Groups, Military and Security - Information Management Today

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Military

Military IT Security Information Security

Snatch group claims to have hacked military provider HENSOLDT France

Security Affairs

OCTOBER 31, 2022

The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. HENSOLDT is a company specializing in military and defense electronics. Pierluigi Paganini.

Military

Military Computer and Electronics Ransomware Communications

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military

Military Communications Libraries Encryption

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Security Affairs

FEBRUARY 25, 2022

The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In mid-January, the government of Kyiv attributed the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Military

Military Phishing CMS Government

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Security Affairs

AUGUST 14, 2020

China-linked threat actor tracked as CactusPete was employing an updated backdoor in recent attacks targeting military and financial organizations in Eastern Europe. Experts pointed out that despite the lack of sophistication, the group carried out successful attacks. reads the analysis published by Kaspersky. Pierluigi Paganini.

Military

Military Phishing Access IT

Alleged cyber attacks caused fire and explosions at nuclear and military facilities in Iran

Security Affairs

JULY 3, 2020

The media reported a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex near Tehran, the latter is suspected to be a government center for the production of missiles. The group took credit for the attack without providing details of the incident. following other recent explosions in the country.”

Military

Military Government Security IT

Maze ransomware operators stole data from US military contractor Westech

Security Affairs

JUNE 6, 2020

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. Security experts fear that hackers could attempt to sell stolen data about the nuclear deterrent on to a foreign state. The LGM-30 Minuteman is a U.S. Pierluigi Paganini.

Military

Military Ransomware Encryption Risk

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Chinese threat actors, tracked as Tropic Trooper and KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines. Chinese APT group Tropic Trooper, aka KeyBoy, has been targeting air-gapped military networks in Taiwan and the Philippines, Trend Micro researchers reported. ” continues the report.

Military

Military Government IT Security

Anonymous targets the Russian Military and State Television and Radio propaganda

Security Affairs

APRIL 5, 2022

Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children.

Military

Military Cybersecurity Security Government

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

APRIL 28, 2021

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. Organizations targeted by the group were located in multiple countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand.

Military

Military Passwords Government Security

NATO is investigating a new cyber attack claimed by the SiegedSec group

Security Affairs

OCTOBER 5, 2023

NATO is investigating claims that a group called SiegedSec has breached its systems and leaked a cache of unclassified documents online. Additional cyber security measures have been put in place. There has been no impact on NATO missions, operations and military deployments.” organizations, especially U.S. municipalities.

Military

Military Security IT Access

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. In December 2016 , the Turkish blocked social media in the country to prevent the sharing of a video of the executions of Turkish soldiers by the IS group. ”added Netblocks.

Military

Military Data collection Government Access

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

Esperts found new DoNot Team APT group’s Android malware

Security Affairs

JANUARY 20, 2025

CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The DoNot APT group has been observed misusing the OneSignal platform, which typically provides tools for sending push notifications, in-app messages, emails, and SMS widely used in mobile and web applications.

Military

Military Access Phishing Cybersecurity

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Security Affairs

JANUARY 29, 2024

Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” ” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia.

Military

Military Communications Government Security

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. The group targeted government and military organizations in Ukraine. In December 2019, the APT group targeted several Ukrainian diplomats, government and military officials, and law enforcement.

Military

Military Phishing Government IT

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. 5 members of the group have been notified of suspicion of treason.” “The ARMAGEDON hacker group is an FSB special project, which specifically targeted Ukraine.

Military

Military Metadata Government Passwords

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks

Security Affairs

MARCH 7, 2021

Russia-linked APT groups leveraged the Lithuanian nation’s technology infrastructure to launch cyber-attacks against targets worldwide. ” In 2020, Russian intelligence operations against Lithuania decreased due to the COVID-19 pandemic, but Russia-linked APT groups increased cyber espionage campaigns against targets worldwide.

Military

Military Government Security IT

N. Korean Kimsuky APT targets S. Korea-US military exercises

Security Affairs

AUGUST 20, 2023

North Korea-linked APT group Kimsuky carried out a spear-phishing campaign against US contractors involved in a joint U.S.-South South Korea military exercise. The military drill, the Ulchi Freedom Guardian summer exercises , will start on Monday, August 21, 2023 , and will last 11 days. ” reported Reuters agency.

Military

Military Phishing Government Security

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past 12 months, MSTIC experts observed increasingly sophisticated attacks orchestrated by Iranian APT groups. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

Ransomware

Ransomware Passwords Military Authentication

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Security Affairs

JUNE 14, 2023

Microsoft linked a series of wiping attacks to a Russia-linked APT group, tracked as Cadet Blizzard, that is under the control of the GRU. Microsoft attributes the operations carried out by the Russia-linked APT group tracked as Cadet Blizzard to the Russian General Staff Main Intelligence Directorate (GRU).

Military

Military Government IT Security

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure.

IoT

IoT Access Communications Military

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

WIRED Threat Level

APRIL 17, 2024

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

Military

Military Security

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Government Access Phishing

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

Experts uncovered a new cyber-espionage campaign, dubbed “ Operation In(ter)receptio n,” aimed at aerospace and military organizations in Europe and the Middle East. ” The campaign has been active between September and December 2019, ESET researchers speculate the involvement of the North Korea-linked Lazarus APT group.

Military

Military Archiving Passwords Communications

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of “secret military data.” The BlackCat Ransomware group claims to have breached the company infrastructure and to have stolen 2TB of data, including secret military data related to weapons production.

Military

Military Manufacturing Ransomware Mining

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

NSA warns that Russia-linked APT group known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA). “Russian military cyber actors, publicly known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August.”

Systems administration

Systems administration Military Access Security

Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar

WIRED Threat Level

DECEMBER 13, 2023

A hacker group calling itself Solntsepek—previously linked to Russia’s notorious Sandworm hackers—says it carried out a disruptive breach of Kyivstar, a major Ukrainian mobile and internet provider.

Military

Military IT Security

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Security Affairs

AUGUST 21, 2023

military procurement system. In June the group started a reconnaissance and targeting activity aimed at a U.S. military server used for contract proposals and submissions. military procurement system appeared first on Security Affairs. Another VPS node was used to target a U.S.

Military

Military Manufacturing Government Access

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. Insikt Group speculates the operation is aimed at influencing regional and military dynamics. ” reads the report published by the Insikt Group.

Military

Military Phishing Government Authentication

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

Researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the GRU. Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the Russian Main Intelligence Directorate (GRU).

Military

Military Phishing Government Security

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010. Experts from Recorded Future’s Insikt Group linked a series of attacks, part of RedFoxtrot China-linked campaigns, to the PLA China-linked Unit 69010. ” continues the report.

Military

Military Mining Government Communications

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Group-IB, has analyzed key recent changes to the global cyberthreat landscape in the “Hi-Tech Crime Trends 2019/2020” report. Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has analyzed key recent changes to the global cyberthreat landscape.

IT

IT Military Cybersecurity Phishing

Tracking Iran-linked APT33 group via its own VPN networks

Security Affairs

NOVEMBER 14, 2019

APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers for extremely targeted attacks. APT33 , the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers involved in extremely targeted malware attacks. South Korean, and Europe. .

IT

IT Military Security

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

Military

Military Security Access Government

Ukraine: Military defense agencies and banks hit by cyberattacks

Security Affairs

FEBRUARY 15, 2022

A working group of experts from the main subjects of the national cybersecurity system is taking all necessary measures to localize and resist the cyberattack.” Yesterday, the Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious actors.

Military

Military Communications Information Security Access

A (Strange) Interview the Russian-Military-Linked Hackers Targeting US Water Utilities

WIRED Threat Level

MAY 8, 2024

Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience.

Military

Military IT Security

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Pierluigi Paganini.

Security

Security Military Insurance Cybersecurity

Japan suspects HGV missile data leak in Mitsubishi security breach

Security Affairs

MAY 21, 2020

In January, the company disclosed a security breach that might have exposed personal and confidential corporate data, at the time, it claimed that attackers did not obtain sensitive information about defense contracts. The post Japan suspects HGV missile data leak in Mitsubishi security breach appeared first on Security Affairs.

Security

Security Military Manufacturing Personal data

Russian hackers defaced local British news sites

Security Affairs

MAY 13, 2024

A group of hackers that defines itself as “first-class Russian hackers” claims the defacement of hundreds of local and regional British newspaper websites. A group claiming to be “first-class Russian hackers” defaced numerous local and regional British newspaper websites owned by Newsquest Media Group.

CMS

CMS Military Archiving Security

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military

Military File names Education Phishing

Anonymous continues to support Ukraine against the Russia

Security Affairs

MARCH 17, 2022

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. The group has stolen data from the organization and started leaking Gigabytes of data.

Military

Military Communications Government Access

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. Diehl Defence GmbH & Co.

Military

Military Manufacturing Phishing Information Security

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Use a hardware security module (HSM) as described in securing AD FS servers to prevent the exfiltration of secrets by FoggyWeb. Follow me on Twitter: @securityaffairs and Facebook.

Encryption

Encryption Military Government Access

Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

Snatch group claims to have hacked military provider HENSOLDT France

Webinars

Trending Sources

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Webinars

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Alleged cyber attacks caused fire and explosions at nuclear and military facilities in Iran

Maze ransomware operators stole data from US military contractor Westech

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Anonymous targets the Russian Military and State Television and Radio propaganda

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

NATO is investigating a new cyber attack claimed by the SiegedSec group

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Esperts found new DoNot Team APT group’s Android malware

Ukraine’s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’

Gamaredon group uses a new Outlook tool to spread malware

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks

N. Korean Kimsuky APT targets S. Korea-US military exercises

Iran-linked APT groups continue to evolve

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

APT28 targets key networks in Europe with HeadLace malware

Mandiant identifies 3 hacktivist groups working in support of Russia

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Group-IB presents its annual report on global threats to stability in cyberspace

Tracking Iran-linked APT33 group via its own VPN networks

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Ukraine: Military defense agencies and banks hit by cyberattacks

A (Strange) Interview the Russian-Military-Linked Hackers Targeting US Water Utilities

China-linked Moshen Dragon abuses security software to sideload malware

Japan suspects HGV missile data leak in Mitsubishi security breach

Russian hackers defaced local British news sites

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Anonymous continues to support Ukraine against the Russia

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Stay Connected