Government


  • GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

    June 13, 2022

    Over the past year, this group has extended its targeting beyond telecommunication companies to also include financial institutions and government entities. During this period, we have identified several connections between GALLIUM infrastructure and targeted entities across Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia and Vietnam. Most importantly, we have also identified the group’s ...

  • Microsoft seizes 41 domains tied to ‘Iranian phishing ring’

    June 7, 2022

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, ...

  • Costa Rican government held up by ransomware … again

    June 6, 2022

    Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica’s government if a ransom wasn’t paid. This month, another band of extortionists has attacked the nation. Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica’s Social ...

  • WinDealer dealing on the side

    June 2, 2022

    LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. In their initial disclosures on this threat actor, TeamT5 identified three malware ...

  • Australian digital driving licenses can be defaced in minutes

    May 30, 2022

    An Australian digital driver’s license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure. New South Wales, Australia’s most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of ...

  • BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state

    May 27, 2022

    Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. The attack occurred on Tuesday and has caused severe operational disruption of government services, as thousands of workstations have allegedly been locked by the threat actor. Carinthia’s website and email ...

  • White House: Quantum computers could crack encryption, so here’s what we need to do

    May 5, 2022

    The White House has announced a set of proposals for keeping the US ahead in the quantum computing race globally, while mitigating the risk of quantum computers that can break public-key cryptography. Quantum computers powerful enough to break public-key encryption are still years away, but when it happens, they could be a major threat to national ...

  • UK Prime Minister, Catalan groups ‘targeted by NSO Pegasus spyware’

    April 18, 2022

    Citizen Lab has reported finding suspected surveillance software on devices associated with both the UK Prime Minister’s Office and what was formerly called the British Foreign and Commonwealth Office. The Canadian research outfit also said it had identified at least 65 individuals linked with Catalan civil society groups in Spain who were targeted by, or infected ...

  • Lazarus Targets Chemical Sector

    April 14, 2022

    Symantec, a division of Broadcom Software, has observed the North Korea-linked advanced persistent threat (APT) group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. Symantec tracks this sub-set ...

  • Finnish govt websites knocked down as Ukraine President addresses MPs

    April 9, 2022

    Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland’s members of parliament (MPs). Denial-of-service (DoS) attacks hit Finland’s ministries of Defense and Foreign Affairs’ websites around noon local time. About an hour later, both government agencies tweeted that the websites were back up and running. The Finnish Ministry of Foreign Affairs ...

  • Mystery of alleged Chinese hack on eve of Ukraine invasion

    April 7, 2022

    Allegations of Chinese cyber activity as the recent conflict broke out in Ukraine have been emerging. The details appear unusually murky but one Western intelligence official believes the aim was espionage – and the cyber-attack may have been broader than previously reported. The Times first reported that hackers, alleged to be based in China, began targeting Ukrainian ...

  • Israeli officials are being catfished by APT-C-23 hackers

    April 7, 2022

    High-ranking Israeli officials are being catfished in a new cyberespionage campaign launched by APT-C-23. AridViper, also known as APT-C-23, Desert Falcon, and Two-tailed Scorpion, is a politically-driven advanced persistent threat (APT) group active in the Middle East. In the past, AridViper has conducted spear-phishing attacks against Palestinian law enforcement, military, and educational establishments, as well as the ...

  • Demand for cyber threat intel growing, White House official says

    April 6, 2022

    Private sector companies are increasingly asking the federal government for cyber threat intelligence as they seek to shore up their defenses against growing online threats, a White House cyber official told lawmakers on Wednesday. Robert Knake, a U.S. official in charge of budget and policy at the White House’s Office of the National Cyber Director, told ...

  • FBI: Ransomware Attacks Straining Local US Governments and Public Services

    March 30, 2022

    The FBI is informing Government Facilities Sector (GFS) partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. Ransomware attacks against local government entities and the subsequent impacts are especially significant due to the public’s dependency on critical utilities, emergency ...

  • Transparent Tribe APT returns to strike India’s government and military

    March 29, 2022

    The Transparent Tribe hacking group is back with a new malware arsenal and victim list including India’s government and military. Active since at least 2013, the advanced persistent threat (APT) group operates in at least 30 countries. However, the APT tends to focus on India and Afghanistan – with the exception being attacks recorded against human ...

  • China APT group using Russia invasion, COVID-19 in phishing attacks

    March 28, 2022

    A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers (ISPs) and research institutions via phishing lures that refer to Russia’s invasion of Ukraine and COVID-19 travel restrictions. The ongoing campaign was first seen in August 2021 and is being tied to ...

  • How hackers are trying to undermine Putin

    March 20, 2022

    The Anonymous hacktivist collective has been bombarding Russia with cyber-attacks since declaring “cyber war” on President Vladimir Putin in retaliation for the invasion of Ukraine. Several people operating under its banner spoke to the BBC about their motives, tactics and plans. Of all the cyber-attacks carried out since the Ukraine conflict started, an Anonymous hack on ...

  • Israeli government websites down due to suspected cyberattack

    March 14, 2022

    This is the largest-ever cyberattack carried out against Israel, a defense establishment source says Several Israeli government websites went down on Monday, prompting suspicions of a cyberattack. The websites of the Prime Minister’s Office, as well as several ministries, were inaccessible. Access to some of the websites has been restored. A senior defense official reportedly told Haaretz that ...

  • Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments

    March 8, 2022

    UPDATE: The original post may not have provided full clarity that CVE-2021-44207 (USAHerds) had a patch developed by Acclaim Systems for applicable deployments on or around Nov. 15, 2021. Mandiant cannot speak to the affected builds, deployment, adoption, or other technical factors of this vulnerability patch beyond its availability. In May 2021 Mandiant responded to an APT41 intrusion ...

  • US Government sets forth Zero Trust architecture strategy and requirements

    February 17, 2022

    To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028 specifically calls for federal agencies and their suppliers “to modernize approach to ...