Government


  • UK: Legal Aid database hacked, ‘significant amount’ of data and criminal records stolen

    May 19, 2025

    The UK’s Ministry of Justice (MoJ) has revealed that a cyberattack on the Legal Aid system has led to the theft of a “significant amount” of data, including criminal records. The MoJ was alerted to the attack on April 23 when data dating back as far as 2010 was accessed by the attackers. Earlier this month, ...

  • Senior US Officials Impersonated in Malicious Messaging Campaign

    May 15, 2025

    FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive ...

  • Israeli spyware firm NSO to pay Meta $168m. in damages for hijacking WhatsApp servers

    May 7, 2025

    A federal jury in California handed Israel’s NSO Group a $168 million penalty on Tuesday for hijacking the servers of WhatsApp in order to hack users of the Meta-owned chat platform on behalf of foreign spy agencies. The case caps a six-year battle between the American social media giant and the surveillance firm. It has also ...

  • Lampion Is Back With ClickFix Lures

    May 6, 2025

    Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive banking information. This malware family has been active since at least 2019. During our investigation, we ...

  • TeleMessage, a modified Signal clone used by US government officials, has been hacked

    May 5, 2025

    A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported. TeleMessage came into the spotlight last week after it was reported that former ...

  • Apple notifies new victims of spyware attacks across the world

    April 30, 2025

    Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google ...

  • Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

    April 25, 2025

    Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques. This campaign poses a high business risk due to targeted espionage, ...

  • IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

    April 17, 2025

    Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years. Kaspersky researchers observed ...

  • Suspected Kimsuky (APT-Q-2) attacks South Korean companies

    April 11, 2025

    Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks has been South Korea, involving defense, education, energy, government, healthcare, and think tanks, with a focus ...

  • GOFFEE continues to attack organizations in Russia

    April 10, 2025

    GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of 2023, GOFFEE deployed modified Owowa (malicious IIS module) in ...

  • Trump orders federal investigation into former CISA director Chris Krebs

    April 10, 2025

    President Trump on Wednesday ordered a federal investigation into Chris Krebs, the former director of U.S. cybersecurity agency CISA. In a new executive order, Trump instructed the Department of Homeland Security, which houses CISA, and the U.S. attorney general to investigate Krebs, who was fired by the Trump administration in November 2020 soon after he publicly ...

  • UK threatens £100K-a-day fines under new cyber bill

    April 1, 2025

    The UK’s technology secretary revealed the full breadth of the government’s Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging £100,000 ($129,000) daily fines for failing to act against specific threats under consideration. Slated to enter Parliament later this year, the CSR bill was teased in the King’s Speech in July, shortly ...

  • The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques

    March 31, 2025

    The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors. The first sighting of its activity was in the second quarter of 2023; back then, it was ...

  • Australia: Identity of hacker behind NSW court website data breach unknown

    March 26, 2025

    Authorities say they do not know who is behind a data breach at the NSW Department of Communities and Justice (DCJ) in which thousands of sensitive files were accessed. NSW government officials confirmed about 9,000 sensitive court files, including domestic violence orders and affidavits, were accessed from the NSW Online Reigstry last week. Attorney-General Michael Daley ...

  • Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

    March 25, 2025

    In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...

  • The Trump Administration Accidentally Texted Me Its War Plans

    March 24, 2025

    The world found out shortly before 2 p.m. eastern time on March 15 that the United States was bombing Houthi targets across Yemen. I, however, knew two hours before the first bombs exploded that the attack might be coming. The reason I knew this is that Pete Hegseth, the secretary of defense, had texted me the ...

  • Longtime FBI agent charged with disclosing classified records

    March 20, 2025

    A longtime FBI agent has been charged with unlawfully taking and disclosing classified FBI files, according to court records reviewed by CBS News. Johnathan Buma, who specialized in national security and terror cases, has been released on $100,000 bond, with orders to appear in court in Los Angeles. Buma was arrested as he boarded an international ...

  • US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public

    March 14, 2025

    A group of bipartisan U.S. lawmakers are urging the head of the U.K.’s surveillance court to hold an open hearing into Apple’s anticipated challenge of an alleged secret U.K. government legal demand. U.S. Senator Ron Wyden, along with four other federal lawmakers, said in a letter this week to the president of the U.K.’s Investigatory Powers ...

  • SideWinder targets the maritime and nuclear sectors with an updated toolset

    March 10, 2025

    Last year, Kaspersky researchers published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In the article, they described activities that had mostly happened in the first half of the year. The researchers tried to draw attention to the group, ...

  • UK quietly scrubs encryption advice from government websites

    March 6, 2025

    The change was spotted by security expert Alec Muffett, who wrote in a blog post on Wednesday that the U.K.’s National Cyber Security Centre (NCSC) is no longer recommending that high-risk individuals use encryption to protect their sensitive information. The NCSC in October published a document titled “Cybersecurity tips for barristers, solicitors & legal professionals,” that ...