File names, Government and Security - Information Management Today

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Phishing

Phishing Government File names Access

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.” Pierluigi Paganini.

Government

Government File names Passwords Phishing

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. government. ” wrote Leonard. China is working hard here too. Pierluigi Paganini.

Government

Government File names Phishing Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Chinese APT FunnyDream targets a South East Asian government

Security Affairs

NOVEMBER 17, 2020

Security experts at BitDefender have uncovered a new China-linked cyber espionage group, tracked as FunnyDream that has already infected more than 200 systems across Southeast Asia over the past two years. Most of the victims were in Vietnam, the group focuses on foreign government organizations of countries in Southeast Asia. .

Government

Government File names Communications Access

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The group targeted government and military organizations in Ukraine. Pierluigi Paganini.

Military

Military Phishing File names Archiving

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions. Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America.

Military

Military File names Education Phishing

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The researchers shared a detailed analysis on Security Affairs , they explained that once the malware has infected a Windows machine, it overwrites the existing Master Boot Record, with a custom MBR and encrypts the hard drive using the DiskCryptor tool. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Encryption File names Passwords

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

SEPTEMBER 23, 2024

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region.

Phishing

Phishing File names Cloud Government

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The US Government announced sanctions for ransomware negotiation firms that will support victims of the Evil Corp group in the ransom payments. Pierluigi Paganini.

Ransomware

Ransomware File names Encryption Government

Cyber Threats Observatory Gets Improvements

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. I am a computer security scientist with an intensive hacking background. About the author: Marco Ramilli, Founder of Yoroi.

Computer and Electronics

Computer and Electronics File names Cybersecurity Security

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing Government File names

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The first sample, contained in a file named Network Security.zip including: YAHSAT NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20240421.pdf.exe dll to execute its functions.

IT

IT Education File names Passwords

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

The phishing messages use Trojan sample associated with a file named “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar,” experts from MalwareHunterTeam noticed that the malicious code was only detected by ESET AV. "Company The operators behind the campaign use COVID-19 lure promising victims tax relief.

Phishing

Phishing File names Access Government

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names

File names Communications Mining Archiving

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

Experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware, as known as Zloader or Terdot , that focus on government relief payments. . Spam messages sent to the victims claim to provide information related to the Coronavirus outbreak and government relief payments. Pierluigi Paganini.

File names

File names Passwords Sales Government

Conti ransomware gang also breached Ireland Department of Health (DoH)

Security Affairs

MAY 19, 2021

“The National Cyber Security Centre (NCSC) became aware on Thursday of an attempted cyber attack on the Department of Health. ” The National Cyber Security Centre (NCSC) also published an alert titled “Ransomware Attack on Health Sector” that included technical details on the attack. Pierluigi Paganini.

Ransomware

Ransomware Encryption File names IoT

Hacker breached Perceptics, a US maker of license plate readers

Security Affairs

MAY 26, 2019

The hacker stole hundreds of gigabytes of files along with Microsoft Exchange and Access databases, ERP databases, HR records, and Microsoft SQL Server data stores. The name ‘Boris’ is not new for the cyber security industry, it is the name of the hacker who breached the IT provider CityComp at the end of April.

File names

File names Data breaches Manufacturing Cybersecurity

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” ” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.

Archiving

Archiving CMS File names Phishing

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

CMS

CMS File names Passwords Access

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Security Affairs

FEBRUARY 3, 2023

The government experts pointed out that the threat actor continues to evolve its TTPs to avoid detection. The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk”

File names

File names Archiving Phishing Government

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. The post China-linked APT41 group targets Hong Kong with Spyder Loader appeared first on Security Affairs. ” continues the report. Follow me on Twitter: @securityaffairs and Facebook.

File names

File names Encryption Manufacturing Libraries

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” Pierluigi Paganini.

Archiving

Archiving File names Government Libraries

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Government Libraries

New APT34 campaign uses LinkedIn to deliver fresh malware

Security Affairs

JULY 22, 2019

APT34 is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries. The fake profiles asked the victims to open the weaponized excel file named ERFT-Details.

File names

File names Phishing Government Passwords

Leveraging Metadata for Enhanced Information Governance

Gimmal

NOVEMBER 21, 2024

Enter metadata—a powerful tool that can revolutionize your information governance strategy. Limited Sorting and Filtering : Users can only sort and filter files based on basic attributes like name and date within a folder, restricting efficient data retrieval. Efficiency : Reduce the time spent searching for documents.

Metadata

Metadata Information governance Government Records Management

Is RIOT Data Undermining Your Information Governance? Here’s What You Need to Know

Gimmal

OCTOBER 30, 2024

For information governance professionals, understanding and managing RIOT data is crucial. Data Governance Challenges You can’t protect or govern what you can’t access or read. This solution helps enterprises and government agencies uncover and remediate RIOT data effectively.

Information governance

Information governance Government Cleanup Digital preservation

New PowerShell-based Backdoor points to MuddyWater

Security Affairs

NOVEMBER 30, 2018

Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. ” The new backdoor uses the API of a cloud file hosting provider to implement command and control (C&C) communication and data exfiltration. ” continues the experts.

Communications

Communications File names Cloud Government

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a new PowerShell-based backdoor dubbed PowerExchange. The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. with the new PowerExchange backdoor.

Communications

Communications File names Archiving Government

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

NOVEMBER 20, 2018

The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ Security Affairs – Sofacy APT, Cannot tool). Pierluigi Paganini.

File names

File names Phishing Communications Government

Redfly group infiltrated an Asian national grid as long as six months?

Security Affairs

SEPTEMBER 13, 2023

UK, Australian, Canadian, and New Zealand governments issued a joint alert about China-linked threat actors targeting CNI organizations and using living off the land to evade detection. “On May 29, the attackers returned and used a renamed version of ProcDump (file name: alg.exe) to dump credentials from LSASS.”

File names

File names Access Encryption Communications

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

Security Affairs

MAY 23, 2023

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. The group focuses on government and diplomatic entities in the Middle East and South Asia. “The fake Skype installer was a.NET executable file named skype32.exe

File names

File names Government Security IT

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

JANUARY 21, 2019

A rogue server could send a LOAD DATA LOCAL statement to the client to get access to any file for which the client has read permission. “In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement.”

Passwords

Passwords File names Access Sales

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

NOVEMBER 16, 2018

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper. The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. Edited by Pierluigi Paganini.

Computer and Electronics

Computer and Electronics File names Security IT

DownEx cyberespionage operation targets Central Asia

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

File names

File names Archiving Government Phishing

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ReadMe file name: README.BlackSuit.txt. New #ransomware #BlackSuit targets Windows, #Linux. Extension: blacksuit.

Ransomware

Ransomware Encryption File names Cybersecurity

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

It creates temporary files with the “ lock” and “ trash” extensions. It uses hardcoded file names designed to masquerade as Microsoft office executables: OfficeTemplate.exe and MicrosoftOfficeDashboard.exe” reads the analysis published by Symantec.

File names

File names Passwords Phishing Encryption

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike. Pierluigi Paganini.

Metadata

Metadata File names Libraries Government

APT34: Glimpse project

Security Affairs

MAY 2, 2019

The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organisations leads FireEye to assess that those sectors are a primary concern of APT34. Source: MISP Project ).

Computer and Electronics

Computer and Electronics Communications Government Security

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

government. “It then receives a response containing a file name which the malware uses to download additional rooting binaries from C2 infrastructure if one exists for the specified device.” ” continues the report. ” The report also includes Indicators of Compromise (IoCs) for both spyware.

File names

File names Libraries Cybersecurity IT

Researcher found US ‘No Fly List’ on an unsecured server

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. no fly list from 2019 containing over 1.56

Archiving

Archiving File names Access Authentication

What are the Best Document Management Capabilities?

AIIM

APRIL 8, 2021

It serves in many ways to apply a formal governance framework to the document creation and collaborative editing processes. Security and access controls. This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history. Version control.

ECM

ECM Cloud Access File names

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain. Pierluigi Paganini.

Communications

Communications Cloud Phishing Encryption

CERT-UA warns of a phishing campaign targeting government entities

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Webinars

Trending Sources

China-linked threat actors are targeting the government of Ukraine

Webinars

Chinese APT FunnyDream targets a South East Asian government

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

FBI published a flash alert on Mamba Ransomware attacks

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Cyber Threats Observatory Gets Improvements

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Iran-linked group APT33 adds new Tickler malware to its arsenal

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

QNodeService Trojan spreads via fake COVID-19 tax relief

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Conti ransomware gang also breached Ireland Department of Health (DoH)

Hacker breached Perceptics, a US maker of license plate readers

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

China-linked Budworm APT returns to target a US entity

China-linked APT41 group targets Hong Kong with Spyder Loader

China-linked LuminousMoth APT targets entities from Southeast Asia

New Gallmaker APT group eschews malware in cyber espionage campaigns

New APT34 campaign uses LinkedIn to deliver fresh malware

Leveraging Metadata for Enhanced Information Governance

Is RIOT Data Undermining Your Information Governance? Here’s What You Need to Know

New PowerShell-based Backdoor points to MuddyWater

New PowerExchange Backdoor linked to an Iranian APT group

Sofacy APT group used a new tool in latest attacks, the Cannon

Redfly group infiltrated an Asian national grid as long as six months?

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

A flaw in MySQL could allow rogue servers to steal files from clients

Using Microsoft Powerpoint as Malware Dropper

DownEx cyberespionage operation targets Central Asia

New Linux Ransomware BlackSuit is similar to Royal ransomware

New Graphiron info-stealer used in attacks against Ukraine

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

APT34: Glimpse project

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Researcher found US ‘No Fly List’ on an unsecured server

What are the Best Document Management Capabilities?

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Stay Connected