOGx3BIif — Will Dormann (@wdormann) March 13, 2021.

Ransomware 318

Ransomware Military Manufacturing Security 318

Security Affairs

MAY 28, 2021

The campaign monitored by Microsoft was uncovered in January 2021 and evolved over time, the researchers observed a series of waves demonstrating significant experimentation. If the target is an Apple iOS device, the user was redirected to another server under NOBELIUM control, that attempts to trigger the CVE-2021-1879 flaw.

Phishing 279

Phishing Military Government IT 279

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation. Some of those photos date back to 2008.

Military 300

Military IT Communications Risk 300

Security Affairs

FEBRUARY 28, 2021

During the recent video conference of the members of the European Council (25-26 February 2021), NATO chief Jens Stoltenberg highlighted the importance to define a strategy to boost defense and security. “The EU efforts are going hand in hand with the military efforts across the continent,” said Stoltenberg.

Cybersecurity 283

Cybersecurity Security Military Risk 283

Security Affairs

NOVEMBER 16, 2021

The attackers were spreading fabricated content, including falsified news articles, quotes, correspondence, and other documents designed to appear as coming from military officials and political figures in the target countries. ” reads the report published by Mandiant.

Military 304

Military CMS Government Security 304

Security Affairs

FEBRUARY 27, 2022

February 25 – Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing. February 15 – Ukraine: Military defense agencies and banks hit by cyberattacks. Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021.

Military 256

Military Phishing Ransomware Security 256

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement.

Military 246

Military Phishing Government Security 246

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. agencies fear the possibility that these actors could gain access to the networks of critical infrastructure to cause disruptive effects in the event of potential geopolitical tensions and/or military conflicts.

Energy and Utilities 340

Energy and Utilities Communications Military Manufacturing 340

Security Affairs

OCTOBER 7, 2021

revealed it was compiled on May 22, 2021. According to the experts, the PDB path embedded in some of the ShellClient samples suggests that the RAT is part of a restricted or classified project that could be related to military or intelligence agency operations.

Military 356

Military Cloud IT Access 356

Security Affairs

SEPTEMBER 28, 2021

“Use of FoggyWeb has been observed in the wild as early as April 2021.” Researchers spotted the use of FoggyWeb since early April 2021. ” reads the analysis published by Microsoft. ” The attackers use the version.dll DLL to load FoggyWeb which is stored in the encrypted file Windows.Data.TimeZones.zh-PH.pri.

Encryption 274

Encryption Military Government Access 274

Security Affairs

DECEMBER 25, 2022

Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach impacting 1.5 Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Security 246

Security Military Ransomware Encryption 246

Security Affairs

JULY 1, 2022

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021.

Military 246

Military Passwords Access Government 246

Security Affairs

DECEMBER 21, 2021

The man was arrested in Switzerland on March 21, 2021, along with four other accomplices he conspired to gain unauthorized access to computers and to commit wire fraud and securities fraud.

Military 315

Military Passwords Security Access 315

Security Affairs

MARCH 25, 2022

” The two indictments, one from June 2021 and one from August 2021 , are charging one employee of the Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) and three officers of Russia’s Federal Security Service (FSB).

Energy and Utilities 292

Energy and Utilities Government Cybersecurity Military 292

Security Affairs

FEBRUARY 6, 2022

QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik. The two surveillance firms employed the zero-click iMessage exploit dubbed FORCEDENTRY (CVE-2021-30860). ” reads the article published by Reuters. as a zero-day.

Government 246

Government Military IT Security 246