2022, Government and Manufacturing - Information Management Today

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Later, in November 2022, most of the devices composing the botnet were ProSAFE devices, and a smaller number of DrayTek routers.

e-Discovery

e-Discovery Communications Ransomware Government

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” The experts reported that the campaign was first uncovered in May 2022 that Zscaler researchers linked to the Ducktail operation by Zscaler.

Government

Government Manufacturing Authentication Cybersecurity

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. ” reads the report. Pierluigi Paganini.

Ransomware

Ransomware Financial Services Manufacturing Phishing

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

US offers $10 million reward for info on Hive ransomware group leaders

Security Affairs

FEBRUARY 8, 2024

Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. Starting from the end of July 2022, the FBI infiltrated Hive’s computer networks. According to the announcement, the group targeted organizations in over 80 countries.

Ransomware

Ransomware Blockchain Manufacturing Government

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Spanish Banking Trojan Attacks Various Industry Verticals

Data Breach Today

AUGUST 20, 2022

Grandoreiro Banking Trojan Impersonates Mexican Government Officials Researchers uncovered a spear-phishing campaign targeting automotive and chemical manufacturers across the Spanish-speaking nations of Mexico and Spain.

Manufacturing

Manufacturing Phishing Government

Spanish-Language Trojan Targets Many Industry Verticals

Data Breach Today

AUGUST 22, 2022

Grandoreiro Banking Trojan Impersonates Mexican Government Officials Researchers uncovered a spear-phishing campaign targeting automotive and chemical manufacturers across the Spanish-speaking nations of Mexico and Spain.

Manufacturing

Manufacturing Phishing Government

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The list of victims includes manufacturing organizations, banks, schools, and event and meeting planning companies. The HolyRS.exe was first detected in October 2021, HolyLocker.exe in March 2022 and BTLC.exe in April 2022. The first possibility is that the North Korean government sponsors this activity.”

Ransomware

Ransomware Encryption Government Manufacturing

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

In March 2022, the US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang breached the networks of at least 52 organizations across 10 critical infrastructure sectors. “As

Ransomware

Ransomware Financial Services Manufacturing Government

Anonymous and the IT ARMY of Ukraine continue to target Russian entities

Security Affairs

APRIL 8, 2022

The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. The list of recently compromised businesses includes: Forest – The hacktivists leaked 37,500 emails stolen from the company which is a Russian logging and wood manufacturing firm.

IT

IT Manufacturing Access Cybersecurity

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., The court filings can be found here: [link] — Amy Hogan-Burney (@CyberAmyHB) June 2, 2022. Middle East, and India.

Phishing

Phishing Manufacturing Education Cybersecurity

Witchetty APT used steganography in attacks against Middle East entities

Security Affairs

OCTOBER 1, 2022

The group used the backdoor in attacks against Middle Eastern governments. The cyber espionage group Witchetty (aka LookingFrog) was first spotted by cybersecurity firm ESET in April 2022, the experts argue it is a sub-group of the China-linked TA410 group (aka APT10, Cicada, Stone Panda, and TA429)).

Manufacturing

Manufacturing Government Cybersecurity IT

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet.

Communications

Communications Manufacturing Education Government

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

An alleged Chinese threat actor group is behind attacks on government organizations exploiting a Fortinet zero-day flaw (CVE-2022-41328). A suspected China-linked group is exploiting a Fortinet zero-day vulnerability, tracked as CVE-2022-41328 , in attacks aimed at government organizations. ” concludes Mandiant.

Manufacturing

Manufacturing Access Government Communications

Anonymous and its affiliates continue to cause damage to Russia

Security Affairs

MARCH 2, 2022

In the last few hours, in addition to government sites, the sites of the country’s main banks have been brought to their knees. AgainstTheWes #Ukraine pic.twitter.com/PJU5ClsGfr — ATW (@AgainstTheWest_) March 1, 2022. NPKTAIR, a Russian tool manufacturer, has been breached. Doemela_X) February 28, 2022.

IT

IT Manufacturing Government Mining

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs

DECEMBER 14, 2023

The threat actors behind the Hive RaaS have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities.

Ransomware

Ransomware Blockchain Manufacturing Analytics

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Later, in November 2022, most of the devices composing the botnet were ProSAFE devices, and a smaller number of DrayTek routers.

Energy and Utilities

Energy and Utilities Communications Military Access

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

.” The MiCODUS MV720 GPS Tracker is a popular vehicle GPS tracker manufactured in China, which is used by consumers for theft protection and location management, and by organizations for vehicle fleet management. The analysis of the sector usage on a global scale revealed significant differences by continent in the typical user profile.

Passwords

Passwords Manufacturing Military Authentication

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

Zur Pressemitteilung: [link] #DeutschlandDigitalSicherBSI — BSI (@BSI_Bund) March 15, 2022. “The Federal Office for Information Security (BSI) warns according to §7BSIlaw before using virus protection software from the Russian manufacturer Kaspersky. ” reads the BSI announcement.

Manufacturing

Manufacturing Information Security Military Cybersecurity

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

Security Affairs

AUGUST 31, 2022

The campaign has been active from April 2022 through June, the threat actor was observed delivering the ScanBox exploitation framework to target visitors of a rogue Australian news website. “Proofpoint had also observed customized URLs, and URL redirect destinations distinct for each target, in TA423’s earlier campaigns in March 2022.”

Energy and Utilities

Energy and Utilities Manufacturing Phishing Government

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

Australia’s Defense Department announced that they will remove surveillance cameras made by Chinese firms linked to the government of Beijing. Australia’s Defense Department is going to replace surveillance cameras made by Chinese firms Hikvision and Dahua, who are linked to the government of Beijing. ” reported The Guardian. .”

Manufacturing

Manufacturing Government Risk Communications

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

” Rosaviatsia is the government agency responsible for the oversight and regulation of civil aviation in Russia. In the same period in 2022, 50 such incidents were recorded. As of March 2022, Russia had about 820 foreign-made civilian aircraft. This means that the safety hazard of flying in Russia has tripled.

Military

Military Manufacturing Government Authentication

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. According to a joint report published by US authorities and international peers, the total of U.S. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. “On January 26, 2022, the malware intelligence team collected a sample of the Conti ransomware with a hash value of 5ace33358a8b11ae52050d02d2d6705f04bd47a27c6c6e28ef65028bbfaf5da9.”

Ransomware

Ransomware Computer and Electronics Manufacturing Encryption

Anonymous is working on a huge data dump that will blow Russia away

Security Affairs

MARCH 28, 2022

#RostProektLeak hacked by Anonymous Delete the *—— [link] @YourAnonRiots @YourAnonNews @YourAnonTV @AnonymousVideo pic.twitter.com/NoPRPmy18S — 0PS INFORMATION | WORLD HUMANITY | (@NewAnon0ps) March 27, 2022. link] — Anonymous (@LatestAnonPress) March 28, 2022. The hacktivists have leaked 2.4 But f**k, be ready.

Mining

Mining Manufacturing Government IT

Security Affairs newsletter Round 365 by Pierluigi Paganini

Security Affairs

MAY 15, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security

Security Agriculture Ransomware Manufacturing

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Security Affairs

FEBRUARY 28, 2024

The advisory updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released on April 19, 2022 and on December 19, 2023. FBI identified ALPHV/Blackcat actors as having compromised over 1,000 victim entities in the United States and elsewhere, including prominent government entities (e.g.,

Ransomware

Ransomware Government Insurance Manufacturing

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Charities and NGOs providing support in Ukraine hit by malware. Is it fake news? Follow me on Twitter: @securityaffairs and Facebook.

Security

Security Data breaches Ransomware Manufacturing

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Security Affairs

NOVEMBER 18, 2022

Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware -as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S.

Ransomware

Ransomware Blockchain Manufacturing Analytics

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Security Affairs

SEPTEMBER 9, 2023

In March 2022, the US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang breached the networks of at least 52 organizations across 10 critical infrastructure sectors. The ransomware gang claims that the hospital doesn’t care about the privacy of its patients.

Ransomware

Ransomware Phishing Encryption Privacy

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

” reads the unclassified National Security Overview 2022 published last week by the Finnish agency. It is also likely that the threat of business espionage will grow as Russia feels the need to begin substitute manufacturing of cutting-edge technology. Russia may seek to acquire NATO-related intelligence through Finland.”

Manufacturing

Manufacturing Access Security Government

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

In November 2022, the U.S. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement).

Ransomware

Ransomware Agriculture Education Government

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. ” reads the press release published by the U.S. “The

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Security Affairs

MARCH 14, 2022

Ongoing attacks could cause severe damages to multiple sectors, including transportation, communication, financial services, government facilities, nuclear reactors, and critical manufacturing. Check Host: [link] pic.twitter.com/J9OSdBLnzf — Anonymous (@LiteMods) February 25, 2022. ” reported researchers from Cyble.

Risk

Risk Financial Services Manufacturing Communications

Hive Ransomware Tor leak site apparently seized by law enforcement

Security Affairs

JANUARY 26, 2023

The threat actors behind the Hive ransomware -as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities.

Ransomware

Ransomware Blockchain Manufacturing Analytics

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. ” reads the post published by Zscaler. ” reads the post published by Zscaler.

Archiving

Archiving Phishing Communications Manufacturing

To Secure Medical Devices, the FDA Turns to Ethical Hackers

Security Affairs

OCTOBER 23, 2018

Those products are widely used and show a forecasted growth of three percent annually through at least 2022. Ethical hackers have contacted device manufacturers after exposing vulnerabilities in their products. A recent example of a medical device problem concerns a pacemaker manufactured by Medtronic. All the while, the U.S.

Security

Security Manufacturing Cybersecurity Government

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Talos believes that NineRAT was built around May 2022, but was first spotted on March 2023 as part of Operation Blacksmith. The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity. In March, the threat actors hit a South American agricultural organization.

Agriculture

Agriculture Data collection Access Manufacturing

China’s Volt Typhoon botnet has re-emerged

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Webinars

Trending Sources

SYS01 stealer targets critical government infrastructure

Webinars

Cuba Ransomware received over $60M in Ransom payments as of August 2022

China-linked APT Curious Gorge targeted Russian govt agencies

US offers $10 million reward for info on Hive ransomware group leaders

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Raspberry Robin malware used in attacks against Telecom and Governments

Spanish Banking Trojan Attacks Various Industry Verticals

Spanish-Language Trojan Targets Many Industry Verticals

Holy Ghost ransomware operation is linked to North Korea

Law enforcement operation seized Ragnar Locker group’s infrastructure

Anonymous and the IT ARMY of Ukraine continue to target Russian entities

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Witchetty APT used steganography in attacks against Middle East entities

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

China-linked APT Volt Typhoon linked to KV-Botnet

China-linked APT likely linked to Fortinet zero-day attacks

Anonymous and its affiliates continue to cause damage to Russia

French authorities arrested a Russian national for his role in the Hive ransomware operation

FBI chief says China is preparing to attack US critical infrastructure

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

The German BSI agency recommends replacing Kaspersky antivirus software

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Operation Cronos: law enforcement disrupted the LockBit operation

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Anonymous is working on a huge data dump that will blow Russia away

Security Affairs newsletter Round 365 by Pierluigi Paganini

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs newsletter Round 357 by Pierluigi Paganini

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital

Finnish intelligence warns of Russia’s cyberespionage activities

A Russian national charged for committing LockBit Ransomware attacks

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Russia-Ukraine cyber conflict poses critical infrastructure at risk

Hive Ransomware Tor leak site apparently seized by law enforcement

Grandoreiro banking malware targets Mexico and Spain

To Secure Medical Devices, the FDA Turns to Ethical Hackers

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Stay Connected