Blog, Government and Military - Information Management Today

Anonymous targets the Russian Military and State Television and Radio propaganda

Security Affairs

APRIL 5, 2022

Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children.

Military

Military Cybersecurity Security Government

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of “secret military data.” The BlackCat Ransomware group claims to have breached the company infrastructure and to have stolen 2TB of data, including secret military data related to weapons production.

Military

Military Manufacturing Ransomware Mining

Pro-Russian hacktivists target Italy government websites

Security Affairs

MAY 14, 2022

Our Legion conducts military cyber exercises in your countries in order to improve their skills. ” The list of the targeted websites was shared on the Telegram channel of the Pro-Russian hacker collective known as The Legion which focuses on attacks against Western organizations and governments, including NATO countries and the Ukraine.

Government

Government Military Data breaches Cybersecurity

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Conti Ransomware gang threatens to overthrow the government of Costa Rica

Security Affairs

MAY 18, 2022

The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom. ” reads the message.

Government

Government Ransomware Military Encryption

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Pierluigi Paganini.

Military

Military Phishing Archiving File names

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

MAY 4, 2022

Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. The DDoS attacks also targeted three Lithuanian media websites. ” reported Crowdstrike. To nominate, please visit:?

Honeypots

Honeypots Military Mining Government

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. To nominate, please visit:?

Military

Military Government Phishing Security

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. The sanctioned entities conducted operations to steal funds to support the military strategy of the regime.

Government

Government Military Financial Services Security

Ghostwriter disinformation campaign aimed at discrediting NATO

Security Affairs

AUGUST 3, 2020

The attackers were spreading fabricated content, including falsified news articles, quotes, correspondence, and other documents designed to appear as coming from military officials and political figures in the target countries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Military

Military CMS Security Government

Russia-linked threat actors launched hundreds of cyberattacks on Ukraine

Security Affairs

APRIL 27, 2022

The experts pointed out that starting just before the invasion threat actors linked to the military intelligence service GRU launched destructive wiper attacks on hundreds of systems in Ukraine. 32% percent of destructive attacks were aimed at Ukrainian government organizations at the national, regional, and city levels.

Military

Military Government Cybersecurity Security

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

Threat actors could perform reverse engineering of military-made malicious code and use their own versions in attacks in the wild. “The same applies for the digital weapons that, maybe today are used by the military, developed by military, and tomorrow will be available for criminals,” he explained. .

Military

Military Government Communications Security

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 10, 2022

The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. April 8 – Microsoft disrupted APT28 attacks on Ukraine through a court order.

Military

Military Phishing Government Cybersecurity

Ukrainian WordPress sites under massive complex attacks

Security Affairs

MARCH 3, 2022

Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. The attacks aimed at making the websites unreachable and causing fear and distrust in the Ukrainian government, WordPress security firm Wordfence reported. This data set includes 8,320.UA

Military

Military Government Security Access

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats.

IT

IT Military Phishing Passwords

GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles

The Last Watchdog

MAY 30, 2022

Meanwhile, 200,000 well-trained and technically skilled military service members are discharged each year. Yet, there’s still work to be done to make this path more accessible and known among the veteran and transitioning military community. Many government and non-profit organizations like VetJobs and VetsinTech are doing just this.

Cybersecurity

Cybersecurity Military Education Government

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. The alert published by the Ukraine CERT-UA includes Indicators of Compromise (IoCs) for this campaign and recommendations. To nominate, please visit:? Pierluigi Paganini.

Phishing

Phishing Military Ransomware Encryption

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

DECEMBER 14, 2020

Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Communications at the U.S. SolarWinds says it has over 300,000 customers including: -more than 425 of the U.S.

Military

Military Government Cybersecurity Security

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

Phishing

Phishing Military Ransomware Education

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group , Cozy Bear , Nobelium , and The Dukes ). The Military Counterintelligence Service and CERT.PL

Libraries

Libraries Military Education Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. This domain has been hosted on eight other IPs throughout its history, none of these IPs were directly affiliated with the South African government. Experts added that the IP 196.216.136[.]139

Communications

Communications Military Government Libraries

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. government institutions, and about 250 Ukrainian victims. ” reads the joint advisory. ” continues the advisory.

Military

Military Access Cybersecurity Education

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

military and various government contractors, then with a U.S. This is just a first step, and we will continue to strive to earn your trust,” ExpressVPN blog post on the issue read. . The surveillance it represents is completely antithetical to our mission.” ” reads the response. and its ally, the U.A.E.,

Cybersecurity

Cybersecurity Military Privacy Compliance

US Department of State offers $10M reward for info to locate six Russian Sandworm members

Security Affairs

APRIL 27, 2022

government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. This isn’t the first time that the US government indicted these members of the Sandworm team, in October 2020 the U.S. critical infrastructure.” critical infrastructure.”

Military

Military Government Cybersecurity Security

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

IoT

IoT Military Access Education

Facebook blocked Russia and Belarus threat actors’ activity against Ukraine

Security Affairs

APRIL 10, 2022

. “On March 14, they pivoted back to Poland and created an event in Warsaw calling for a protest against the Polish government. We disabled the account and event that same day.” ” Meta also spotted cyber espionage campaigns and psyops conducted by Belarus-linked APT Ghostwriter group. To nominate, please visit:?

Military

Military Cybersecurity Government Security

Conti ransomware is shutting down operations, what will happen now?

Security Affairs

MAY 20, 2022

Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom. The attack impacted multiple government services from the Finance Ministry to the Labor Ministry. It also has had to grant extensions for tax payments.”

Ransomware

Ransomware Government Military IT

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021. Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors.

Ransomware

Ransomware Passwords Military Authentication

US dismantled the Russia-linked Cyclops Blink botnet

Security Affairs

APRIL 6, 2022

government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. government announced that it had dismantled the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. “The Russian government has recently used similar infrastructure to attack Ukrainian targets.

Government

Government Military Cybersecurity Security

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

Mint Sandstorm targets both private and public organizations, including political dissidents, journalists, activists, the Defense Industrial Base (DIB), and employees from multiple government agencies, including individuals protesting oppressive regimes in the Middle East. ” reads the report published by Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

billion rubles. billion rubles. Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Security

Security Computer and Electronics Ransomware Marketing

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere.

Phishing

Phishing Passwords Military Education

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. RCS Lab was providing its software to military and intelligence agencies in Pakistan , Chile , Mongolia , Bangladesh , Vietnam , Myanmar and Turkmenistan.

Military

Military Manufacturing Government Security

A zero-click vulnerability in Windows allows stealing NTLM credentials

Security Affairs

MAY 11, 2023

.” Microsoft Threat Intelligence observed a Russian threat actor exploiting the CVE-2023-23397 flaw in targeted attacks against several organizations in the European government, transportation, energy, and military sectors, for approximately a year. ” concludes the expert.

Military

Military Cybersecurity Security Government

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

At the same time, the Russian government has blocked Facebook and partly blocked Twitter , while other platforms like TikTok have suspended services in the country. “Without the Internet, the rest of the world would not know of atrocities happening in other places,” Sullivan wrote.

Government

Government Military Risk Business Services

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

modification – GIFTEDVISITOR” section of Volexity’s recent blog post. modification – GIFTEDVISITOR” section of Volexity’s recent blog post. Targets span across the globe, they include both small businesses and large organizations. ” reads the update provided by Volexity.

Security

Security Authentication Military Government

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few. Riani has experience as political advisor to Kurdistan Regional Government (KRG) and as the director on the Global Risk Analysis at Control Risks.

Risk

Risk Military Marketing Data Privacy

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S.,

Cybersecurity

Cybersecurity Passwords Military Education

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

APRIL 12, 2019

The blog post, in fact, explains both AMSI and BlockLogging disabling techniques. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. At this point, the powershell code tries to download the next infection stage from “hxxps://functiondiscovery[.]net:8443/admin/get.php”

Passwords

Passwords Metadata Military Government

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). Once complete, follow patching guidance to update your servers on [link] If you have mitigated using any/all of the mitigation guidance Microsoft has given (Exchangemitigations.Ps1, Blog post, etc.)

Military

Military Manufacturing Access Security

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

The Last Watchdog

APRIL 19, 2022

Under Guideline B of the security clearance adjudicative guidelines , the United States government is concerned with any potential for foreign influence. This poses a risk because providing aid to a foreign government or individual could be perceived as exhibiting a foreign preference for another country. national interests.

Security

Security Risk Military Government

Anonymous targets the Russian Military and State Television and Radio propaganda

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Webinars

Trending Sources

Pro-Russian hacktivists target Italy government websites

Webinars

Conti Ransomware gang threatens to overthrow the government of Costa Rica

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

China-linked APT Curious Gorge targeted Russian govt agencies

Microsoft disrupted APT28 attacks on Ukraine through a court order

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Ghostwriter disinformation campaign aimed at discrediting NATO

Russia-linked threat actors launched hundreds of cyberattacks on Ukraine

Nation-state malware could become a commodity on dark web soon, Interpol warns

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Apr 03 – Apr 09 Ukraine – Russia the silent cyber conflict

Ukrainian WordPress sites under massive complex attacks

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Google TAG warns of Russia-linked APT groups targeting Ukraine

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Why Edward Snowden is urging users to stop using ExpressVPN?

US Department of State offers $10M reward for info to locate six Russian Sandworm members

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Facebook blocked Russia and Belarus threat actors’ activity against Ukraine

Conti ransomware is shutting down operations, what will happen now?

Iran-linked APT groups continue to evolve

US dismantled the Russia-linked Cyclops Blink botnet

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

A zero-click vulnerability in Windows allows stealing NTLM credentials

Internet Backbone Giant Lumen Shuns.RU

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

APT28 and Upcoming Elections: evidence of possible interference

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

Stay Connected