Remove File names Remove Military Remove Phishing
article thumbnail

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” The group targeted government and military organizations in Ukraine.

Military 347
Military Phishing File names Archiving 347
article thumbnail

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

GooseEgg is usually deployed with a batch script, commonly named execute.bat or doit.bat. This script creates a file named servtask.bat, which includes commands for saving or compressing registry hives. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Military 358
Military File names Education Phishing 358
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals.

Military 274
Military Phishing File names Government 274
article thumbnail

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors.

Military 270
Military File names Government Libraries 270
article thumbnail

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon 

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” Pierluigi Paganini.

Archiving 246
Archiving CMS File names Phishing 246
article thumbnail

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military 246
Military File names Archiving Government 246
article thumbnail

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

Security Affairs

MARCH 11, 2025

SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The group was spotted changing file names to maintain persistence and evade defense.

Military 171
Military File names Government Phishing 171
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 55,000+ Insiders by signing up for our newsletter

About
Webinars
Awards
About
Editions
Webinars
Awards
Editions
Topics
Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy | Cookie Settings
© Aggregage 2025