Government


  • Canada’s foreign affairs department hit with cyberattack

    January 25, 2022

    Canada’s foreign affairs department was hit with a cyberattack last week, according to the Treasury Board of Canada. The hack of Global Affairs Canada, the government entity responsible for diplomatic and global relations, occurred on Wednesday, according to a statement provided by the Treasury Board to ABC News. The statement does not identify who carried out the ...

  • Hackers take over diplomat’s email, target Russian deputy minister

    January 12, 2022

    Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions. One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible ...

  • CISA Issues Emergency Directive Requiring Federal Agencies To Mitigate Apache Log4j Vulnerabilities

    December 17, 2021

    WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-02 today requiring federal civilian departments and agencies to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. This Directive will be updated to further drive additional mitigation actions. The directive is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based ...

  • Collecting In the Dark: Tropic Trooper Targets Transportation and Government

    December 14, 2021

    Earth Centaur, previously known as Tropic Trooper, is a long-running cyberespionage threat group that has been active since 2011. In July 2020, Trend Micro researchers noticed interesting activity coming from the group, and they have been closely monitoring it since. The actors seem to be targeting organizations in the transportation industry and government agencies related ...

  • NICKEL targeting government organizations across Latin America and Europe

    December 6, 2021

    The Microsoft Threat Intelligence Center (MSTIC) has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016 and observed some common activity with other actors known in the security community as APT15, APT25, ...

  • UK government transport website caught showing porn

    November 25, 2021

    A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department’s business plan. Racy traffic ahead The UK DfT’s charts.dft.gov.uk website was seen serving porn today, as confirmed by BleepingComputer. Read more… Source: Bleeping Computer  

  • North Korean cyberspies target govt officials with custom malware

    November 18, 2021

    A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky (aka Thallium). TA406 has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March and June 2021, ...

  • Philippines gov takes down passport application website amid privacy leak fears

    November 11, 2021

    The Philippines’ Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a “data privacy issue” and hinting that information could have leaked. “The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed,” states a notice on ...

  • CISA Binding Operational Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities

    November 3, 2021

    A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security (DHS) to develop and oversee the implementation of binding operational directives. Federal agencies are required to comply ...

  • New White House Cyber Director Wants to Fight Like Cobra Kai

    November 1, 2021

    The first U.S. National Cyber Director wants the government to take a tougher, more proactive approach to those who threaten America’s networks: degrade their capabilities and demonstrate how they would suffer should they attack. John “Chris” Inglis’ vision for his brand-new office somewhat resembles the match-day strategy employed by the Cobra Kai dojo in the original ...

  • Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t

    October 27, 2021

    Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed “Balikbayan Foxes” and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy ...

  • FBI: Ranzy Locker ransomware hit at least 30 US companies this year

    October 26, 2021

    The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...

  • Hacker sells the data for millions of Moscow drivers for $800

    October 23, 2021

    Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019 Russian news publisher Kommersant called a small sample of the exposed individuals and ...

  • Russia and China left out of global anti-ransomware meetings

    October 13, 2021

    The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat. Publicly disclosed ransomware payments have reached more than $400 million globally in 2020 and over $81 million in the ...

  • MysterySnail attacks IT companies, defence contractors and diplomatic entities with Windows zero-day

    October 12, 2021

    In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it was using ...

  • Microsoft: Russian state hackers behind 53% of attacks on US govt agencies

    October 8, 2021

    Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. “Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely ...

  • Ransom Disclosure Act would give victims 48 hours to report payments

    October 5, 2021

    Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the ‘Ransom Disclosure Act’. The bill was drafted by U.S. Senator Elizabeth Warren and Representative Deborah Ross, and its goal is to strengthen DHS’s (Department of Homeland Security) understanding ...

  • GhostEmperor: From ProxyLogon to kernel mode

    September 30, 2021

    While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over ...

  • NSA-CISA Guidance: Selecting and Hardening Remote Access VPN Solutions

    September 30, 2021

    Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network via a secure tunnel. Through this tunnel, users can take advantage of the internal services and protections normally offered to on-site users, such as email/collaboration tools, sensitive document repositories, and perimeter firewalls and gateways. Because remote access VPN servers are entry points into protected networks, they ...

  • New advanced hacking group targets governments, engineers worldwide

    September 23, 2021

    A new hacking group targeting entities worldwide to spy on them has been unmasked by researchers. Dubbed FamousSparrow by ESET, on Thursday, the team said that the advanced persistent threat (APT) group — many of whom are state-sponsored — is a new entry to the cyberespionage space. Believed to have been active since at least 2019, the ...