2023 and Military - Information Management Today

NATO military command center should be fully operational in 2023

Security Affairs

OCTOBER 22, 2018

The NATO military command center should be fully operational in 2023, every member states will contribute with its cyber capabilities to the military hub. NATO alliance is aware of growing threats in the cyberspace and the new NATO military command center aims to respond them. 31 at its military hub in Belgium.

Military

Military Communications Security IT

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. “TAG70 has demonstrated a high level of sophistication in its attack methods. ESET researchers also detailed the same attack chain.

Military

Military Government Access Risk

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Security Affairs

AUGUST 21, 2023

military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “ HiatusRAT ” that infected over 100 edge networking devices globally. military server used for contract proposals and submissions. military procurement system appeared first on Security Affairs.

Military

Military Manufacturing Government Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

N. Korean Kimsuky APT targets S. Korea-US military exercises

Security Affairs

AUGUST 20, 2023

South Korea military exercise. The military drill, the Ulchi Freedom Guardian summer exercises , will start on Monday, August 21, 2023 , and will last 11 days. The military exercises aim at improving the ability of the two armies to respond to North Korea’s evolving nuclear and missile threats. .

Military

Military Phishing Government Security

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Security Affairs

JUNE 14, 2023

The IT giant pointed out that Cadet Blizzard is distinct from other known APT groups operating under the control of the Russian military intelligence GRU, such as Forest Blizzard ( STRONTIUM ) and Seashell Blizzard (IRIDIUM). Unlike other Russia-linked APT group, CadetBlizzard operations are extremely disruptive.

Military

Military Government IT Security

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in attacks aimed at European NATO members. The first occurred between March-December 2022 and the second occurred in March 2023.”

Military

Military Government Phishing Authentication

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military

Military Phishing Government Authentication

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

The researchers found a malicious PPSX (PowerPoint Slideshow signal-2023-12-20-160512.ppsx) ppsx) file uploaded from Ukraine to VirusTotal at the end of 2023. “The lure contained military-related content, suggesting it was targeting military personnel. But the domain names weavesilk[.]space space and petapixel[.]fun

Military

Military Mining Libraries Security

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. Diehl Defence GmbH & Co.

Military

Military Manufacturing Phishing Information Security

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Access Phishing

NATO is investigating a new cyber attack claimed by the SiegedSec group

Security Affairs

OCTOBER 5, 2023

There has been no impact on NATO missions, operations and military deployments.” On Saturday, September 30, 2023, the group announced on its Telegram channel the theft of approximately 3,000 North Atlantic Treaty Organization’ documents, more than 9 GB of data. . “Additional cyber security measures have been put in place.

Military

Military Security IT Access

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Security Affairs

JANUARY 29, 2024

The information secretly provided to Moscow includes military secrets such as the locations of Ukrainian troops and military weaponry in the country. Russian military used this information to coordinate recent missile strikes. If found guilty, the man could face up to 12 years in prison.

Military

Military Communications Government Security

Lockbit ransomware gang claims to have stolen data from Boeing

Security Affairs

OCTOBER 27, 2023

The gang claims to have stolen a huge amount of sensitive data from the company and threatens to publish it if Boeing does not contact them within the deadline (02 Nov, 2023 13:25:39 UTC). At the time of this writing, the group has yet to publish any samples. ” reads the message published by the group on its leak site.

Ransomware

Ransomware Manufacturing Military Cybersecurity

Chinese Hackers Penetrated Unclassified Dutch Network

Data Breach Today

FEBRUARY 6, 2024

Beijing Used FortiGate Vulnerability to Install Trojan Chinese espionage hackers penetrated Dutch military systems in early 2023, using a zero-day exploit in a Fortinet virtual private network to obtain access, Netherlands intelligence agencies disclosed Tuesday.

Military

Military Access

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

Security Affairs

AUGUST 3, 2024

Unit 42 pointed out that other threat groups, like Cloaked Ursa , in 2023 used an advertisement for a BMW for sale to target diplomatic missions within Ukraine. In June 2023, researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages.

Sales

Sales Phishing Military Archiving

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

SEPTEMBER 4, 2023

It is not clear who is behind the DDoS attack, but the media speculate that it was launched by pro-Russian hacktivists in response to the German financial and military support to Ukraine. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days.

Financial Services

Financial Services Military Insurance Marketing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

North Korea's BlueNoroff Group Targets macOS Systems

Data Breach Today

MAY 23, 2023

BlueNoroff Changed Attack Tactics in 2023 After Its TTPs Were Leaked The BlueNoroff hacker group, which is associated with the North Korean military's Reconnaissance General Bureau, is using RustBucket malware to target macOS systems of users primarily in the United States and Asia - a tactic observed for the first time since the group began its operations. (..)

Military

Military IT

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches

Data breaches Security Military Ransomware

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. In recent attacks, the group was observed exploiting a XSS vulnerability, tracked as CVE-2023-5631 , by sending a specially crafted email message. x before 1.6.4, x before 1.5.5, x before 1.4.15.

Military

Military Government Phishing IT

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. ANSSI investigations confirm that APT28 exploited the Outlook 0-day vulnerability CVE-2023-23397.

Military

Military Phishing Government Security

Snatch gang claims the hack of the Department of Defence South Africa

Security Affairs

AUGUST 22, 2023

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. The group claims to have stolen Military contracts, internal call signs and personal data, for a total of 1.6 HENSOLDT is a company specializing in military and defense electronics. TB of data.

Computer and Electronics

Computer and Electronics Military Ransomware Personal data

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Security Affairs

OCTOBER 29, 2023

Another blow by our cyber army disrupting enemy military communication at the frontlines.” am on October 27, 2023. am on October 27, 2023. Today, our intel orchestrated a “thousand proxies” strike, disabling “Miranda-media,” “Krimtelekom,” and “MirTelekom.”

IT

IT Communications Military Security

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

JANUARY 5, 2024

Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm was inside Ukrainian telecoms giant Kyivstar from at least May 2023, the head of Ukraine’s Security Service of Ukraine’s (SBU) told Reuters.

Military

Military Communications Access Ransomware

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

Authentication

Authentication Military Security Communications

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

The content of the alleged stolen data demonstrates that: In January 2023, 185 accidents were recorded in Russian civil aviation. In the first 9 months of 2023, 150 cases of aircraft malfunctions were recorded in Russia. In January 2023 alone, 19 different failures were recorded among the 220 Airbus aircraft in Russia. .

Military

Military Manufacturing Government Authentication

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug Russian APT29 conducts phishing attacks through Microsoft Teams Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign Burger King forgets to put a password (..)

Security

Security Military Phishing Sales

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Security Affairs

NOVEMBER 18, 2023

The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. Most of the attacks began in February/March 2023 and threat actors remained undetected in the target networks until May.

Military

Military Communications IT Government

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

“A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165 , also known as APT28, Sofacy Group , Forest Blizzard , Pawn Storm , Fancy Bear , and Sednit , used to conceal and otherwise enable a variety of crimes.”

Military

Military Government Access Cybersecurity

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 27, 2023

military procurement system Spoofing an Apple device and tricking users into sharing sensitive data Israel and US to Invest $3.85 military procurement system Spoofing an Apple device and tricking users into sharing sensitive data Israel and US to Invest $3.85 Korean Kimsuky APT targets S.

Security

Security Military Ransomware Passwords

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Last week, software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

Security

Security Authentication Military Government

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. “The Ministry of Defence (MOD) of the Netherlands was impacted in 2023 by an intrusion into one of its networks.

Military

Military Government Security IT

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Security Affairs

JUNE 25, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Military Ransomware Cybersecurity

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Archiving

Archiving Military Communications Phishing

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. 15:3000, and was likely active around August and September 2023.”

Phishing

Phishing Encryption Military Archiving

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Security Affairs

DECEMBER 14, 2023

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September 2023. The APT29 group (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) exploited the flaw CVE-2023-42793 in TeamCity to carry out multiple malicious activities. in TeamCity.

Authentication

Authentication Military Access Manufacturing

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Security Affairs

SEPTEMBER 10, 2024

Nation-state actors targeted government institutions and state-owned companies involved in military contracts. In August 2023, Poland’s Internal Security Agency (ABW) and national police launched an investigation into a hacking attack on the state’s railway network. ” reported the Associated Press.

Ransomware

Ransomware Government Military Security

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations.

Military

Military File names Archiving Phishing

A zero-click vulnerability in Windows allows stealing NTLM credentials

Security Affairs

MAY 11, 2023

Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324 , that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform.

Military

Military Cybersecurity Security Government

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. In 2023 attacks observed by Lumen, the bot targeted ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380 router models. ” concludes the report.

Military

Military IoT Encryption Communications

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. .” ” U.S.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. reads the post published by Proofpoint.

IT

IT Military Phishing Passwords

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Security

Security Ransomware Data breaches Military

NATO military command center should be fully operational in 2023

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Webinars

Trending Sources

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Webinars

N. Korean Kimsuky APT targets S. Korea-US military exercises

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

APT28 targets key networks in Europe with HeadLace malware

Targeted operation against Ukraine exploited 7-year-old MS Office bug

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

NATO is investigating a new cyber attack claimed by the SiegedSec group

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Lockbit ransomware gang claims to have stolen data from Boeing

Chinese Hackers Penetrated Unclassified Dutch Network

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

A massive DDoS attack took down the site of the German financial agency BaFin

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

North Korea's BlueNoroff Group Targets macOS Systems

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Snatch gang claims the hack of the Department of Defence South Africa

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

A zero-click vulnerability in Windows allows stealing NTLM credentials

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Stay Connected