Security Affairs

MAY 10, 2024

CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams issued a warning about a large-scale malware campaign targeting Polish government institutions, allegedly orchestrated by the Russia-linked APT28 group. ” reads the alert.

Government 304

Government Military Libraries Archiving 304

Security Affairs

DECEMBER 22, 2022

The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh U.N. According to local media, US federal prosecutors believe that North Korea’s government considers cryptocurrency a long-term investment and it is amassing crypto funds through illegal activities. ” reported the AP agency.

Military 352

Military Government Ransomware Security 352

Security Affairs

FEBRUARY 15, 2022

“Starting from the afternoon of February 15, 2022, there is a powerful DDOS attack on a number of information resources of Ukraine. — Defence of Ukraine (@DefenceU) February 15, 2022. Threat actors aim at destabilizing the social contest in the country and instilling fear and untrust in the country’s government.

Military 246

Military Communications Information Security Access 246

Security Affairs

MAY 18, 2022

The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom. ” reads the message.

Government 308

Government Ransomware Military Encryption 308

Security Affairs

JUNE 3, 2024

The compromise of networks associated with Ukraine’s Ministry of Defence and European railway systems could allow attackers to gather intelligence to influence battlefield tactics and broader military strategies. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military 354

Military Phishing Government Authentication 354

Security Affairs

MAY 14, 2022

Our Legion conducts military cyber exercises in your countries in order to improve their skills. ” The list of the targeted websites was shared on the Telegram channel of the Pro-Russian hacker collective known as The Legion which focuses on attacks against Western organizations and governments, including NATO countries and the Ukraine.

Government 300

Government Military Data breaches Cybersecurity 300

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. According to Unit 42, APT28 started exploiting the above vulnerability in March 2022. ” reads the report published by the company.

Military 336

Military Government Phishing Authentication 336

Security Affairs

MARCH 9, 2022

government. government. Update on recent batch of Google TAG Government Backed Attack Warnings: In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government. — Shane Huntley (@ShaneHuntley) March 8, 2022. Pierluigi Paganini.

Government 246

Government Phishing Military IT 246

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military 347

Military Phishing Archiving File names 347

Security Affairs

FEBRUARY 15, 2024

“A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165 , also known as APT28, Sofacy Group , Forest Blizzard , Pawn Storm , Fancy Bear , and Sednit , used to conceal and otherwise enable a variety of crimes.”

Military 343

Military Government Access Cybersecurity 343

Security Affairs

FEBRUARY 4, 2022

The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government 251

Government Military Phishing Information Security 251

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. FckPutin #FreeUkraine pic.twitter.com/NJZiLx5c0d — Anonymous TV (@YourAnonTV) March 3, 2022.

Passwords 363

Passwords Government Military Authentication 363

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities 333

Energy and Utilities Military Government Phishing 333

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing 342

Manufacturing Phishing Passwords Military 342

Security Affairs

JANUARY 29, 2024

The hacktivists group is known for having launched DDoS attacks against Western organizations and Ukrainian government agencies. The information secretly provided to Moscow includes military secrets such as the locations of Ukrainian troops and military weaponry in the country. The news was first reported by The Record Media.

Military 343

Military Communications Government Security 343

Security Affairs

SEPTEMBER 10, 2024

Nation-state actors targeted government institutions and state-owned companies involved in military contracts. The Polish government plans to introduce new legislation aimed at strengthening the country’s resilience to cyber attacks. ” reported the Associated Press. ” reported the Associated Press.

Ransomware 324

Ransomware Government Military Security 324

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. The sanctioned entities conducted operations to steal funds to support the military strategy of the regime.

Government 246

Government Military Financial Services Security 246

Security Affairs

MAY 4, 2022

Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. The DDoS attacks also targeted three Lithuanian media websites. ” reported Crowdstrike.

Honeypots 321

Honeypots Military Mining Government 321

Security Affairs

MAY 18, 2021

The Council Decision (CFSP) 2019/797 was established on May 17, 2019, it allows member states to invoke EU-wide sanctions against threat actors that carried out cyberattacks against their governments or the EU. The sanctions against foreign hackers from China, Russia, and North Korea have been extended until May 18, 2022.

Military 296

Military Government IT Security 296

Security Affairs

FEBRUARY 6, 2024

Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. ” The attack chain starts with the exploitation of the CVE-2022-42475 vulnerability for FortiGate devices.

Military 340

Military Government Security IT 340

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military 342

Military Government Phishing Security 342

Security Affairs

JANUARY 8, 2023

Polish authorities charged Russian and Belarusian individuals with spying for the Russian military intelligence service (GRU). Polish authorities charged Russian and Belarusian individuals, who were arrested in April, with spying for the Russian military intelligence service (GRU) from 2017 to April 2022.

Military 246

Military Ransomware Government Security 246

Security Affairs

FEBRUARY 9, 2024

In December 2023, Fortinet urged its customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices. The malware survives reboots and firmware upgrades.

Military 332

Military Government Security IT 332

Security Affairs

MAY 1, 2019

The Military Intelligence and Security Service (MIVD) warn of “worrying” cyber espionage activities carried out by Russia and China. The Military Intelligence and Security Service (MIVD) warn of “worrying” cyber espionage activities carried out by Russia and China. Koot (@mrkoot) April 26, 2019.

Military 265

Military Security Government IT 265

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, The threat actors created bespoke JavaScript payloads designed for each government targets’ webmail portal.

IT 246

IT Military Phishing Passwords 246

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems.

Military 324

Military Government Access Phishing 324

Security Affairs

APRIL 27, 2022

The experts pointed out that starting just before the invasion threat actors linked to the military intelligence service GRU launched destructive wiper attacks on hundreds of systems in Ukraine. 32% percent of destructive attacks were aimed at Ukrainian government organizations at the national, regional, and city levels.

Military 251

Military Government Cybersecurity Security 251

Security Affairs

OCTOBER 27, 2023

The French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sécurité des systèmes d’information) warns that the Russia-linked APT28 group has been targeting multiple French organizations, including government entities, businesses, universities, and research institutes and think tanks.

Military 349

Military Phishing Government Security 349

Security Affairs

MAY 24, 2022

Threat actors could perform reverse engineering of military-made malicious code and use their own versions in attacks in the wild. “The same applies for the digital weapons that, maybe today are used by the military, developed by military, and tomorrow will be available for criminals,” he explained. .

Military 296

Military Government Communications Security 296

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military 246

Military Phishing Passwords Government 246

Security Affairs

SEPTEMBER 12, 2019

The news was reported by AFP, Blaszczak announced that the cyber command unit would start its operations in 2022. The HackYeah hackathon is one of the most important hacking events in Europe and according to the Polish government, it will attract the many talents and will incentive youngsters in a new profession.

Military 279

Military Cybersecurity Government IT 279

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022.

Energy and Utilities 331

Energy and Utilities Communications Military Access 331

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.

Computer and Electronics 246

Computer and Electronics Military Manufacturing Government 246

Security Affairs

DECEMBER 14, 2021

The Hack DHS bug bounty program will occur in three phases throughout Fiscal Year 2022. The Hack DHS is not the only bug bounty program launched by US government and military, similar initiatives across the federal government include the ‘ Hack the Pentagon ‘ and Hack the Army programs.

IT 329

IT Cybersecurity Military Government 329

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. In recent attacks, the group was observed exploiting a XSS vulnerability, tracked as CVE-2023-5631 , by sending a specially crafted email message.

Military 334

Military Government Phishing IT 334

Security Affairs

JANUARY 18, 2024

The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. This sample, ​​named “Proton-decrypter.exe”, used the C2 address 45.133.216[.]15:3000,

Phishing 333

Phishing Encryption Military Archiving 333

Security Affairs

NOVEMBER 27, 2023

” Rosaviatsia is the government agency responsible for the oversight and regulation of civil aviation in Russia. In the same period in 2022, 50 such incidents were recorded. As of March 2022, Russia had about 820 foreign-made civilian aircraft. This means that the safety hazard of flying in Russia has tripled.

Military 350

Military Manufacturing Government Authentication 350