File names and Government - Information Management Today

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. Threat actors sent out emails attempting to impersonate Security Service of Ukraine (SSU) and contains a link to download a file named “Documents.zip.”

Phishing

Phishing Government File names Access

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.” Pierluigi Paganini.

Government

Government File names Passwords Phishing

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Google TAG team notified Ukrainian government organizations that were targeted by Chinese intelligence. government. government. China is working hard here too. Pierluigi Paganini.

Government

Government File names Phishing Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Chinese APT FunnyDream targets a South East Asian government

Security Affairs

NOVEMBER 17, 2020

Most of the victims were in Vietnam, the group focuses on foreign government organizations of countries in Southeast Asia. . ” The name of the group comes from a powerful backdoor employed in the attacks of the APT group. . ” reads the report published by BitDefender. ” continues the report.

Government

Government File names Communications Access

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military

Military Phishing Archiving File names

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

SEPTEMBER 23, 2024

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region.

Phishing

Phishing File names Cloud Government

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions. Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America.

Military

Military File names Education Phishing

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. DiskCryptor is not inherently malicious but has been weaponized.”

Ransomware

Ransomware Encryption File names Passwords

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The first sample, contained in a file named Network Security.zip including: YAHSAT NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20240421.pdf.exe dll to execute its functions.

IT

IT Education File names Passwords

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The US Government announced sanctions for ransomware negotiation firms that will support victims of the Evil Corp group in the ransom payments.

Ransomware

Ransomware File names Encryption Government

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing Government File names

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

The phishing messages use Trojan sample associated with a file named “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar,” experts from MalwareHunterTeam noticed that the malicious code was only detected by ESET AV. "Company The operators behind the campaign use COVID-19 lure promising victims tax relief.

Phishing

Phishing File names Access Government

Cyber Threats Observatory Gets Improvements

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. It would be important for detection and even for preemptive blocking.

Computer and Electronics

Computer and Electronics File names Cybersecurity Security

Leveraging Metadata for Enhanced Information Governance

Gimmal

NOVEMBER 21, 2024

Enter metadata—a powerful tool that can revolutionize your information governance strategy. Limited Sorting and Filtering : Users can only sort and filter files based on basic attributes like name and date within a folder, restricting efficient data retrieval. Efficiency : Reduce the time spent searching for documents.

Metadata

Metadata Information governance Government Records Management

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known as Zloader or Terdot , that focus on government relief payments. . Spam messages sent to the victims claim to provide information related to the Coronavirus outbreak and government relief payments.

File names

File names Passwords Sales Government

Is RIOT Data Undermining Your Information Governance? Here’s What You Need to Know

Gimmal

OCTOBER 30, 2024

For information governance professionals, understanding and managing RIOT data is crucial. Data Governance Challenges You can’t protect or govern what you can’t access or read. This solution helps enterprises and government agencies uncover and remediate RIOT data effectively.

Information governance

Information governance Government Cleanup Digital preservation

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar”

Archiving

Archiving File names Government Libraries

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names

File names Communications Mining Archiving

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Government Libraries

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

CMS

CMS File names Passwords Access

Hacker breached Perceptics, a US maker of license plate readers

Security Affairs

MAY 26, 2019

The name ‘Boris’ is not new for the cyber security industry, it is the name of the hacker who breached the IT provider CityComp at the end of April. “The file names and accompanying directories – numbering almost 65,000 – fit with the focus of the surveillance technology biz.”

File names

File names Data breaches Manufacturing Cybersecurity

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. The attacks detailed by Cybereason targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” continues the report.

File names

File names Encryption Manufacturing Libraries

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” ” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.

Archiving

Archiving CMS File names Phishing

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Security Affairs

FEBRUARY 3, 2023

The government experts pointed out that the threat actor continues to evolve its TTPs to avoid detection. The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk”

File names

File names Archiving Phishing Government

Conti ransomware gang also breached Ireland Department of Health (DoH)

Security Affairs

MAY 19, 2021

Government experts speculate the two attacks are part of the same campaign targeting the Irish health sector. The malware involved in the attack is Conti Ransomware v3 (32 bit), which attempted to encrypt all files with the exception of the following file names: – CONTI_LOG.txt – readme.txt – *.FEEDC

Ransomware

Ransomware Encryption File names IoT

New APT34 campaign uses LinkedIn to deliver fresh malware

Security Affairs

JULY 22, 2019

APT34 is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries. The fake profiles asked the victims to open the weaponized excel file named ERFT-Details.

File names

File names Phishing Government Passwords

New PowerShell-based Backdoor points to MuddyWater

Security Affairs

NOVEMBER 30, 2018

.” The new backdoor uses the API of a cloud file hosting provider to implement command and control (C&C) communication and data exfiltration. The weaponized documents contain images showing blurry logos belonging to some Turkish government organizations, they trick victims into enabling macros to display the document properly.

Communications

Communications File names Cloud Government

Redfly group infiltrated an Asian national grid as long as six months?

Security Affairs

SEPTEMBER 13, 2023

UK, Australian, Canadian, and New Zealand governments issued a joint alert about China-linked threat actors targeting CNI organizations and using living off the land to evade detection. “On May 29, the attackers returned and used a renamed version of ProcDump (file name: alg.exe) to dump credentials from LSASS.”

File names

File names Access Encryption Communications

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

NOVEMBER 20, 2018

The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ docx’ for their campaigns.

File names

File names Phishing Communications Government

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. with the new PowerExchange backdoor.

Communications

Communications File names Archiving Government

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. A novelty observed in the recent attacks is the use of a USB propagation malware.

Military

Military File names Archiving Government

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

Security Affairs

MAY 23, 2023

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. The group focuses on government and diplomatic entities in the Middle East and South Asia. “The fake Skype installer was a.NET executable file named skype32.exe

File names

File names Government Security IT

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

JANUARY 21, 2019

A rogue server could send a LOAD DATA LOCAL statement to the client to get access to any file for which the client has read permission. “In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement.”

Passwords

Passwords File names Access Sales

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

It creates temporary files with the “ lock” and “ trash” extensions. It uses hardcoded file names designed to masquerade as Microsoft office executables: OfficeTemplate.exe and MicrosoftOfficeDashboard.exe” reads the analysis published by Symantec.

File names

File names Passwords Phishing Encryption

DownEx cyberespionage operation targets Central Asia

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

File names

File names Archiving Government Phishing

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. New #ransomware #BlackSuit targets Windows, #Linux. Extension: blacksuit.

Ransomware

Ransomware Encryption File names Cybersecurity

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

GOBLIN PANDA was focused on Vietnam, most of the targets were in the defense, energy, and government sectors. “Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” ” reads the analysis published by CrowdStrike.

Metadata

Metadata File names Libraries Government

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

government. “It then receives a response containing a file name which the malware uses to download additional rooting binaries from C2 infrastructure if one exists for the specified device.” ” continues the report. ” The report also includes Indicators of Compromise (IoCs) for both spyware.

File names

File names Libraries Cybersecurity IT

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

NOVEMBER 16, 2018

The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. The following code is the execution path that drives Stage 2 to Stage 3. var run = new ActiveXObject(‘WSCRIPT.Shell’).Run(powershell

Computer and Electronics

Computer and Electronics File names Security IT

Researcher found US ‘No Fly List’ on an unsecured server

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. no fly list from 2019 containing over 1.56

Archiving

Archiving File names Access Authentication

APT34: Glimpse project

Security Affairs

MAY 2, 2019

The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organisations leads FireEye to assess that those sectors are a primary concern of APT34. Source: MISP Project ).

Computer and Electronics

Computer and Electronics Communications Government Security

What are the Best Document Management Capabilities?

AIIM

APRIL 8, 2021

It serves in many ways to apply a formal governance framework to the document creation and collaborative editing processes. This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history.

Cloud

Cloud ECM Access File names

CERT-UA warns of a phishing campaign targeting government entities

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Webinars

Trending Sources

China-linked threat actors are targeting the government of Ukraine

Webinars

Chinese APT FunnyDream targets a South East Asian government

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

FBI published a flash alert on Mamba Ransomware attacks

Iran-linked group APT33 adds new Tickler malware to its arsenal

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

QNodeService Trojan spreads via fake COVID-19 tax relief

Cyber Threats Observatory Gets Improvements

Leveraging Metadata for Enhanced Information Governance

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Is RIOT Data Undermining Your Information Governance? Here’s What You Need to Know

China-linked LuminousMoth APT targets entities from Southeast Asia

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

New Gallmaker APT group eschews malware in cyber espionage campaigns

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Hacker breached Perceptics, a US maker of license plate readers

China-linked Budworm APT returns to target a US entity

China-linked APT41 group targets Hong Kong with Spyder Loader

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Conti ransomware gang also breached Ireland Department of Health (DoH)

New APT34 campaign uses LinkedIn to deliver fresh malware

New PowerShell-based Backdoor points to MuddyWater

Redfly group infiltrated an Asian national grid as long as six months?

Sofacy APT group used a new tool in latest attacks, the Cannon

New PowerExchange Backdoor linked to an Iranian APT group

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

A flaw in MySQL could allow rogue servers to steal files from clients

New Graphiron info-stealer used in attacks against Ukraine

DownEx cyberespionage operation targets Central Asia

New Linux Ransomware BlackSuit is similar to Royal ransomware

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Using Microsoft Powerpoint as Malware Dropper

Researcher found US ‘No Fly List’ on an unsecured server

APT34: Glimpse project

What are the Best Document Management Capabilities?

Stay Connected