Analysis, Government and Military - Information Management Today

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers).

Military

Military Phishing Government Sales

A new piece of Ryuk Stealer targets government, military and finance sectors

Security Affairs

JANUARY 26, 2020

A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. At the time of the analysis, both sites were not reachable at the time of the analysis. ” reported BleepingComputer. Pierluigi Paganini.

Military

Military Government Ransomware Privacy

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. The researchers recommend reading the detailed analysis of the recent TAG-70 campaign here.

Military

Military Government Access Risk

No Surprise: China Blamed for 'Big Data' Hack of Equifax

Data Breach Today

FEBRUARY 11, 2020

Analysis: Equifax Failed on Security, But Only Governments Can Hold Each Other to Account Who's surprised Chinese military hackers allegedly hacked Equifax?

Big data

Big data Military Personal data Government

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines. Chinese APT group Tropic Trooper, aka KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines, Trend Micro researchers reported. ” continues the report.

Military

Military Government IT Security

Machete cyber-espionage group targets Latin America military

Security Affairs

AUGUST 5, 2019

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military. ” reads the analysis from ESET.

Military

Military Archiving Security Government

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

NOVEMBER 10, 2021

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. SecurityAffairs – hacking, Taiwan Government).

Government

Government Military Information Security Security

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Cybersecurity Sales Blockchain

Autoclerk travel reservations platform data leak also impacts US Government and military

Security Affairs

OCTOBER 22, 2019

” reads the analysis published by vpnMentor. “The data Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.” “For the US government, alarm bells should be ringing.

Military

Military Government Cloud Archiving

LUCKY ELEPHANT campaign targets South Asian governments

Security Affairs

MARCH 27, 2019

The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments. Pierluigi Paganini.

Government

Government Military Phishing Security

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few. Riani has experience as political advisor to Kurdistan Regional Government (KRG) and as the director on the Global Risk Analysis at Control Risks.

Risk

Risk Military Marketing Data Privacy

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Pierluigi Paganini.

Government

Government Military Phishing Access

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

. “A backbone carrier disconnecting its customers in a country the size of Russia is without precedent in the history of the internet and reflects the intense global reaction that the world has had over the invasion of Ukraine,” wrote Doug Madory , Kentik’s director of Internet analysis.

Military

Military Government Risk Business Services

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S.,

Cybersecurity

Cybersecurity Passwords Military Education

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

The Last Watchdog

NOVEMBER 14, 2023

Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies. This strengthens the overall Windows ecosystem, Budd noted.

Ransomware

Ransomware Military Security Government

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

KnowBe4

JANUARY 22, 2024

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Government Security

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

Threatpost

FEBRUARY 5, 2020

Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in […].

Military

Military Government Security IT

NYT report states that ToTok app is a government spy tool.

Security Affairs

DECEMBER 24, 2019

According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. The report said US intelligence officials and a security researcher determined the app was being used by the UAE government for detailed surveillance. ” reads the analysis published by Wardle.

Government

Government Military Security IT

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

.” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military IoT Phishing Government

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Security Affairs

AUGUST 23, 2020

The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. ” reads the analysis published by Kaspersky.

Military

Military Phishing Passwords Communications

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs

SEPTEMBER 15, 2024

Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights Dissecting Lumma Malware: Analyzing the Fake CAPTCHA and Obfuscation Techniques – Part 2 Predator Spyware Infrastructure Returns Following Exposure and Sanctions Malware’s Shared Secrets: Code Similarity Insights for (..)

Security

Security Military Ransomware Marketing

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

OCTOBER 7, 2018

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. According to experts from Symantec, the group is now actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Military

Military Government Phishing Security

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. So why do we do these government warnings then? ” Huntley added. “At

Phishing

Phishing Military Government Security

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. Additional details are included in the analysis published by ESET.

Military

Military Phishing Government IT

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. . ” reads the analysis published by FireEye. through 2020.2.1

Military

Military Cybersecurity Communications Government

Threat actors hacked Taiwan-based Chunghwa Telecom

Security Affairs

MARCH 4, 2024

Threat actors stole sensitive information from the company, including military and government documents, revealed Taiwan’s Defense Ministry. TeraBytes of data” that included government contracts. Threat actors claim they have stolen 1.7 ” reported AFP agency.

Military

Military Sales Government Information Security

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. The analysis of the email HTML source code revealed the presence of a SVG tag at the end, which contains a base64-encoded payload. ” reads the analysis published by ESET.

Military

Military Government Phishing IT

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Government Libraries

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. ” reads the analysis published by Symantec. The Thrip group has been active since 2013, but this is the first time Symantec publicly shared details of its activities.

Military

Military Communications Government Education

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine. a threat actor impersonated military personnel to extort money for rescuing relatives in Ukraine.

Military

Military Phishing Government Ransomware

NATO Announces New Integrated Cyber Defence Centre

eSecurity Planet

JULY 17, 2024

The North Atlantic Treaty Organization (NATO), a military alliance formed in 1949 to counter the Soviet threat during the Cold War, has traditionally focused on deterring and defending against conventional military attacks. The fight against cyberthreats extends beyond military alliances.

Military

Military Cybersecurity Security IT

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Security Affairs

NOVEMBER 18, 2023

The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. ” reads the analysis published by CheckPoint.

Military

Military Communications IT Government

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011.

Military

Military Phishing Passwords Government

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Zebrocy is mainly used against governments and commercial organizations engaged in foreign affairs.

Phishing

Phishing Healthcare Military Data collection

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

reads the analysis published by Volexity.” reads the analysis published by Volexity. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance. ” reads the update provided by Volexity.

Security

Security Authentication Military Government

China's AI Strategy and its Security Implications

Schneier on Security

FEBRUARY 7, 2019

Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications.

Military

Military Security IT Government

Ukrainian WordPress sites under massive complex attacks

Security Affairs

MARCH 3, 2022

Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. The attacks aimed at making the websites unreachable and causing fear and distrust in the Ukrainian government, WordPress security firm Wordfence reported. This data set includes 8,320.UA

Military

Military Government Security Access

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

” reads the analysis published by IBM. The group has been known to target a wide range of organizations and government agencies worldwide. IBM X-Force IRIS did not find evidence of the two military members’ professional network credentials being compromised, and no professional information appears to have been included.”

Military

Military Authentication Cloud IT

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

DECEMBER 13, 2021

The HSE ultimately enlisted members of the Irish military to bring in laptops and PCs to help restore computer systems by hand. According to HealthcareIT News , more than 40 million patient records have been compromised in incidents reported to the federal government in 2021 so far alone.

Ransomware

Ransomware Cybersecurity Phishing Security

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. ” reads the analysis published by Microsoft. ” concludes the report.

Authentication

Authentication Military Access Government

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks. The UK intelligence analysis believe that US ban on Chinese 5G technology will force Huawei to use untrusted technology.

IT

IT Military Manufacturing Risk

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

A new piece of Ryuk Stealer targets government, military and finance sectors

Trending Sources

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

No Surprise: China Blamed for 'Big Data' Hack of Equifax

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Machete cyber-espionage group targets Latin America military

Taiwan Government faces 5 Million hacking attempts daily

New Leak Shows Business Side of China’s APT Menace

Autoclerk travel reservations platform data leak also impacts US Government and military

LUCKY ELEPHANT campaign targets South Asian governments

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Russian APT groups target European governments ahead of May Elections

Internet Backbone Giant Lumen Shuns.RU

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

NYT report states that ToTok app is a government spy tool.

FBI and NSA joint report details APT28’s Linux malware Drovorub

China-linked APT Curious Gorge targeted Russian govt agencies

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

APT28 group return to covert intelligence gathering ops in Europe and South America.

Google warns of APT28 attack attempts against 14,000 Gmail users

Gamaredon group uses a new Outlook tool to spread malware

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Threat actors hacked Taiwan-based Chunghwa Telecom

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

New Gallmaker APT group eschews malware in cyber espionage campaigns

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Google TAG details cyber activity with regard to the invasion of Ukraine

NATO Announces New Integrated Cyber Defence Centre

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

XDSpy APT remained undetected since at least 2011

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

China's AI Strategy and its Security Implications

Ukrainian WordPress sites under massive complex attacks

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Inside Ireland’s Public Healthcare Ransomware Scare

Nobelium APT uses new Post-Compromise malware MagicWeb

France will not ban Huawei from its upcoming 5G networks

Stay Connected