Education and Groups - Information Management Today

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The APT group conducted a cyber espionage campaign between April and July 2024 and used Microsoft’s Azure infrastructure for C2 infrastructure.

IT

IT Education File names Passwords

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware

Ransomware Manufacturing Education Libraries

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. In recent years, multiple threat actors, including the group TA569 , have been observed using the software as a Remote Access Trojan (RAT).

Education

Education Government Business Services Archiving

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Libraries Education

Shiny Hunters group is selling data from 11 companies on the Dark Web

Security Affairs

MAY 10, 2020

Shiny Hunters hacking group is offering for sale on a dark web marketplace databases containing over 73.2 A hacking group named Shiny Hunters is attempting to sell on a dark web hacking marketplace databases containing more than 73.2 million user records from over 11 companies. million user records from 11 different companies.

Passwords

Passwords Data breaches Cybersecurity Sales

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Communications

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

How Ransomware Groups Weaponize Stolen Data

Data Breach Today

SEPTEMBER 2, 2024

DataBreachToday.com is a multimedia website providing news, insights and education on data breach detection, notification and prevention.

Ransomware

Ransomware Data breaches Education

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The group managed to maintain access without being detected for as long as possible. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

e-Discovery

e-Discovery Communications Ransomware Government

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . These malware strains did not present any similarities with malware associated with other APT groups.

Government

Government Cybersecurity Education Security

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Encryption Government Retail

China-linked APT41 group targets US-Based Research University

Security Affairs

AUGUST 21, 2019

Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based The arsenal of the group includes backdoors , credential stealers, keyloggers, and rootkits. based research university. chm ) files.

Libraries

Libraries Education Phishing Encryption

North Korea-linked TA406 cyberespionage group activity in 2021

Security Affairs

NOVEMBER 19, 2021

North Korea-linked TA406 APT group has intensified its attacks in 2021, particularly credential harvesting campaigns. A report published by Proofpoint revealed that the North Korea-linked TA406 APT group ( Kimsuky , Thallium , and Konni , Black Banshee, Velvet Chollima) has intensified its operations in 2021. ” reads the report.

Government

Government Education Phishing IT

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” reads the report published by Microsoft Threat Intelligence. “Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.”

Phishing

Phishing Authentication Access Government

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia.

Military

Military Communications Government Education

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

Exclusive interview with the Powerful Greek Army (PGA) hacker group

Security Affairs

FEBRUARY 3, 2022

Our old Twitter account, which was suspended, had pretty much many attacks on government agencies, corporations, educational institutions, ministries, and many, many other things around the world (which we still do, just on a smaller scale). We are a really mixed group. How were you born and approximately how many you are?

Education

Education Ransomware Government Access

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Ransomware

Ransomware Education Cybersecurity Security

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Security Affairs

JANUARY 13, 2023

A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057 (16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations in Ukraine and NATO countries, SentinelOne researchers reported.

Education

Education Security Government IT

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access. Silk Typhoon is a China-linked cyber espionage group involved in the cyber attack against the US Treasury. This Chinese APT has one of the widest targeting scopes.

Energy and Utilities

Energy and Utilities IT Cloud Passwords

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. ” reads the report. ” reads the report.

Military

Military Risk Education Security

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Cloud

Cloud Phishing Government Education

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

The UK agency reported ongoing spear-phishing campaigns carried out by Russia-based group SEABORGIUM and Iran-based group TA453 to gather intelligence on the victims. The group also targets former intelligence officials, experts in Russian affairs, and Russian citizens abroad. ” reads the alert published by the UK Agency.

Phishing

Phishing Education Passwords Authentication

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks. ” concludes the report.

Cleanup

Cleanup Libraries Access Manufacturing

Iranian 'Educated Manticore' Hackers Target Israel

Data Breach Today

APRIL 26, 2023

A group's newly dubbed "Educated Manticore" is sending Iraq-themed bait to coax deployment of an implant known as PowerLess. Iranian Threat Actor Deploys Improved PowerLess Backdoor Iranian hackers are deploying an updated backdoor apparently targeting Israeli academic researchers with an interest in Iraq.

Education

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

Truebot has been active since 2017 and some researchers linked it to the Russian Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). It is interesting to note that the domain was also hosting malware a variant of the TrueBot malware.

Cybersecurity

Cybersecurity Ransomware Education Access

The intricate relationships between the FIN7 group and members of the Conti ransomware gang

Security Affairs

APRIL 18, 2023

A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang. IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14).

Ransomware

Ransomware Education Security Cybersecurity

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

APT36 Running Espionage Ops Against India's Education Sector

Data Breach Today

APRIL 14, 2023

Pakistan-Linked APT Group Using Spear-Phishing to Plant Info Stealer Malware A suspected Pakistan espionage threat actor that relies on phishing emails is expanding to the education sector after years of focusing on the Indian military and government.

Education

Education Military Phishing Government

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware.

Archiving

Archiving Education Phishing Cybersecurity

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military

Military File names Education Phishing

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Security Affairs

NOVEMBER 7, 2023

Iran-linked Agonizing Serpens group has been targeting Israeli organizations with destructive cyber attacks since January. Based on our telemetry, the most targeted organizations belong to the education and technology sectors.” ” concludes the report that also includes indicators of compromise (IoCs).

Education

Education Ransomware Security Access

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Passwords

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

IT

IT Education Cybersecurity Risk

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

Hancitor became another commodity malware which partnered with ransomware gangs to help them gain initial access to target networks – the increasing trend outlined by Group-IB researchers in the recent Ransomware Uncovered 2020/2021 report. In addition, the group leveraged some custom tools for network reconnaissance. exe: Figure 3.

Ransomware

Ransomware Education Manufacturing Healthcare

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

The issue was listed by CISA as known to be used in ransomware campaigns, but the agency did not reveal which ransomware groups are actively exploiting the issue. In January, researchers from cybersecurity firm Truesec reported that the Akira ransomware group exploited the vulnerability in attacks targeting Cisco Cisco ASA and FTD appliances.

Ransomware

Ransomware Education Cybersecurity Passwords

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Sabbath Ransomware target critical infrastructure in the US and Canada

Security Affairs

DECEMBER 1, 2021

A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and Eruption gangs. In September 2021, the security experts noticed a post on the exploit.in ” concludes the report.

Ransomware

Ransomware Education Encryption Security

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Security Affairs

AUGUST 14, 2024

China-linked APT group Earth Baku (a threat actor associated with APT41 ) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. The group targeted multiple industries, including media and communications, telecoms, technology, healthcare, and education and government entities.

Encryption

Encryption Education Communications Access

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Authentication Access Education

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 20 BTC. The victims of the group are “targets of opportunity.”

Libraries

Libraries Ransomware Manufacturing Education

Iran-linked group APT33 adds new Tickler malware to its arsenal

Rhysida ransomware group hacked Abdali Hospital in Jordan

Webinars

Trending Sources

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Webinars

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Shiny Hunters group is selling data from 11 companies on the Dark Web

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

How Ransomware Groups Weaponize Stolen Data

China’s Volt Typhoon botnet has re-emerged

Purple Lambert, a new malware of CIA-linked Lambert APT group

PYSA ransomware gang is the most active group in November

China-linked APT41 group targets US-Based Research University

North Korea-linked TA406 cyberespionage group activity in 2021

Storm-2372 used the device code phishing technique since August 2024

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Google TAG warns of Russia-linked APT groups targeting Ukraine

Exclusive interview with the Powerful Greek Army (PGA) hacker group

Cybercrime group exploits Windows zero-day in ransomware attacks

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

China-linked APT Silk Typhoon targets IT Supply Chain

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

China-linked APT41 group spotted using open-source red teaming tool GC2

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Iranian 'Educated Manticore' Hackers Target Israel

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

The intricate relationships between the FIN7 group and members of the Conti ransomware gang

Rhysida ransomware gang claimed China Energy hack

APT36 Running Espionage Ops Against India's Education Sector

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

FBI and CISA warn of attacks by Rhysida ransomware gang

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Sabbath Ransomware target critical infrastructure in the US and Canada

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Rhysida ransomware gang is auctioning data stolen from the British Library

Stay Connected