Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware.

Government 324

Government Archiving Metadata Encryption 324

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. Analysis of the backdoors uploaded on VirusTotal revealed that threat actors utilized geopolitical topics as bait.

Government 267

Government Phishing Access Passwords 267

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises. This campaign highlights the group’s continued efforts to refine their remote access strategies.

Government 304

Government Archiving Phishing Access 304

Security Affairs

FEBRUARY 24, 2025

The origin of the data leak is unclear, the leak is large and inconsistently formatted, complicating the full analysis. News of Shanghai official Bai Tinghui’s corruption investigation was covered by major outlets and confirmed by the government. ” reads the report published by SentinelLabs. ” concludes the report.”The

Cybersecurity 246

Cybersecurity Government Cloud Security 246

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. ” reads the analysis published by Carbon Black Managed Detection & Response team.

Education 343

Education Government Business Services Archiving 343

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Government 332

Government Authentication Communications Access 332

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Further analysis uncovered embedded scenarios detecting the victim’s IP (using GEO2IP module, deployed on a third-party WEB-site), likely done to selectively choose targets or to filter by region.

Phishing 327

Phishing e-Delivery Government Passwords 327

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. ” reads the analysis published by Checkpoint. The analysis of the C2 allowed the researchers to discover other loader variants used by the threat actor, such as CurLu, CurCore, and CurLog.

Government 329

Government IT Encryption Libraries 329

Data Breach Today

APRIL 10, 2024

US Cyber Defense Agency Scales Next-Generation Malware Analysis Platform The U.S.

Cybersecurity 182

Cybersecurity Government Security IT 182

Security Affairs

DECEMBER 16, 2024

Second, the analysis revealed a previously undetected spyware, named “NoviSpy,” which can extract personal data, activate the devices microphone or camera, and was installed during police possession of his phone.

Personal data 264

Personal data Encryption Security Privacy 264

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” reads the analysis published by Morphisec. to lure victims into downloading a malicious file. .” ” concludes Morphisec that also provides indicators of compromise (IoCs).

Government 246

Government Manufacturing Authentication Cybersecurity 246

Security Affairs

DECEMBER 18, 2024

” reads the analysis published by Kaspersky. . “The persistence method used by the threat actor was based on WorldClient allowing loading of extensions that handle custom HTTP requests from clients to the email server.”

Government 287

Government IT Access Information Security 287

Security Affairs

MARCH 27, 2023

Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican.

Archiving 246

Archiving Phishing Passwords Government 246

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government 246

Government Communications Ransomware Manufacturing 246

Data Breach Today

APRIL 8, 2024

Environmental Protection Agency is investigating claims that a notorious government hacker leaked a trove of contact information from the agency's database of critical infrastructure contractors. A spokesperson said the agency conducted a "preliminary analysis" of the allegedly leaked data.

Government 182

Government Data breaches 182

WIRED Threat Level

NOVEMBER 20, 2023

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

Access 364

Access Government Privacy Security 364

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery 308

e-Discovery Communications Ransomware Government 308

Security Affairs

MARCH 8, 2023

China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia.

Government 246

Government Communications Phishing IT 246

Security Affairs

JULY 7, 2022

The attacks against Healthcare and Public Health (HPH) Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware. The joint report refers to an industry analysis of a sample of Maui provided in Stairwell Threat Report: Maui Ransomware.

Ransomware 350

Ransomware Encryption Government Cybersecurity 350

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. ” reads the paper published by the experts. ” reads the paper published by the experts.

Paper 361

Paper Encryption Government IT 361

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing 342

Manufacturing Phishing Passwords Military 342

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain.

Ransomware 346

Ransomware Data breaches Unstructured data Personal data 346

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. In the 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. .

Phishing 355

Phishing Government Archiving Passwords 355

Data Breach Today

OCTOBER 18, 2023

While RARLabs Patched Flaw, 'Many Users' Don't Appear to Have Updated the Software Nation-state hackers are targeting a vulnerability in WinRAR, a popular Windows utility for archiving files, warns Google’s Threat Analysis Group, which said it has seen "government-backed hacking groups" who hail from multiple countries, including China and Russia, (..)

Archiving 302

Archiving Government IT 302

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. The analysis of the code of the page shows that only the WhatsApp download links are pointing to attacker-controlled content for Android and iOS users. ” continues the analysis.

Government 340

Government Security IT Information Security 340

Security Affairs

DECEMBER 29, 2023

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. ” The investigation initiated by the AKCESK is still ongoing; however, the government agency has determined that the origin of the attack is from abroad. ” reads the announcement published by AKCESK.

Computer and Electronics 356

Computer and Electronics Government Security IT 356

Security Affairs

SEPTEMBER 29, 2022

The latter downloads a payload that extracts and injects in itself a new PE (Portable Executable) file, that the analysis showed to be a variant of a malware family known as Graphite, that uses the Microsoft Graph API and OneDrive for C&C communications.” ” reads the analysis published by Cluster25. Microsoft[.]com,

Metadata 342

Metadata Communications Government IT 342

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. The CVE-2021-1879 was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group.

Government 363

Government Security IT Cybersecurity 363

Security Affairs

JUNE 6, 2021

Check Point Research (CPR) said that the Chinese APT group SharpPanda spent three years developing a new backdoor to spy on Asian governments. . The spear-phishing messages impersonate departments of the targeted governments. . ” reads the analysis published by CheckPoint. ” concludes the report.

Phishing 361

Phishing Encryption Government IT 361

Security Affairs

DECEMBER 5, 2023

The insights presented herein result from a thorough mapping and analysis of DoS incidents spanning from January 2022 to August 2023. DoS attacks affect all sectors, government services are consistently the most targeted. An analysis of a total of 310 verified DoS incidents – from January 2022 to August 2023.

Cybersecurity 345

Cybersecurity Risk Government IT 345

Security Affairs

JULY 23, 2022

The attacks against Healthcare and Public Health (HPH) Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware. The joint report refers to an industry analysis of a sample of Maui provided in Stairwell Threat Report: Maui Ransomware. Pierluigi Paganini.

Ransomware 363

Ransomware Encryption Cybersecurity Government 363

Data Breach Today

JANUARY 31, 2024

Information-Sharing Groups Call Reporting Requirements 'Too Costly, Overreaching' Multiple Information Sharing and Analysis Centers decried a proposed incident reporting measure for vendors selling to the U.S. federal government as being costly and ineffective.

Government 259

Government 259

Security Affairs

FEBRUARY 15, 2021

Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. The Russian government really developed this tactic in Ukraine.” Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack.

Government 358

Government Authentication Phishing IT 358

Security Affairs

DECEMBER 20, 2021

federal government commission associated with international rights. federal government commission associated with international rights. ” According to security firm Avast who discovered the attack, the backdoor was likely used as the initial vector in a multi-stage attack to penetrate the government network.

Government 300

Government Libraries Access Security 300

Security Affairs

NOVEMBER 16, 2022

“CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Government 332

Government Mining Cybersecurity Libraries 332

Security Affairs

APRIL 21, 2024

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. The threat actors behind the DuneQuixote campaign took steps to prevent collection and analysis the implants through the implementation of practical and well-designed evasion methods.

Libraries 335

Libraries Communications IT Government 335

Security Affairs

MAY 23, 2022

Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. ” continues the report.

Government 362

Government Security Cybersecurity IT 362