Education, Government and Groups - Information Management Today

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. NetSupport RAT is a remote control and desktop management software developed by NetSupport Ltd.

Education

Education Government Business Services Archiving

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The APT group conducted a cyber espionage campaign between April and July 2024 and used Microsoft’s Azure infrastructure for C2 infrastructure.

IT

IT Education File names Passwords

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” reads the report published by Microsoft Threat Intelligence.

Phishing

Phishing Authentication Access Government

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware

Ransomware Manufacturing Education Libraries

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The group managed to maintain access without being detected for as long as possible. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

e-Discovery

e-Discovery Communications Ransomware Government

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Libraries Education

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. The Energetic Bear APT group (aka DragonFly , Crouching Yeti , TEMP.Isotope, Berserk Bear, TeamSpy , Havex , Koala). ” reads the advisory. ” reads the advisory.

Government

Government Passwords Access Cybersecurity

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . These malware strains did not present any similarities with malware associated with other APT groups.

Government

Government Cybersecurity Education Security

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Encryption Government Retail

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

North Korea-linked TA406 cyberespionage group activity in 2021

Security Affairs

NOVEMBER 19, 2021

North Korea-linked TA406 APT group has intensified its attacks in 2021, particularly credential harvesting campaigns. A report published by Proofpoint revealed that the North Korea-linked TA406 APT group ( Kimsuky , Thallium , and Konni , Black Banshee, Velvet Chollima) has intensified its operations in 2021. ” reads the report.

Government

Government Education Phishing IT

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia.

Military

Military Communications Government Education

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access. Silk Typhoon is a China-linked cyber espionage group involved in the cyber attack against the US Treasury. This Chinese APT has one of the widest targeting scopes.

Energy and Utilities

Energy and Utilities IT Cloud Passwords

Exclusive interview with the Powerful Greek Army (PGA) hacker group

Security Affairs

FEBRUARY 3, 2022

Our old Twitter account, which was suspended, had pretty much many attacks on government agencies, corporations, educational institutions, ministries, and many, many other things around the world (which we still do, just on a smaller scale). We are a really mixed group. How were you born and approximately how many you are?

Education

Education Ransomware Government Access

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Security Affairs

JANUARY 13, 2023

A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057 (16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations in Ukraine and NATO countries, SentinelOne researchers reported.

Education

Education Security Government IT

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Cloud

Cloud Phishing Government Education

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military

Military File names Education Phishing

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

The attackers used an exploit chain named Kismet that was part of the arsenal of the controversial Pegasus spyware that is sold by the surveillance firm NSO Group. Investments in journalist security and education must be accompanied by efforts to regulate the sale, transfer, and use of surveillance technology.”

Government

Government Security awareness Sales Education

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks. ” concludes the report.

Cleanup

Cleanup Libraries Access Manufacturing

APT36 Running Espionage Ops Against India's Education Sector

Data Breach Today

APRIL 14, 2023

Pakistan-Linked APT Group Using Spear-Phishing to Plant Info Stealer Malware A suspected Pakistan espionage threat actor that relies on phishing emails is expanding to the education sector after years of focusing on the Indian military and government.

Education

Education Military Phishing Government

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

IT

IT Education Cybersecurity Risk

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

CISA published an advisory on China-linked groups targeting government agencies by exploiting flaws in Microsoft Exchange, Citrix, Pulse, and F5 systems. CISA published a security advisory warning of a wave of attacks carried out by China-linked APT groups affiliated with China’s Ministry of State Security.

Government

Government Energy and Utilities Healthcare Access

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Passwords

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. Trend Micro researchers speculate the group operates under the China-linked Winnti umbrella. The researchers grouped the Earth Lusca’s infrastructure into two “clusters.

Healthcare

Healthcare Phishing Archiving Education

Information Governance – 3 Common Pitfalls and How to Avoid Them

AIIM

SEPTEMBER 7, 2021

What is Information Governance, and Why is it Important? There are many benefits to constructing an Information Governance program plan. How to Avoid Information Governance Pitfalls. How to Avoid/Overcome: Overcome this issue by addressing objections directly with good communication and contextual education. Conclusion.

Information governance

Information governance Government Communications Education

Chinese-Linked APT Spying On Organizations for 10 Years

Data Breach Today

JUNE 12, 2022

Attacker Use DLL hijacking, DNS tunneling to Evade Post-Compromise Detection A recently identified Chinese hacking group dubbed "Aoqin Dragon" has been found to have targeted government, education and telecommunication organizations in Southeast Asia and Australia since 2013 as part of an ongoing cyberespionage campaign, according to research from (..)

Education

Education Government

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 20 BTC. The victims of the group are “targets of opportunity.”

Libraries

Libraries Ransomware Manufacturing Education

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Security Affairs

AUGUST 14, 2024

China-linked APT group Earth Baku (a threat actor associated with APT41 ) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. The group targeted multiple industries, including media and communications, telecoms, technology, healthcare, and education and government entities.

Encryption

Encryption Education Communications Access

Chinese APT Group Uses New Tradecraft to Live Off the Land

Data Breach Today

JUNE 26, 2023

Group Targeting Transportation, Construction, Government Agencies, CrowdStrike Says A Chinese state hacker is using novel tradecraft to gain initial access to victim systems, according to CrowdStrike.

Manufacturing

Manufacturing Education Communications Government

Operators behind Dark Caracal are still alive and operational

Security Affairs

NOVEMBER 29, 2020

The Dark Caracal APT group has carried out a series of attacks against multiple sectors using a new variant of a 13-year-old backdoor Trojan. The Dark Caracal cyberespionage group is back, researchers from Check Point uncovered a new series of attack against multiple industries. ” reads the report published by Check Point.

Energy and Utilities

Energy and Utilities Government Archiving Education

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Access

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. Microsoft’s initial advisory about the Exchange flaws credited Reston, Va.

Cybersecurity

Cybersecurity Government Cleanup Cloud

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

The group managed to maintain access without being detected for as long as possible. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Communications

Communications Manufacturing Education Government

Lockbit ransomware gang demanded an 80 million ransom to CDW

Security Affairs

OCTOBER 14, 2023

CDW Corporation is a provider of technology solutions and services for business, government and education. A secondary division of the company, known as CDW-G , focuses on United States governmental entities, including as K-12 schools, universities, non-profit healthcare organizations, State & Local and the Federal government.

Ransomware

Ransomware Archiving Cybersecurity Education

Seiko confirmed a data breach after BlackCat attack

Security Affairs

OCTOBER 26, 2023

Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July 28th of this year, the Company suffered a possible data breach. As a result, we are now reasonably certain that there was a breach and that some information stored by our Company and/or our Group companies may have been compromised.”

Data breaches

Data breaches Ransomware Personal data Cybersecurity

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

AUGUST 26, 2021

Initially the municipal government in the town downplayed the incident, saying that attackers stole only a small amounts of data and that all the information had been restored from backup copies. ” The attack was orchestrated by the Vice Society ransomware group which hit Lake Geneva. ” reported the website Remonews.

Personal data

Personal data Ransomware Data breaches Education

Experts observed the growth of hi-tech crime landscape in Asia in 2018

Security Affairs

MARCH 19, 2019

Security experts at Group-IB presented at Money2020 Asia the results of an interesting analysis of hi-tech crime landscape in Asia in 2018. Group-IB team discovered new tool used by the Lazarus gang and analyzed North Korean threat actor’s recent attacks in Asia. Group-IB specialists note that the new RATv3.ps

Sales

Sales Passwords Government Marketing

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Iran-linked group APT33 adds new Tickler malware to its arsenal

Webinars

Trending Sources

Rhysida ransomware group hacked Abdali Hospital in Jordan

Webinars

Storm-2372 used the device code phishing technique since August 2024

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

China’s Volt Typhoon botnet has re-emerged

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Purple Lambert, a new malware of CIA-linked Lambert APT group

PYSA ransomware gang is the most active group in November

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

North Korea-linked TA406 cyberespionage group activity in 2021

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Google TAG warns of Russia-linked APT groups targeting Ukraine

China-linked APT Silk Typhoon targets IT Supply Chain

Exclusive interview with the Powerful Greek Army (PGA) hacker group

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Rhysida ransomware gang claimed China Energy hack

China-linked APT41 group spotted using open-source red teaming tool GC2

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Zero-day exploit used to hack iPhones of Al Jazeera employees

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

APT36 Running Espionage Ops Against India's Education Sector

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

FBI and CISA warn of attacks by Rhysida ransomware gang

Financially motivated Earth Lusca threat actors targets organizations worldwide

Information Governance – 3 Common Pitfalls and How to Avoid Them

Chinese-Linked APT Spying On Organizations for 10 Years

Rhysida ransomware gang is auctioning data stolen from the British Library

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Chinese APT Group Uses New Tradecraft to Live Off the Land

Operators behind Dark Caracal are still alive and operational

FBI chief says China is preparing to attack US critical infrastructure

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

China-linked APT Volt Typhoon linked to KV-Botnet

Lockbit ransomware gang demanded an 80 million ransom to CDW

Seiko confirmed a data breach after BlackCat attack

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Personal Data and docs of Swiss town Rolle available on the dark web

Experts observed the growth of hi-tech crime landscape in Asia in 2018

Stay Connected