2007 and Information Security - Cyber Security Informer

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years.

Cyber Attacks

Cyber Attacks Hacking Government Malware

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

This threat actor was involved in cyber espionage campaigns and sabotage activities to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

When Israel in 2007 bombed a Syrian nuclear reactor, the raid was preceded by what is believed to have been a cyber attack on Syrian air defenses that resulted in radar screens showing no threat as bombers zoomed overhead. Militaries around the world are now exploiting these vulnerabilities in weapons systems to carry out operations.

Software

Software Cybersecurity Backups Manufacturing

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector.

DDOS

DDOS Computers and Electronics Digital transformation Government

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking

Banking Malware Hacking Information Security

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files.

Ransomware

Ransomware VPN Encryption Passwords

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

.” Now the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Internet

Internet Internet Authentication Advertising

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Evil Corp has recently launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

Ransomware

Ransomware Banking Cybercrime Hacking

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

In some cases, the man manually chacked the stolen information. “As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. ” reads the press release published by the DoJ.

Accountability

Accountability Banking Advertising Data collection

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page.

Ransomware

Ransomware Cybercrime Banking Encryption

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Daniel Miessler

SEPTEMBER 29, 2020

Since 2007 the InfoSec industry has been talking about TheBigOne™—the event that would change cyber threats from annoyances to existential concerns. They called it Cyber Pearl Harbor. This doesn’t mean it can’t still happen.

Ransomware

Ransomware Government Social Engineering Small Business

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. .” Once the investigation will be completed, CDHE will notify impacted by mail or email. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Microsoft reports include instructions for detecting, hunting, and responding to GooseEgg.

Government

Government Education Phishing Malware

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

then they marketed the stocks in a deceptive and misleading manner to customers of the targeted companies whose information were previously stolen by TYURIN. From 2007 to 2015 TYURIN also conducted cyberattacks against multiple foreign companies. “In addition to the U.S.

Hacking

Hacking Marketing Identity Theft Banking

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users.

Malware

Malware Phishing Passwords Hacking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Malware

Malware Advertising Hacking Government

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Malware

Malware Phishing Surveillance Internet

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

. “TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.”

Malware

Malware Phishing Antivirus Hacking

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems. “[T ” wrote the journalists. The final updates were made on Sept.

Malware

Malware Engineering Advertising Hacking

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

SEPTEMBER 22, 2022

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. As we dug into the issue, we realized this was in fact CVE-2007-4559.” ” reads the post published by security firm Trellix.”The

Hacking

Hacking Information Security

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

The software also allow dragnet surveillance, according to the brochures presented at Milipol it is an updated copy of Eagle, the program ceded to Gaddafi in 2007. . The post French court indicted Nexa Technologies for complicity in acts of torture appeared first on Security Affairs. .” continues Télérama. Pierluigi Paganini.

Technology

Technology Surveillance Software Government

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2007 Workspace ONE UEM patch 20.7.0.17 The SSRF vulnerability in Workspace ONE UEM console was privately reported to the company which released security patches and workarounds. .” Below is the list of impacted versions: I mpacted Versions Fixed Version 2109 Workspace ONE UEM patch 21.9.0.13

Authentication

Authentication Hacking Software Information Security

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cybersecurity

Cybersecurity Engineering Software Malware

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. , which translates to “to fell”, or “to chop.”

Malware

Malware Advertising IoT Government

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network.

Mobile

Mobile Manufacturing Wireless Internet

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Banking

Banking Malware Advertising Hacking

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Security Affairs

SEPTEMBER 10, 2022

Since at least 2007, the MOIS coordinated a series of cyber operation against government entities and private organizations around the world. In January, USCYBERCOM officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros ) to Iran’s Ministry of Intelligence and Security (MOIS).

Government

Government Cyber Attacks Hacking Cyber threats

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

This group has been active since at least 2007, in December 2019, the U.S. Researchers from the NCC Group’s report and later Symantec confirmed that malware was developed by the Russian cybercrime crew known as Evil Corp , which was behind the Dridex Trojan , and multiple ransomware like Locky , Bart, Jaff , and BitPaymer.

Ransomware

Ransomware Telecommunications Banking Advertising

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Malware

Malware Advertising InfoSec Hacking

The Delicate Balance of Security Versus Usability

CyberSecurity Insiders

APRIL 20, 2021

As a security evangelist, you understand the necessity of adhering to a set of security requirements, but as a normal staff member, you can understand the frustration of your non-security coworkers. Is there ever such a thing as being a “normal” staff member after you have crossed into the elite world of information security?

Healthcare

Healthcare Information Security Wireless Security Awareness

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Malware

Malware Social Engineering Advertising Government

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Trend Micro researchers speculate the group operates under the China-linked Winnti umbrella.

Cryptocurrency

Cryptocurrency Media Social Engineering Phishing

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May.

Malware

Malware Encryption Manufacturing Hacking

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers, the nation-state actor has been active since at least 2007. According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems of the Company.

Accountability

Accountability Hacking Architecture Malware

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

FEBRUARY 9, 2021

The NextGEN Gallery is one of the most popular WordPress gallery plugins that is available since 2007. The plugin receives over 1.5 million new downloads per year, it easily allows to create highly responsive photo galleries.

Social Engineering

Social Engineering Firewall Engineering Phishing

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

They also leveraged the Sysinternals DebugView tool, the McAfee on-demand scanner, and Microsoft Word 2007.” . “To perform DLL sideloading, BISMUTH introduced outdated versions of various applications, including Microsoft Defender Antivirus. ” continues the report. To deploy the coin miners, BISMUTH first dropped a .dat

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Malware

Malware Hacking Government Information Security

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Accountability Advertising DNS

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

A whopping 79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. Oldest firmware versions have been released as far back as 2007. Nichols discovered that the vulnerability affects 758 different firmware versions that run on 79 Netgear routers.

Firmware

Firmware Internet Internet Advertising

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Malware

Malware Phishing Government Data collection

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Security Affairs

JUNE 28, 2022

Looking back at 2007, Estonia fell victim to a powerful cyber-attack that shut down government services, telecommunications, and banks in the country. The attack was launched in response to the Estonian government’s removal of a Soviet war monument from downtown Tallinn.

Cyber Attacks

Cyber Attacks Cybercrime Telecommunications Government

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. The Chinese government paid $55,000 for data stolen from Vietnam’s Ministry of Economy.

Hacking

Hacking Government Marketing Spyware

The cyber attack against Austria’s foreign ministry has ended

Security Affairs

FEBRUARY 15, 2020

” The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America and former Soviet bloc nations.

Cyber Attacks

Cyber Attacks Advertising DDOS Government

The Mask APT is back after 10 years of silence

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Trending Sources

Vulnerabilities in Weapons Systems

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Colombian authorities arrested hacker behind the Gozi Virus

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Grief ransomware gang hit US National Rifle Association (NRA)

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Long-existing Bandook RAT targets Windows machines

US Cyber Command details implants used in attacks on parliaments and embassies

APT28 targets key networks in Europe with HeadLace malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

French court indicted Nexa Technologies for complicity in acts of torture

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

FBI and NSA joint report details APT28’s Linux malware Drovorub

Belgium telecom operators Proximus and Orange drop Huawei

North Korea-linked APT group BeagleBoyz targets banks

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

The Delicate Balance of Security Versus Usability

Russia-Linked Turla APT uses new malware in watering hole attacks

North Korea-linked Lazarus APT targets the COVID-19 research

Financially motivated Earth Lusca threat actors targets organizations worldwide

China-linked APT41 group targets Hong Kong with Spyder Loader

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Connecting the dots between SolarWinds and Russia-linked Turla APT

Russia-linked APT28 has been scanning vulnerable email servers in the last year

79 Netgear router models affected by a dangerous Zero-day

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

NON-STATE ACTORS IN THE CYBERSPACE: AN ATTEMPT TO A TAXONOMIC CLASSIFICATION, ROLE, IMPACT AND RELATIONS WITH A STATE’S SOCIOECONOMIC STRUCTURE

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

The cyber attack against Austria’s foreign ministry has ended

Stay Connected