Analysis, Government and Manufacturing - Information Management Today

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. This actor was first spotted by PaloAlto’s UNIT42 in 2018 during wide scale operations against technology, retail, manufacturing, and local government industries in the US, Europe and Asia.

Manufacturing

Manufacturing e-Delivery IT Security

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” reads the analysis published by Morphisec. ” reads the analysis published by Morphisec. to lure victims into downloading a malicious file.

Government

Government Manufacturing Authentication Cybersecurity

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery

e-Discovery Communications Ransomware Government

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

NOVEMBER 15, 2019

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. ” reads the analysis published by ProofPoint. The post New TA2101 threat actor poses as government agencies to distribute malware appeared first on Security Affairs.

Government

Government Ransomware Manufacturing Phishing

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

After looking at 28 of the most popular manufacturers, our research team found 3.5 What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies. Most of the public-facing cameras we discovered are manufactured by the Chinese company Hikvision: the Cybernews research team found over 3.37

Passwords

Passwords Manufacturing Authentication Government

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The list of victims includes manufacturing organizations, banks, schools, and event and meeting planning companies. The analysis of the attackers’ wallet transactions shows that they failed to extort ransom payments from their victims. The first possibility is that the North Korean government sponsors this activity.”

Ransomware

Ransomware Encryption Government Manufacturing

Coronavirus-themed campaign targets energy sector with PoetRAT

Security Affairs

APRIL 18, 2020

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors. . ” reads the analysis published by Cisco Talos. ” reads the analysis published by Cisco Talos. ” continues the analysis. The messages used a document named “C19.docx,”

Energy and Utilities

Energy and Utilities Archiving Phishing Government

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

” states the analysis published by FireEye. “For example, UNC2529 used a unique username, masquerading as an account executive for a small California-based electronics manufacturing company, which Mandiant identified through a simple Internet search.”

Manufacturing

Manufacturing Phishing Military Retail

Hackers target German Task Force for COVID-19 PPE procurement

Security Affairs

JUNE 9, 2020

Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE) against COVID-19. Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE).

Phishing

Phishing Healthcare Manufacturing Government

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Security Affairs

MAY 16, 2021

The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance. Acer Finance operates as an investment management company.

Ransomware

Ransomware Manufacturing Communications Risk

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

” Threat actors employed anti-analysis and evasion techniques, including, code obfuscation and performing some checks for sandbox or debugger environments. At the time of the analysis, the hard-coded target URL of the malware was not reachable making it impossible to attribute the Kraken technique to a specific threat actor.

Phishing

Phishing Manufacturing Archiving Security

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.” ” reads the joint advisory. mstsc.exe A native tool that establishes an RDP connection to a host.

Ransomware

Ransomware Manufacturing Education Passwords

Witchetty APT used steganography in attacks against Middle East entities

Security Affairs

OCTOBER 1, 2022

The group used the backdoor in attacks against Middle Eastern governments. The APT group has been continuously improving its toolset by employing new malware in attacks aimed at governments, diplomatic missions, charities, and industrial/manufacturing organizations in the Middle East and Africa.

Manufacturing

Manufacturing Government Cybersecurity IT

Huawei faces 5G ban from British’s 5G network within months

Security Affairs

JULY 5, 2020

British Prime Minister Boris Johnson is expected to begin phasing out the use of network equipment manufactured by the Chinese tech giant Huawei in the UK’s 5G network as little as six months, The Daily Telegraph reported. The UK intelligence analysis believe that US ban on Chinese 5G technology will force Huawei to use untrusted technology.

Risk

Risk Manufacturing Government Communications

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks. The UK intelligence analysis believe that US ban on Chinese 5G technology will force Huawei to use untrusted technology.

IT

IT Military Manufacturing Risk

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

The attacks detailed by Cybereason targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. ” reads the analysis published by Symantec.

File names

File names Encryption Manufacturing Libraries

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. . The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts. .

Healthcare

Healthcare Phishing Government Manufacturing

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. ” reads the post published by Zscaler. ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Archiving

Archiving Phishing Communications Manufacturing

APT40 cyberespionage group supporting growth of China’s naval sector

Security Affairs

MARCH 5, 2019

A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country’s Belt and Road Initiative. Jumper , and Leviathan ), apparently linked to the Chinese government, is focused on targeting countries important to the country’s Belt and Road Initiative (i.e.

Phishing

Phishing Passwords Government Manufacturing

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

” Rosaviatsia is the government agency responsible for the oversight and regulation of civil aviation in Russia. “Their analysis shows that the civil aviation sector of terrorist Russia is on the verge of collapse.” ” continues the announcement. ” concludes the report.

Military

Military Manufacturing Government Authentication

To Secure Medical Devices, the FDA Turns to Ethical Hackers

Security Affairs

OCTOBER 23, 2018

Ethical hackers have contacted device manufacturers after exposing vulnerabilities in their products. A recent example of a medical device problem concerns a pacemaker manufactured by Medtronic. The agency followed up by doing its own analysis. Government Agencies Present at Cybersecurity Conferences. Image by Rawpixel.

Security

Security Manufacturing Cybersecurity Government

Elections 2024, artificial intelligence could upset world balances

Security Affairs

DECEMBER 27, 2023

Governments should recognize electoral processes as critical infrastructure and enact laws to regulate the use of generative Artificial Intelligence. By broadening the horizon of analysis, it is possible to verify that there will also be elections in China, Japan, Russia, Brazil, and the United Kingdom in the coming months.

Artificial Intelligence

Artificial Intelligence Government Manufacturing IT

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity. Talos researchers reported some overlap with the malicious activities disclosed by Microsoft in October 2023 linked to the APT group Onyx Sleet (aka PLUTIONIUM or Andariel ). ” reads the analysis published by Talos.

Agriculture

Agriculture Data collection Access Manufacturing

Campaign leverages Bit.ly, BlogSpot, and Pastebin to distribute RevengeRAT

Security Affairs

APRIL 22, 2019

Attackers hit organizations in several industries including Technology, Retail, Manufacturing, State/Local Government, Hospitality, Medical, and other Professional business. ” reads the analysis published by Palo Alto Networks. ” continues the analysis. ” reads the analysis. org domain for C2.”

Retail

Retail Manufacturing Passwords Government

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry. . This circumstance is confirmed by revelations that emerged in the last couple of years that the Iranian government is using cyber mercenaries for its operations. ” reads the analysis published by Microsoft.

Cloud

Cloud Authentication Manufacturing Security

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Security Affairs

MARCH 15, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). A joint analysis conducted by Microsoft and RiskIQ allowed to identify more than 100,000 servers still vulnerable.

Ransomware

Ransomware Military Manufacturing Security

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The hackers targeting organizations across multiple industries and have also targeted foreign governments, dissidents, and journalists. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.

Libraries

Libraries Encryption Communications Manufacturing

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Security Affairs

AUGUST 3, 2023

Rapid7 conducted an analysis on three distinct infusion pump models: the Alaris PC 8015, the Baxter Sigma Spectrum model 35700BAX2 along with its associated Wireless Battery Module (WBM), and the Hospira Abbott PLUM A+ with MedNet. ” reads the analysis published by Rapid7. . ” reads the analysis published by Rapid7.

Marketing

Marketing Authentication Communications Manufacturing

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The operation targeted many organizations in critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. organizations since 2020. law enforcement). According to the French ANSSI cybersecurity agency, LockBit 3.0

Ransomware

Ransomware Cybersecurity Agriculture Education

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. ” reads the analysis published by Lookout. According to Lookout, the Hermit spyware was likely developed by Italian surveillance vendor RCS Lab S.p.A

Military

Military Manufacturing Government Security

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

RansomExx operation has been active since 2018, the list of its victims includes government agencies, the computer manufacturer and distributor GIGABYTE , and the Italian luxury brand Zegna. ” reads the analysis published by IBM Security X-Force.

Ransomware

Ransomware Encryption Manufacturing Government

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

” reads the joint analysis published by AdvIntel and Eclypsium. The Secure Boot mechanism allows the execution of only software that is trusted by the Original Equipment Manufacturer (OEM). ” continues the analysis. ” continues the post. ” continues the post.

Manufacturing

Manufacturing Security Ransomware IT

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security Affairs

SEPTEMBER 27, 2018

Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe. ” continues the report.

Military

Military Manufacturing Government Security

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

” The MiCODUS MV720 GPS Tracker is a popular vehicle GPS tracker manufactured in China, which is used by consumers for theft protection and location management, and by organizations for vehicle fleet management. The analysis of the sector usage on a global scale revealed significant differences by continent in the typical user profile.

Passwords

Passwords Manufacturing Military Authentication

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. ” states the analysis published by Bishop Fox. states the report published by Fortinet.

Manufacturing

Manufacturing Authentication Security Risk

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Security Affairs

MAY 14, 2019

Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors. ” reads the analysis published by Kaspersky Lab.

IT

IT Military Manufacturing Government

China-linked APT used Daxin, one of the most sophisticated backdoor even seen

Security Affairs

MARCH 1, 2022

The malicious code was likely designed for long-running espionage campaigns against government entities and critical infrastructure targets. ” continues the analysis. We will publish follow-up blogs over the coming days with more detailed technical analysis and other insights from our research and collaborations.”

Communications

Communications Manufacturing Government Risk

Qbot uses a new email collector module in the latest campaign

Security Affairs

AUGUST 31, 2020

Most of the infections were observed in organizations in the US and Europe, the most targeted industries were in the government, military, and manufacturing sectors. . ” reads the analysis published by CheckPoint.

Passwords

Passwords Military Manufacturing Encryption

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The researchers shared a detailed analysis on Security Affairs , they explained that once the malware has infected a Windows machine, it overwrites the existing Master Boot Record, with a custom MBR and encrypts the hard drive using the DiskCryptor tool. DiskCryptor is not inherently malicious but has been weaponized.”

Ransomware

Ransomware Encryption File names Passwords

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Since March, the attackers have been trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. In other instances, the gang exploited the COVID-19 theme and anti-government rallies in Belarus in their phishing emails. About Group-IB.

Ransomware

Ransomware Phishing Encryption Authentication

Cyber-Criminal espionage Operation insists on Italian Manufacturing

SYS01 stealer targets critical government infrastructure

Webinars

Trending Sources

China’s Volt Typhoon botnet has re-emerged

Webinars

China-linked APT Curious Gorge targeted Russian govt agencies

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

New TA2101 threat actor poses as government agencies to distribute malware

Raspberry Robin malware used in attacks against Telecom and Governments

3.5m IP cameras exposed, with US in the lead

Holy Ghost ransomware operation is linked to North Korea

Coronavirus-themed campaign targets energy sector with PoetRAT

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Hackers target German Task Force for COVID-19 PPE procurement

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

FBI and CISA warn of attacks by Rhysida ransomware gang

Witchetty APT used steganography in attacks against Middle East entities

Huawei faces 5G ban from British’s 5G network within months

France will not ban Huawei from its upcoming 5G networks

China-linked APT41 group targets Hong Kong with Spyder Loader

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Grandoreiro banking malware targets Mexico and Spain

APT40 cyberespionage group supporting growth of China’s naval sector

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

To Secure Medical Devices, the FDA Turns to Ethical Hackers

Elections 2024, artificial intelligence could upset world balances

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Campaign leverages Bit.ly, BlogSpot, and Pastebin to distribute RevengeRAT

Microsoft blocked Polonium attacks against Israeli organizations

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Cybersecurity agencies published a joint LockBit ransomware advisory

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

RansomExx Ransomware upgrades to Rust programming language

TrickBoot feature allows TrickBot bot to run UEFI attacks

Raspberry Robin malware used in attacks against Telecom and Governments

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

China-linked APT used Daxin, one of the most sophisticated backdoor even seen

Qbot uses a new email collector module in the latest campaign

FBI published a flash alert on Mamba Ransomware attacks

Group-IB detects a series of ransomware attacks by OldGremlin

Stay Connected