Analysis, Government and Military - Information Management Today

A new piece of Ryuk Stealer targets government, military and finance sectors

Security Affairs

JANUARY 26, 2020

A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. At the time of the analysis, both sites were not reachable at the time of the analysis. ” reported BleepingComputer. Pierluigi Paganini.

Military

Military Government Ransomware Privacy

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. The researchers recommend reading the detailed analysis of the recent TAG-70 campaign here.

Military

Military Government Access Risk

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines. Chinese APT group Tropic Trooper, aka KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines, Trend Micro researchers reported. ” continues the report.

Military

Military Government Security IT

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Military

Military Authentication Access Government

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military. ” reads the analysis from ESET.

Military

Military Archiving Security Government

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

NOVEMBER 10, 2021

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. SecurityAffairs – hacking, Taiwan Government).

Government

Government Military Information Security Security

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers).

Military

Military Phishing Government Sales

Autoclerk travel reservations platform data leak also impacts US Government and military

Security Affairs

OCTOBER 22, 2019

” reads the analysis published by vpnMentor. “The data Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.” “For the US government, alarm bells should be ringing.

Military

Military Government Cloud Archiving

LUCKY ELEPHANT campaign targets South Asian governments

Security Affairs

MARCH 27, 2019

The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments. Pierluigi Paganini.

Government

Government Military Phishing Security

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Pierluigi Paganini.

Government

Government Military Phishing Access

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government.

Government

Government Phishing Military IT

NYT report states that ToTok app is a government spy tool.

Security Affairs

DECEMBER 24, 2019

According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. The report said US intelligence officials and a security researcher determined the app was being used by the UAE government for detailed surveillance. ” reads the analysis published by Wardle.

Government

Government Military Security IT

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

.” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military IoT Government Phishing

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. ” reads the analysis published by Kaspersky.

Military

Military Phishing Passwords Access

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs

SEPTEMBER 15, 2024

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights Dissecting Lumma Malware: Analyzing the Fake CAPTCHA and Obfuscation Techniques – Part 2 Predator Spyware Infrastructure Returns Following Exposure and Sanctions Malware’s Shared Secrets: Code Similarity Insights for (..)

Security

Security Military Ransomware Marketing

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to experts from Symantec, the group is now actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Military

Military Government Phishing Security

No Surprise: China Blamed for 'Big Data' Hack of Equifax

Data Breach Today

FEBRUARY 11, 2020

Analysis: Equifax Failed on Security, But Only Governments Can Hold Each Other to Account Who's surprised Chinese military hackers allegedly hacked Equifax?

Big data

Big data Military Personal data Government

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. So why do we do these government warnings then? ” Huntley added. “At

Phishing

Phishing Military Government Security

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. Additional details are included in the analysis published by ESET.

Military

Military Phishing Government IT

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Government Libraries

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. . ” reads the analysis published by FireEye. through 2020.2.1

Military

Military Cybersecurity Communications Government

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. ” reads the analysis published by Symantec. The Thrip group has been active since 2013, but this is the first time Symantec publicly shared details of its activities.

Military

Military Communications Government Education

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. The analysis of the email HTML source code revealed the presence of a SVG tag at the end, which contains a base64-encoded payload. ” reads the analysis published by ESET.

Military

Military Government Phishing IT

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine. a threat actor impersonated military personnel to extort money for rescuing relatives in Ukraine.

Military

Military Phishing Government Ransomware

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011.

Military

Military Phishing Passwords Government

Threat actors hacked Taiwan-based Chunghwa Telecom

Security Affairs

MARCH 4, 2024

Threat actors stole sensitive information from the company, including military and government documents, revealed Taiwan’s Defense Ministry. TeraBytes of data” that included government contracts. Threat actors claim they have stolen 1.7 ” reported AFP agency.

Military

Military Government Sales Information Security

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Zebrocy is mainly used against governments and commercial organizations engaged in foreign affairs.

Phishing

Phishing Healthcare Military Data collection

Ukrainian WordPress sites under massive complex attacks

Security Affairs

MARCH 3, 2022

Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. The attacks aimed at making the websites unreachable and causing fear and distrust in the Ukrainian government, WordPress security firm Wordfence reported. This data set includes 8,320.UA

Military

Military Government Security Access

Global Malicious Activity Targeting Elections is Skyrocketing

Security Affairs

FEBRUARY 13, 2024

presidential election, the outcome of which could radically alter the destinies of geopolitical relations and military conflicts globally. and its allies, activity observed by Resecurity between 2023 and early 2024 indicates a 100 percent increase from the previous analysis period. Besides the continued targeting of the U.S.

Military

Military Passwords Government IT

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

” reads the analysis published by IBM. The group has been known to target a wide range of organizations and government agencies worldwide. IBM X-Force IRIS did not find evidence of the two military members’ professional network credentials being compromised, and no professional information appears to have been included.”

Military

Military Authentication Cloud IT

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. ” reads the analysis published by Microsoft. ” concludes the report.

Authentication

Authentication Military Access Government

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks. The UK intelligence analysis believe that US ban on Chinese 5G technology will force Huawei to use untrusted technology.

IT

IT Military Manufacturing Risk

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Security Affairs

MARCH 2, 2022

A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. ” reads the analysis published by ProofPoint. “Proofpoint researchers have identified a phishing campaign originating from an email address (ukr[.]net)

Phishing

Phishing Military Government Communications

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to CERT-UA, this campaign targeted more than 40 Ukrainian organizations, including government entities.

Military

Military Phishing Government Communications

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Security Affairs

FEBRUARY 17, 2020

Security experts from Yoroy-Cybaze ZLab have conducted a detailed analysis of an implant used by the Gamaredon APT group in a recent campaign. It is distributed in a spear-phishing campaign with a weaponized office document that appears to be designed to lure military personnel. . Technical Analysis. Introduction. Conclusion.

Archiving

Archiving Military IT Phishing

Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers

Security Affairs

MARCH 5, 2020

According to the CrowdStrike 2020 Global Threat Report, the telecommunications and government sectors were the most targeted by the threat actors. Chinese hackers also targeted several organizations in the healthcare sector, government and defense sectors of countries in Asia. ” reads the report published by CrowdStrike.

Military

Military Government IT Security

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

” states the analysis published by FireEye. The groups targeted organizations in the business services, financial, health, retail/consumer, aero-military, engineering and manufacturing, government, education, transportation, and utilities industries.

Manufacturing

Manufacturing Phishing Military Retail

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed to North Korea. ” reads the CISA’s MAR report.

Military

Military Systems administration Government Access

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

Japanese video-sharing platform Niconico was victim of a cyber attack UK NHS call for O-type blood donations following ransomware attack on London hospitals Christie’s data breach impacted 45,798 individuals Sticky Werewolf targets the aviation industry in Russia and Belarus Frontier Communications data breach impacted over 750,000 individuals PHP (..)

Data breaches

Data breaches Security Ransomware Sales

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. ” reads the analysis published by the expert. ” continues the analysis. ” continues Kaspersky.

Communications

Communications Encryption Military Government

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

reads the analysis published by Volexity.” reads the analysis published by Volexity. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance. ” reads the update provided by Volexity.

Security

Security Authentication Military Government

A new piece of Ryuk Stealer targets government, military and finance sectors

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Webinars

Trending Sources

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Webinars

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Machete cyber-espionage group targets Latin America military

Taiwan Government faces 5 Million hacking attempts daily

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Autoclerk travel reservations platform data leak also impacts US Government and military

LUCKY ELEPHANT campaign targets South Asian governments

Russian APT groups target European governments ahead of May Elections

Google blocked China-linked APT31’s attacks targeting U.S. Government

NYT report states that ToTok app is a government spy tool.

FBI and NSA joint report details APT28’s Linux malware Drovorub

China-linked APT Curious Gorge targeted Russian govt agencies

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

APT28 group return to covert intelligence gathering ops in Europe and South America.

No Surprise: China Blamed for 'Big Data' Hack of Equifax

Google warns of APT28 attack attempts against 14,000 Gmail users

Gamaredon group uses a new Outlook tool to spread malware

New Gallmaker APT group eschews malware in cyber espionage campaigns

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Google TAG details cyber activity with regard to the invasion of Ukraine

XDSpy APT remained undetected since at least 2011

Threat actors hacked Taiwan-based Chunghwa Telecom

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Ukrainian WordPress sites under massive complex attacks

Global Malicious Activity Targeting Elections is Skyrocketing

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Nobelium APT uses new Post-Compromise malware MagicWeb

France will not ban Huawei from its upcoming 5G networks

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Platinum APT and leverages steganography to hide C2 communications

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Stay Connected