Government, Hacking and Information Security

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office.

Government

Government Hacking Ransomware Insurance

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. The former head of Poland’s internal security service was arrested Monday and brought before parliament to testify about prior government use of spyware against hundreds of individuals.

Spyware

Spyware Government Surveillance Hacking

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Security Affairs

JANUARY 23, 2025

The US governments cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). is end-of-life and no longer receives security updates, for this reason, these instances are exposed to hack.

Hacking

Hacking Government Cybersecurity Information Security

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The cyber spies stole information belonging to targeted individuals that was subject to U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers.

Hacking

Hacking Internet Internet Government

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. Zero-day prices have risen as the level of security of messaging apps and mobile devices becomes harder to hack.

Government

Government Surveillance Mobile Hacking

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors.

Banking

Banking Government Accountability Hacking

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. During the 2024 Matrix Cup hacking contest in China, zbl & srs of team TZL demonstrated the vulnerability.

Hacking

Hacking Government Software Information Security

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. ”

Hacking

Hacking Ransomware Banking Accountability

Massive cyberattacks hit French government agencies

Security Affairs

MARCH 11, 2024

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” ” reported the French newspaper Le Monde.

Government

Government DDOS Hacking Information Security

Texas is the first state to ban DeepSeek on government devices

Security Affairs

FEBRUARY 2, 2025

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas and other states banned TikTok on government devices. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,DeepSeek)

Government

Government Artificial Intelligence Media Data collection

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall

Firewall Hacking Malware Passwords

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Tor Project maintainers are urging users to deploy 200 WebTunnel bridges by year-end allow users in Russia to bypass government censorship. ” reads the announcement published by Tor Project.

Government

Government Internet Internet Hacking

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader.

Government

Government Cyber threats Malware Phishing

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The cyber spies stole information belonging to targeted individuals that was subject to U.S.

Mobile

Mobile Telecommunications Data breaches Hacking

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

Security Affairs

NOVEMBER 10, 2024

South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. “The government is actively responding to distributed denial of service (DDoS) attacks targeting some public and private websites.

DDOS

DDOS Government Cyber threats Hacking

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency

Cryptocurrency Hacking Government Accountability

ChatGPT SSRF bug quickly becomes a favorite attack vector

Security Affairs

MARCH 18, 2025

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. “Top targeted industry and geo are Government organisations in the US.” “Security teams often prioritize patching only critical and high-severity vulnerabilities.

Government

Government Healthcare Authentication Hacking

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Education

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. “An unidentified “adversary” hacked into the email system for the Library of Congress, accessing information sent via email between January and September 2024, the Library said.”

Hacking

Hacking Government Data breaches Information Security

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

Security Affairs

MARCH 16, 2025

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. The Department will issue updates as the situation develops.”

Ransomware

Ransomware Government Internet Internet

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., European, and Asian entities. systems. .”

Malware

Malware Government Hacking Cybersecurity

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Russia)

Data collection

Data collection Authentication Hacking Government

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government

Government Hacking Media Passwords

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Russia-linked threat actors threaten the UK and its allies, minister to say

Security Affairs

NOVEMBER 25, 2024

He is expected to warn about the activity conducted by Russia’s GRU Unit 29155 , which the UK government accuses of conducting several attacks across the UK and Europe. He will allege that Russian state-aligned hacking groups have executed at least nine cyberattacks against NATO nations, targeting critical infrastructure.

Cyber Attacks

Cyber Attacks Government Hacking Cyber threats

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking

Hacking Government Marketing Spyware

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

Pro-Russia group NoName targeted the websites of Italian airports

Security Affairs

DECEMBER 28, 2024

With the renewed support for Ukraine from the Italian government, this group has resumed targeting certain Italian websites.” ” The group published a list of targets on its Telegram channel, which includes government and institutional websites.

DDOS

DDOS Artificial Intelligence Government Cybercrime

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. ” said U.S.

Telecommunications

Telecommunications Software Technology Healthcare

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Cryptocurrency Artificial Intelligence Cybercrime

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government VPN Accountability Authentication

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts.

Government

Government Phishing Hacking Malware

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

Australian government announced sanctions for Medibank hacker

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group.

Government

Government Insurance Ransomware Hacking

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Star Blizzard group, aka “ Callisto “, Seaborgium , ColdRiver , and TA446, targeted government officials, military personnel,journalists and think tanks since at least 2015. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia)

Accountability

Accountability Phishing Government Hacking

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. The Chinese hackers have also ramped up the use of zero-day vulnerabilities in targeted devices.

Firmware

Firmware Government Firewall Malware

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

OCTOBER 6, 2024

“A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.” broadband providers is still ongoing, government experts are assessing its scope.

Hacking

Hacking Government Internet Internet

Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country

Security Affairs

JANUARY 12, 2025

” On Saturday, January 11, the attacks targeted Italian ministries and government institutions, while on Sunday a new wave of DDoS attacks hit Italian banks and private businesses. The group NoName57 has been active since March 2022 and has targeted government and critical infrastructure organizations worldwide.

DDOS

DDOS Banking Government Marketing

A cyber attack hit Japan Airlines delaying ticket sales for flights

Security Affairs

DECEMBER 26, 2024

.” Chief Cabinet Secretary Yoshimasa Hayashi, the top government spokesman, said at a press conference. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,JAL) Kyodo News reported that Japan Post Co.

Cyber Attacks

Cyber Attacks DDOS Government Hacking

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Phishing

Phishing Authentication Telecommunications Accountability

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The threat that API security breaches pose to enterprises should not be taken lightly.

Hacking

Hacking Penetration Testing Data breaches Authentication

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S. Targe including the U.S. Army, UN, NATO, and other agencies.

Cybercrime

Cybercrime Government Data breaches Information Security

Ukraine’s GUR hacked the Russian Ministry of Defense

Security Affairs

MARCH 4, 2024

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. In November, Ukraine’s intelligence service announced they had hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ The attack is the result of another complex special cyber operation.

Hacking

Hacking Data breaches Encryption Government

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Poland probes Pegasus spyware abuse under the PiS government

Trending Sources

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Hackers stole millions of dollars from Uganda Central Bank

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Massive cyberattacks hit French government agencies

Texas is the first state to ban DeepSeek on government devices

Chinese national charged for hacking thousands of Sophos firewalls

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

ChatGPT SSRF bug quickly becomes a favorite attack vector

Russian Phobos ransomware operator faces cybercrime charges

Foreign adversary hacked email communications of the Library of Congress says

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

FBI deleted China-linked PlugX malware from over 4,200 US computers

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Cisco addressed Webex flaws used to compromise German government meetings

New Leak Shows Business Side of China’s APT Menace

Russia-linked threat actors threaten the UK and its allies, minister to say

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Pro-Russia group NoName targeted the websites of Italian airports

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA: hackers breached a state government organization

Ukraine bans Telegram for government agencies, military, and critical infrastructure

CERT-UA warns of a phishing campaign targeting government entities

Australian government announced sanctions for Medibank hacker

Russia-linked APT Star Blizzard targets WhatsApp accounts

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country

A cyber attack hit Japan Airlines delaying ticket sales for flights

Storm-2372 used the device code phishing technique since August 2024

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Ukraine’s GUR hacked the Russian Ministry of Defense

Stay Connected