2023, Government and Military - Information Management Today

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. “TAG70 has demonstrated a high level of sophistication in its attack methods.

Military

Military Government Access Risk

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Security Affairs

AUGUST 21, 2023

military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “ HiatusRAT ” that infected over 100 edge networking devices globally. military server used for contract proposals and submissions. military procurement system appeared first on Security Affairs.

Military

Military Manufacturing Government Access

Russia-linked APT28 targets government Polish institutions

Security Affairs

MAY 10, 2024

CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams issued a warning about a large-scale malware campaign targeting Polish government institutions, allegedly orchestrated by the Russia-linked APT28 group. ” reads the alert.

Government

Government Military Libraries Archiving

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

N. Korean Kimsuky APT targets S. Korea-US military exercises

Security Affairs

AUGUST 20, 2023

South Korea military exercise. The military drill, the Ulchi Freedom Guardian summer exercises , will start on Monday, August 21, 2023 , and will last 11 days. The military exercises aim at improving the ability of the two armies to respond to North Korea’s evolving nuclear and missile threats.

Military

Military Phishing Government Security

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Security Affairs

JUNE 14, 2023

The IT giant pointed out that Cadet Blizzard is distinct from other known APT groups operating under the control of the Russian military intelligence GRU, such as Forest Blizzard ( STRONTIUM ) and Seashell Blizzard (IRIDIUM). Unlike other Russia-linked APT group, CadetBlizzard operations are extremely disruptive.

Military

Military Government IT Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in attacks aimed at European NATO members. The first occurred between March-December 2022 and the second occurred in March 2023.”

Military

Military Government Phishing Authentication

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military

Military Phishing Government Authentication

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Access Phishing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Security Affairs

JANUARY 29, 2024

The hacktivists group is known for having launched DDoS attacks against Western organizations and Ukrainian government agencies. The information secretly provided to Moscow includes military secrets such as the locations of Ukrainian troops and military weaponry in the country. The news was first reported by The Record Media.

Military

Military Communications Government Security

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. x before 1.6.4, x before 1.5.5, x before 1.4.15.

Military

Military Government Phishing IT

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

“A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165 , also known as APT28, Sofacy Group , Forest Blizzard , Pawn Storm , Fancy Bear , and Sednit , used to conceal and otherwise enable a variety of crimes.”

Military

Military Government Access Cybersecurity

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sécurité des systèmes d’information) warns that the Russia-linked APT28 group has been targeting multiple French organizations, including government entities, businesses, universities, and research institutes and think tanks.

Military

Military Phishing Government Security

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches

Data breaches Security Military Ransomware

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Security Affairs

SEPTEMBER 10, 2024

Nation-state actors targeted government institutions and state-owned companies involved in military contracts. The Polish government plans to introduce new legislation aimed at strengthening the country’s resilience to cyber attacks. ” reported the Associated Press. ” reported the Associated Press.

Ransomware

Ransomware Government Military Security

Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group

Security Affairs

OCTOBER 4, 2024

government and nonprofits. Intelligence Community, Department of Defense, Department of State, Department of Energy, and military defense contractors. The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.

Phishing

Phishing Military Government IT

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

” Rosaviatsia is the government agency responsible for the oversight and regulation of civil aviation in Russia. The content of the alleged stolen data demonstrates that: In January 2023, 185 accidents were recorded in Russian civil aviation. About a third of them were classified as incidents of varying levels of danger.

Military

Military Manufacturing Government Authentication

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. “The Ministry of Defence (MOD) of the Netherlands was impacted in 2023 by an intrusion into one of its networks.

Military

Military Government Security IT

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

Authentication

Authentication Military Security Communications

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. The experts observed multiple spear-phishing attempts between March and May 2023. The messages use specially crafted archives containing LNK files disguised as regular documents.

Archiving

Archiving Military Communications Phishing

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Security Affairs

JUNE 25, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Military Ransomware Cybersecurity

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Last week, software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

Security

Security Authentication Military Government

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Security Affairs

APRIL 1, 2024

The US government announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy. The US Defense Department announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy (ASD(CP)) as directed in the National Defense Authorization Act for Fiscal Year 2023.

Military

Military Government Security Information Security

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. 15:3000, and was likely active around August and September 2023.”

Phishing

Phishing Encryption Military Archiving

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats.

IT

IT Military Phishing Passwords

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security

Security Passwords Military Marketing

A zero-click vulnerability in Windows allows stealing NTLM credentials

Security Affairs

MAY 11, 2023

Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324 , that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform.

Military

Military Cybersecurity Security Government

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. In November 2023, the experts noticed that the botnet started targeting Axis IP cameras, such as the M1045-LW, M1065-LW, and p1367-E.

Energy and Utilities

Energy and Utilities Communications Military Access

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to CERT-UA, this campaign targeted more than 40 Ukrainian organizations, including government entities.

Military

Military Phishing Government Communications

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

In December 2023, Fortinet urged its customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices.

Military

Military Government Security IT

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023. Source: Reliaquest.com.

Ransomware

Ransomware Government Military Access

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group , Cozy Bear , Nobelium , and The Dukes ). The Military Counterintelligence Service and CERT.PL

Libraries

Libraries Military Education Government

Global Malicious Activity Targeting Elections is Skyrocketing

Security Affairs

FEBRUARY 13, 2024

presidential election, the outcome of which could radically alter the destinies of geopolitical relations and military conflicts globally. and its allies, activity observed by Resecurity between 2023 and early 2024 indicates a 100 percent increase from the previous analysis period. Besides the continued targeting of the U.S.

Military

Military Passwords Government IT

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

The botnet has been active since at least May 2020, reaching its peak with 60,000 compromised devices in June 2023. and Taiwan across various sectors, including military, government, higher education, telecommunications, defense industrial base, and IT.” “This botnet has targeted entities in the U.S.

IoT

IoT Military Education Cybersecurity

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military

Military Phishing Passwords Government

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets.

Phishing

Phishing Encryption Military Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. This domain has been hosted on eight other IPs throughout its history, none of these IPs were directly affiliated with the South African government. Experts added that the IP 196.216.136[.]139

Communications

Communications Military Government Libraries

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. ” reads the report published by the Google TAG. The group used spear-phishing campaigns against small numbers of users in Ukraine.

Phishing

Phishing Military Ransomware Education

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Cybersecurity Sales Blockchain

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Security

Security Ransomware Data breaches IoT

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Webinars

Trending Sources

Russia-linked APT28 targets government Polish institutions

Webinars

N. Korean Kimsuky APT targets S. Korea-US military exercises

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

APT28 targets key networks in Europe with HeadLace malware

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

A zero-click vulnerability in Windows allows stealing NTLM credentials

FBI chief says China is preparing to attack US critical infrastructure

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

U.S. Hacks QakBot, Quietly Removes Botnet Infections

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Global Malicious Activity Targeting Elections is Skyrocketing

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Dark Pink APT targets Govt entities in South Asia

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Google TAG warns of Russia-linked APT groups targeting Ukraine

New Leak Shows Business Side of China’s APT Menace

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Stay Connected