2007, Hacking and Information Security - Cyber Security Informer

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking

Hacking Government Spyware Marketing

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Cyber Attacks Identity Theft Government

Russia-linked Turla APT hacked European government organization

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government

Government Hacking Advertising Encryption

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

The report observed that “in operational testing, the [Department of Defense] routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic.”

Software

Software Cybersecurity Backups Manufacturing

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack. SecurityAffairs – hacking, NRA).

Ransomware

Ransomware Banking Cybercrime Hacking

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. SecurityAffairs – hacking, Estonia). Pierluigi Paganini.

DDOS

DDOS Computers and Electronics Digital transformation Government

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. SecurityAffairs – hacking, Gozi ). Follow me on Twitter: @securityaffairs and Facebook.

Banking

Banking Malware Hacking Information Security

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking

Hacking Government Phishing Malware

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. SecurityAffairs – hacking, ransomware). The post LockBit Ransomware operators hit Swiss helicopter maker Kopter appeared first on Security Affairs. ” reported ZDNet. Pierluigi Paganini.

Ransomware

Ransomware VPN Encryption Authentication

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

court on Thursday sentenced the Russian hacker Andrei Tyurin to 12 years in prison for his role in an international hacking campaign. The man was arrested in Georgia at the request of US authorities, he was charged with multiple conspiracy counts, including wire fraud, aggravated identity theft and four counts of computer hacking.

Hacking

Hacking Marketing Identity Theft Banking

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. 32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan , and for their involvement in international bank fraud and computer hacking schemes. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Banking Encryption

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. link] #MSFTatBlackHat — Security Response (@msftsecresponse) August 5, 2019. ” continues Microsoft.

IoT

IoT Hacking Advertising Government

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Bandook)

Malware

Malware Phishing Passwords Hacking

173 Million Zynga accounts were impacted in the September hack

Security Affairs

DECEMBER 28, 2019

Zynga Inc is an American social game developer running social video game services founded in April 2007, it primarily focuses on mobile and social networking platforms. The post 173 Million Zynga accounts were impacted in the September hack appeared first on Security Affairs. Pierluigi Paganini.

Accountability

Accountability Hacking Data breaches Passwords

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies. SecurityAffairs – hacking, US Cyber Command). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising Hacking Government

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

In some cases, the man manually chacked the stolen information. “As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. SecurityAffairs – hacking, Aleksandr Brovko).

Accountability

Accountability Banking Advertising Data collection

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. “North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access.

Banking

Banking Malware Advertising Hacking

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. SecurityAffairs – hacking, Operation Cyclone). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybersecurity

Cybersecurity Engineering Software Malware

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Microsoft reports include instructions for detecting, hunting, and responding to GooseEgg.

Government

Government Education Phishing Malware

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

This group has been active since at least 2007, in December 2019, the U.S. 32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan , and for their involvement in international bank fraud and computer hacking schemes. SecurityAffairs – hacking, WastedLocker). Pierluigi Paganini.

Ransomware

Ransomware Telecommunications Banking Advertising

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

. “TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.” Pierluigi Paganini.

Malware

Malware Phishing Antivirus Hacking

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Malware

Malware Phishing Surveillance Internet

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Security Affairs

SEPTEMBER 10, 2022

Since at least 2007, the MOIS coordinated a series of cyber operation against government entities and private organizations around the world. In January, USCYBERCOM officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros ) to Iran’s Ministry of Intelligence and Security (MOIS). “Today, the U.S.

Government

Government Cyber Attacks Hacking Cyber threats

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. .” Once the investigation will be completed, CDHE will notify impacted by mail or email. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2007 Workspace ONE UEM patch 20.7.0.17 The SSRF vulnerability in Workspace ONE UEM console was privately reported to the company which released security patches and workarounds. SecurityAffairs – hacking, VMware Workspace ONE UEM). and above 2105 Workspace ONE UEM patch 21.5.0.37 Pierluigi Paganini.

Authentication

Authentication Hacking Software Information Security

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

The software also allow dragnet surveillance, according to the brochures presented at Milipol it is an updated copy of Eagle, the program ceded to Gaddafi in 2007. . SecurityAffairs – hacking, IKEA). The post French court indicted Nexa Technologies for complicity in acts of torture appeared first on Security Affairs.

Technology

Technology Surveillance Software Government

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

.” Now the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Internet

Internet Internet Authentication Advertising

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, North Korea).

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. SecurityAffairs – hacking, supply chain attack). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Malware

Malware System Administration Hacking Media

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. The Winnti group was first spotted by Kaspersky in 2013, according to the researchers, the nation-state actor has been active since at least 2007. wrote the company.

Accountability

Accountability Hacking Architecture Malware

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Security Affairs

JUNE 28, 2022

Looking back at 2007, Estonia fell victim to a powerful cyber-attack that shut down government services, telecommunications, and banks in the country. SecurityAffairs – hacking, non-state actors). The attack was launched in response to the Estonian government’s removal of a Soviet war monument from downtown Tallinn.

Cyber Attacks

Cyber Attacks Cybercrime Telecommunications Government

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

“ Two Chinese nationals were charged with laundering over $100 million worth of cryptocurrency from a hack of a cryptocurrency exchange. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. million from another exchange.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. . SecurityAffairs – hacking, Proximus). Pierluigi Paganini.

Mobile

Mobile Manufacturing Wireless Internet

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. SecurityAffairs – hacking, Turla).

Malware

Malware Hacking Government Information Security

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

SEPTEMBER 22, 2022

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. As we dug into the issue, we realized this was in fact CVE-2007-4559.” ” reads the post published by security firm Trellix.”The

Hacking

Hacking Information Security

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. SecurityAffairs – Winnti, hacking).

Malware

Malware Hacking Advertising Architecture

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems. “[T ” wrote the journalists. The AIVD , along with U.S. The final updates were made on Sept.

Malware

Malware Engineering Advertising Hacking

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. SecurityAffairs – hacking, Drovorub malware). Pierluigi Paganini.

Malware

Malware Advertising IoT Government

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. Pierluigi Paganini.

Phishing

Phishing Accountability Advertising DNS

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. SecurityAffairs – hacking, APT41). The post China-linked APT41 group targets Hong Kong with Spyder Loader appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Encryption Manufacturing Hacking

The US Treasury placed sanctions on North Korea linked APT Groups

Security Affairs

SEPTEMBER 13, 2019

The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group , Bluenoroff , and Andarial. SecurityAffairs – North Korea, hacking). ” continues the US Treasury.

Cyber Attacks

Cyber Attacks Hacking Cryptocurrency Banking

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. SecurityAffairs – hacking, APT28). To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Government

Government Media Malware Hacking

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. SecurityAffairs – hacking, Earth Lusca ). The post Financially motivated Earth Lusca threat actors targets organizations worldwide appeared first on Security Affairs. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

The researchers pointed out that the warning is related to hacking attempts and that not all the attacks have been successful, also thanks to the defense implemented by Google. The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions.

Phishing

Phishing Government Hacking Accountability

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Trending Sources

Russia-linked Turla APT hacked European government organization

Vulnerabilities in Weapons Systems

Grief ransomware gang hit US National Rifle Association (NRA)

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Colombian authorities arrested hacker behind the Gozi Virus

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Long-existing Bandook RAT targets Windows machines

173 Million Zynga accounts were impacted in the September hack

US Cyber Command details implants used in attacks on parliaments and embassies

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

North Korea-linked APT group BeagleBoyz targets banks

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

APT28 targets key networks in Europe with HeadLace malware

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

French court indicted Nexa Technologies for complicity in acts of torture

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

North Korea-linked Lazarus APT targets the COVID-19 research

North Korea-linked Lazarus APT targets the IT supply chain

Russia-linked group APT29 likely breached TeamViewer’s corporate network

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Belgium telecom operators Proximus and Orange drop Huawei

Connecting the dots between SolarWinds and Russia-linked Turla APT

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

FBI and NSA joint report details APT28’s Linux malware Drovorub

Russia-linked APT28 has been scanning vulnerable email servers in the last year

China-linked APT41 group targets Hong Kong with Spyder Loader

The US Treasury placed sanctions on North Korea linked APT Groups

Microsoft disrupted APT28 attacks on Ukraine through a court order

Financially motivated Earth Lusca threat actors targets organizations worldwide

Google warns of APT28 attack attempts against 14,000 Gmail users

Stay Connected