Government, Groups and Security - Information Management Today

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation.

Data collection

Data collection Authentication Access Cybersecurity

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. ” In September, the Wall Street Journal reported that China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. reported the WSJ.

Government

Government Communications Access Risk

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

(USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Resecurity, Inc.

Government

Government Cybersecurity IoT Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing IT

Zero Trust Mandate: The Realities, Requirements and Roadmap

Government agencies can no longer ignore or delay their Zero Trust initiatives. and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines. The DHS compliance audit clock is ticking on Zero Trust.

Cybersecurity

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises. Experts believe the group remains active and is enhancing its operations with new implants.

Government

Government Archiving Phishing Access

Massive cyberattacks hit French government agencies

Security Affairs

MARCH 11, 2024

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” ” reported the French newspaper Le Monde.

Government

Government Information Security Access Security

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

OCTOBER 6, 2024

China-linked APT group Salt Typhoon breached U.S. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. ” reported the WSJ.

Government

Government Access Risk Security

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

The Pro-Russia hacker group Killnet claimed responsibility for the attacks. e-Estonia refers to a movement by the government of Estonia to facilitate citizen interactions with the state through the use of electronic solutions. “The government had accused Russia of using such monuments to stir up tensions.”

Computer and Electronics

Computer and Electronics Digital transformation Government IT

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Security Affairs

JANUARY 17, 2024

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Naturally, not empty-handed, but with DDoS gifts” read a message published by the hacker group on its Telegram channel. ” reported the AFP agency. .

Government

Government Access Security IT

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The group managed to maintain access without being detected for as long as possible. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

e-Discovery

e-Discovery Communications Ransomware Government

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Phishing

Phishing Government File names Access

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. The researchers also tracked at least four ransomware groups exploiting four zero-day vulnerabilities. ” continues the report. ” concludes the report.

Government

Government Ransomware Libraries Access

The Rhysida ransomware group hit the Kuwait Ministry of Finance

Security Affairs

SEPTEMBER 26, 2023

This week the Rhysida ransomware group claimed the hack of the Kuwait Ministry of Finance and added it to its Tor leak site. Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat.

Ransomware

Ransomware Government Cybersecurity IT

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. “With different levels of superiority, command lines and tasking. Pierluigi Paganini.

Cybersecurity

Cybersecurity Security Risk Government

Experts warn of ransomware attacks against government organizations of small states

Security Affairs

MAY 31, 2022

Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the Costa Rican government that caused a nationwide crisis. The experts warn of ransomware attacks against government organizations. ” continues Cyble. .

Ransomware

Ransomware Government Cybersecurity Sales

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

Government

Government Encryption Authentication Risk

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. from April 29, 2018, to May 10, 2020). from April 29, 2018, to May 10, 2020).

IT

IT Government Security Information Security

Australian government announced sanctions for Medibank hacker

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group.

Government

Government Insurance Ransomware Data breaches

Clop group obtained access to the email addresses of about 632,000 US federal employees

Security Affairs

NOVEMBER 2, 2023

Russian-speaking Clop ransomware group gained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice. The security breach is the result of the MOVEit hacking campaign that took place this summer. ” states Bloomberg. ” states Bloomberg.

Access

Access Agriculture Data breaches Ransomware

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The group uses SharpShares and SoftPerfect NetWorx to map out victim networks.

Ransomware

Ransomware Communications Manufacturing Phishing

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Libraries Education

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022.

Government

Government IT Access Information Security

Russian nationals plead guilty to participating in the LockBit ransomware group

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S.

Ransomware

Ransomware Encryption Government Access

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The APT group conducted a cyber espionage campaign between April and July 2024 and used Microsoft’s Azure infrastructure for C2 infrastructure.

IT

IT Education File names Passwords

Two Sudanese nationals indicted for operating the Anonymous Sudan group

Security Affairs

OCTOBER 17, 2024

The group’s victims include ChatGPT , Telegram , Microsoft , X , the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and government websites for the state of Alabama.

Government

Government Cloud Cybersecurity IT

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware

Ransomware Manufacturing Education Libraries

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Government Access Phishing

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

Security Affairs

JULY 23, 2024

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The US authorities identified Pankratova as the group leader, while Degtyarenko is a primary hacker. The US government also blocked entities owned 50% or more by these individuals.

Government

Government IT Information Security Security

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Krebs on Security

MARCH 5, 2024

healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. On March 1, a cryptocurrency address that security researchers had already mapped to BlackCat received a single transaction worth approximately $22 million. There are indications that U.S. Image: Varonis.

Ransomware

Ransomware Insurance Government IT

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

APRIL 23, 2024

North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency. “North Korean hacking organizations sometimes infiltrated defense companies directly, and their security is relatively low.

Passwords

Passwords Authentication Cloud Cybersecurity

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Members of the ExCobalt group have been active since at least 2016, the researchers believe that the group is linked to the notorious Cobalt Gang.

File names

File names Communications Mining Archiving

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT group that breached 70 organizations worldwide. The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities.

Government

Government Phishing Access Passwords

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure. ” reads the court filing.

Risk

Risk Government Manufacturing IT

US offers $10 million reward for info on Hive ransomware group leaders

Security Affairs

FEBRUARY 8, 2024

Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. The US Department of State announced rewards up to $10,000,000 for information leading to the identification and/or location of the leaders of the Hive ransomware group.

Ransomware

Ransomware Blockchain Manufacturing Analytics

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

The Wall Street Journal reported that experts are investigating into the security breached to determine if the attackers gained access to Cisco Systems routers, which are core network components of the ISP infrastructures. “Hackers linked to the Chinese government have broken into a handful of U.S.

IoT

IoT Cybersecurity Government IT

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. 9, 2024, U.S. On July 28 and again on Aug.

Passwords

Passwords Phishing Access Encryption

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Security Affairs

JANUARY 29, 2024

Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” ” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia.

Military

Military Communications Government Security

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Data Breach Today

FEBRUARY 25, 2025

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information (..)

Security

Security Government Information Security

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Webinars

Trending Sources

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Webinars

Zimbra zero-day exploited to steal government emails by four groups

Zero Trust Mandate: The Realities, Requirements and Roadmap

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Awaken Likho APT group targets Russian government with a new implant

Massive cyberattacks hit French government agencies

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

China’s Volt Typhoon botnet has re-emerged

CERT-UA warns of a phishing campaign targeting government entities

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

The Rhysida ransomware group hit the Kuwait Ministry of Finance

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Experts warn of ransomware attacks against government organizations of small states

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Australian government announced sanctions for Medibank hacker

Clop group obtained access to the email addresses of about 632,000 US federal employees

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Rhysida ransomware group hacked Abdali Hospital in Jordan

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

The Mask APT is back after 10 years of silence

Russian nationals plead guilty to participating in the LockBit ransomware group

Iran-linked group APT33 adds new Tickler malware to its arsenal

Two Sudanese nationals indicted for operating the Anonymous Sudan group

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

North Korea-linked APT groups target South Korean defense contractors

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Earth Krahang APT breached tens of government organizations worldwide

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

US offers $10 million reward for info on Hive ransomware group leaders

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Stay Connected