Government and Information Security - Information Management Today

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The cyber spies stole information belonging to targeted individuals that was subject to U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Communications Access Risk

Massive cyberattacks hit French government agencies

Security Affairs

MARCH 11, 2024

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” ” reported the French newspaper Le Monde.

Government

Government Information Security Access Security

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government Authentication Cybersecurity Data breaches

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Government of Bermuda blames Russian threat actors for the cyber attack

Security Affairs

SEPTEMBER 23, 2023

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. ” said Burt.

Government

Government IT Security Information Security

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government

Government Metadata Military Passwords

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Phishing

Phishing Government File names Access

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts.

Military

Military Government Personal data Phishing

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Government

Government Privacy Risk Data collection

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. ” continues the report. .”

Government

Government Authentication Phishing IT

US government imposed sanctions on six Iranian intel officials

Security Affairs

FEBRUARY 4, 2024

The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) is an organization within the Iranian government responsible for cybersecurity and cyber warfare.

Government

Government Manufacturing Ransomware Cybersecurity

Australian government announced sanctions for Medibank hacker

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group.

Government

Government Insurance Ransomware Data breaches

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

In 2023, the researchers attributed a combined total of 48 out of 58 zero-day vulnerabilities to commercial surveillance vendors (CSVs) and government espionage actors, while 10 zero-day flaws were attributed to financially motivated actors. ” continues the report.

Government

Government Ransomware Libraries Access

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

” Chinese law requires researchers to disclose zero-day vulnerabilities to the government. Experts speculate that the Chinese government was aware of the flaw and may have exploited it as a zero-day.

Government

Government Cloud Access IT

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

” The man, who remails at large, used fake email accounts posing as US-based researchers and engineers to target government personnel to obtain software and source code created by the National Aeronautics and Space Administration (“NASA”), research universities, and private companies. Air Force, Navy, Army, and the FAA.”

Phishing

Phishing Government Military Security

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises.

Government

Government Archiving Phishing Access

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S. Targe including the U.S. Army, UN, NATO, and other agencies.

Data breaches

Data breaches Information Security Government Access

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. NetSupport RAT is a remote control and desktop management software developed by NetSupport Ltd.

Education

Education Government Business Services Archiving

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Tor Project maintainers are urging users to deploy 200 WebTunnel bridges by year-end allow users in Russia to bypass government censorship. ” reads the announcement published by Tor Project.

Government

Government Access Security IT

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., European, and Asian entities. systems. .”

Government

Government Cybersecurity Access IT

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec was founded in 1995, it offers cybersecurity services such as Endpoint Detection and Response (EDR) and vulnerability scanning, along with “boutique” solutions to align with government initiatives and intelligence requirements. ” reads the report published by SentinelLabs. ” concludes the report.”The

Cybersecurity

Cybersecurity Government Cloud Security

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” reads the report published by Microsoft Threat Intelligence. “Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.”

Phishing

Phishing Authentication Access Government

Chinese Hacking Contractor iSoon Leaks Internal Documents

Data Breach Today

FEBRUARY 20, 2024

Company Mainly Hacked for the Ministry of Public Security An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO.

Information Security

Information Security Government Security

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation. . “SVR cyber actors have exploited vulnerabilities at a mass scale to target victims worldwide across a variety of sectors” reads the joint advisory.

Data collection

Data collection Authentication Access Cybersecurity

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Data Breach Today

FEBRUARY 25, 2025

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information (..)

Security

Security Government Information Security

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure. Barron for the District of Maryland.

Ransomware

Ransomware Education Sales Government

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery

e-Discovery Communications Ransomware Government

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 Securities and Exchange Commission (SEC), the company discovered the attack on November 25. million year-to-date. According to the FORM 8-K report filed with the U.S.

Ransomware

Ransomware Encryption Cybersecurity Access

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Active since 2021, Storm-0940 gains access through password spraying, brute-force attacks, and exploiting network edge services, targeting sectors like government, law, defense, and NGOs in North America and Europe. “Microsoft assesses that a threat actor located in China established and maintains this network.

Passwords

Passwords Access Cloud Government

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The Ukrainian government experts noticed that some messages were sent from compromised contacts to increase trust. In March 2025, threat actors distributed archived messages through Signal. The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ).

Computer and Electronics

Computer and Electronics Archiving Passwords Government

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

. “These extensions can be configured through the C:MDaemonWorldClientWorldClient.ini file” The Mask group (aka Careto [Spanish for Ugly Face or Mask]) is a high-profile group of state-sponsored hackers that have been targeting government agencies, diplomatic offices,embassies, diplomatic offices andenergy companies.

Government

Government IT Access Information Security

Russia-linked APT Nobelium targets French diplomatic entities

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities.

Phishing

Phishing Information Security Sales Cybersecurity

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The charges result from an investigation conducted by the US government into public companies potentially impacted by the supply chain attack on SolarWinds’ Orion software. The SEC charged Unisys with additional violations and fined Unisys $4M, Avaya $1M, Check Point $995K, and Mimecast $990K in civil penalties to settle the charges.

Cybersecurity

Cybersecurity Risk Access Government

Strategies for Securing Your Supply Chain

IT Governance

OCTOBER 23, 2024

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security.

Security

Security Information Security Risk Access

US adds Tencent to the list of companies supporting Chinese military

Security Affairs

JANUARY 7, 2025

The US government does not explain the decision. Unlike the Entity List for Malicious Cyber Activities, managed by the Commerce Departments Bureau of Industry and Security (BIS), the Section 1260 list does not impose any ban or sanction on the tech giant. ” “We are not a military company or supplier.

Military

Military Cloud Analytics Government

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The BSI also added that there is an unreported number of Exchange servers of comparable size that are potentially vulnerable.

Information Security

Information Security Cybersecurity Education Authentication

Vietnam Post exposes 1.2TB of data, including email addresses

Security Affairs

NOVEMBER 16, 2023

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers, Cybernews researchers have discovered.

Access

Access IoT Analytics Government

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. critical infrastructure on behalf of foreign governments. reads the report published by Sophos.

Passwords

Passwords Encryption Access Ransomware

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

OCTOBER 6, 2024

“A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.” broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Access Risk Security

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Security Affairs

JANUARY 17, 2024

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. The pro-Russian group launched a series of DDoS attacks against several government websites causing temporary disruptions in their accessibility. ” reported the AFP agency.

Government

Government Access Security IT

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

SEPTEMBER 23, 2024

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region.

Phishing

Phishing File names Cloud Government

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Evidence, including the spywares installation during BIA interviews, attributes these surveillance campaigns with high confidence to the BIA and Serbian government. Serbian authorities also extensively and illegitimately used the Cellebrite extraction suite to download personal data from the phones of journalists and protest organizers.

Personal data

Personal data Encryption Security Privacy

Canada Gov plans to ban the Flipper Zero to curb car thefts

Security Affairs

FEBRUARY 12, 2024

The Canadian government is going to ban the tool Flipper Zero because it is abused by crooks to steal vehicles in the country. The Canadian government announced that it plans to ban the tool Flipper Zero , and similar hacking devices, to curb the surge in car thefts. ” reads a statement from the Canadian Government. .

Government

Government Sales Insurance IT

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Massive cyberattacks hit French government agencies

Webinars

Trending Sources

U.S. CISA: hackers breached a state government organization

Webinars

Government of Bermuda blames Russian threat actors for the cyber attack

Cisco addressed Webex flaws used to compromise German government meetings

CERT-UA warns of a phishing campaign targeting government entities

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Zimbra zero-day exploited to steal government emails by four groups

US government imposed sanctions on six Iranian intel officials

Australian government announced sanctions for Medibank hacker

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Chinese man charged for spear-phishing against NASA and US Government

Awaken Likho APT group targets Russian government with a new implant

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

FBI deleted China-linked PlugX malware from over 4,200 US computers

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Storm-2372 used the device code phishing technique since August 2024

Chinese Hacking Contractor iSoon Leaks Internal Documents

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Russian Phobos ransomware operator faces cybercrime charges

China’s Volt Typhoon botnet has re-emerged

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Chinese threat actors use Quad7 botnet in password-spray attacks

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

The Mask APT is back after 10 years of silence

Russia-linked APT Nobelium targets French diplomatic entities

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Strategies for Securing Your Supply Chain

US adds Tencent to the list of companies supporting Chinese military

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Vietnam Post exposes 1.2TB of data, including email addresses

Chinese national charged for hacking thousands of Sophos firewalls

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Canada Gov plans to ban the Flipper Zero to curb car thefts

Stay Connected