- UK: Legal Aid database hacked, ‘significant amount’ of data and criminal records stolen
May 19, 2025
The UK’s Ministry of Justice (MoJ) has revealed that a cyberattack on the Legal Aid system has led to the theft of a “significant amount” of data, including criminal records. The MoJ was alerted to the attack on April 23 when data dating back as far as 2010 was accessed by the attackers. Earlier this month, ...
- Senior US Officials Impersonated in Malicious Messaging Campaign
May 15, 2025
FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive ...
- Israeli spyware firm NSO to pay Meta $168m. in damages for hijacking WhatsApp servers
May 7, 2025
A federal jury in California handed Israel’s NSO Group a $168 million penalty on Tuesday for hijacking the servers of WhatsApp in order to hack users of the Meta-owned chat platform on behalf of foreign spy agencies. The case caps a six-year battle between the American social media giant and the surveillance firm. It has also ...
- Lampion Is Back With ClickFix Lures
May 6, 2025
Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive banking information. This malware family has been active since at least 2019. During our investigation, we ...
- TeleMessage, a modified Signal clone used by US government officials, has been hacked
May 5, 2025
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported. TeleMessage came into the spotlight last week after it was reported that former ...
- Apple notifies new victims of spyware attacks across the world
April 30, 2025
Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google ...
- Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
April 25, 2025
Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques. This campaign poses a high business risk due to targeted espionage, ...
- IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
April 17, 2025
Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years. Kaspersky researchers observed ...
- Suspected Kimsuky (APT-Q-2) attacks South Korean companies
April 11, 2025
Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks has been South Korea, involving defense, education, energy, government, healthcare, and think tanks, with a focus ...
- GOFFEE continues to attack organizations in Russia
April 10, 2025
GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of 2023, GOFFEE deployed modified Owowa (malicious IIS module) in ...
- Trump orders federal investigation into former CISA director Chris Krebs
April 10, 2025
President Trump on Wednesday ordered a federal investigation into Chris Krebs, the former director of U.S. cybersecurity agency CISA. In a new executive order, Trump instructed the Department of Homeland Security, which houses CISA, and the U.S. attorney general to investigate Krebs, who was fired by the Trump administration in November 2020 soon after he publicly ...
- UK threatens £100K-a-day fines under new cyber bill
April 1, 2025
The UK’s technology secretary revealed the full breadth of the government’s Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging £100,000 ($129,000) daily fines for failing to act against specific threats under consideration. Slated to enter Parliament later this year, the CSR bill was teased in the King’s Speech in July, shortly ...
- The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques
March 31, 2025
The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors. The first sighting of its activity was in the second quarter of 2023; back then, it was ...
- Australia: Identity of hacker behind NSW court website data breach unknown
March 26, 2025
Authorities say they do not know who is behind a data breach at the NSW Department of Communities and Justice (DCJ) in which thousands of sensitive files were accessed. NSW government officials confirmed about 9,000 sensitive court files, including domestic violence orders and affidavits, were accessed from the NSW Online Reigstry last week. Attorney-General Michael Daley ...
- Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
March 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...
- The Trump Administration Accidentally Texted Me Its War Plans
March 24, 2025
The world found out shortly before 2 p.m. eastern time on March 15 that the United States was bombing Houthi targets across Yemen. I, however, knew two hours before the first bombs exploded that the attack might be coming. The reason I knew this is that Pete Hegseth, the secretary of defense, had texted me the ...
- Longtime FBI agent charged with disclosing classified records
March 20, 2025
A longtime FBI agent has been charged with unlawfully taking and disclosing classified FBI files, according to court records reviewed by CBS News. Johnathan Buma, who specialized in national security and terror cases, has been released on $100,000 bond, with orders to appear in court in Los Angeles. Buma was arrested as he boarded an international ...
- US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public
March 14, 2025
A group of bipartisan U.S. lawmakers are urging the head of the U.K.’s surveillance court to hold an open hearing into Apple’s anticipated challenge of an alleged secret U.K. government legal demand. U.S. Senator Ron Wyden, along with four other federal lawmakers, said in a letter this week to the president of the U.K.’s Investigatory Powers ...
- SideWinder targets the maritime and nuclear sectors with an updated toolset
March 10, 2025
Last year, Kaspersky researchers published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In the article, they described activities that had mostly happened in the first half of the year. The researchers tried to draw attention to the group, ...
- UK quietly scrubs encryption advice from government websites
March 6, 2025
The change was spotted by security expert Alec Muffett, who wrote in a blog post on Wednesday that the U.K.’s National Cyber Security Centre (NCSC) is no longer recommending that high-risk individuals use encryption to protect their sensitive information. The NCSC in October published a document titled “Cybersecurity tips for barristers, solicitors & legal professionals,” that ...