Government


  • Ukraine: Websites of some banks and ministries are under a cyberattack

    February 15, 2022

    According to local media, hackers are now attacking a number of sites in Ukraine. Several banks and the website of the Ministry of Defense are under DDoS attack. “Ukrainska Pravda” citing sources in the Ukrainian government understands that a powerful DDoS attack affected Privatbank and Oschadbank banks, as well as the Ministry of Defense and the ...

  • UK Foreign Office target of ‘serious cyber incident’

    February 8, 2022

    The UK’s Foreign, Commonwealth and Development Office (FCDO) was the target of a “serious cyber-security incident”, it has emerged. The details came via a tender document published on a government website, seemingly by mistake. The BBC understands unidentified hackers got inside the FCDO systems, but were detected. It is not believed that any classified or highly sensitive material ...

  • Israel Police Used NSO’s Pegasus Spyware Against Top Gov’t Officials, Journalists and Activists

    February 7, 2022

    Israel Police used NSO’s Pegasus spyware to hack the phones of public figures, including protest leaders, journalists, government employees and associates of former Prime Minister Benjamin Netanyahu, according to a report by Calcalist on Monday. According to the report, the hacking tool was used without a court order and against Netanyahu’s son, Avner Netanyahu, co-defendant in ...

  • Actinium hacking group is targeting emergency response and security organizations in Ukraine

    February 7, 2022

    Microsoft has detailed recent hacking activity of cyber actors, most likely aligned with the Russian Federal Security Service (FSB), who have targeted Ukraine government, security agencies and aid organizations. Microsoft says the hacking group, which it calls Actinium, has “targeted or compromised accounts” at Ukraine emergency response organizations since October. Actinium hackers also targeted organizations that ...

  • NSO Group Pegasus Spyware Aims at Finnish Diplomats

    January 31, 2022

    The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. They also said the infections were of the zero-click variety. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing ...

  • LockBit gang claims it stole data from French Ministry of Justice

    January 28, 2022

    The French government is investigating claims from the LockBit ransomware gang that data was stolen from the Ministry of Justice. “The French Ministry of Justice is aware of the alert and has immediately taken actions to proceed to the needed verifications, in collaboration with the competent services in this field,” a government spokesperson told ZDNet. The Ministry ...

  • Canada’s foreign affairs department hit with cyberattack

    January 25, 2022

    Canada’s foreign affairs department was hit with a cyberattack last week, according to the Treasury Board of Canada. The hack of Global Affairs Canada, the government entity responsible for diplomatic and global relations, occurred on Wednesday, according to a statement provided by the Treasury Board to ABC News. The statement does not identify who carried out the ...

  • Hackers take over diplomat’s email, target Russian deputy minister

    January 12, 2022

    Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions. One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible ...

  • CISA Issues Emergency Directive Requiring Federal Agencies To Mitigate Apache Log4j Vulnerabilities

    December 17, 2021

    WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-02 today requiring federal civilian departments and agencies to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. This Directive will be updated to further drive additional mitigation actions. The directive is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based ...

  • Collecting In the Dark: Tropic Trooper Targets Transportation and Government

    December 14, 2021

    Earth Centaur, previously known as Tropic Trooper, is a long-running cyberespionage threat group that has been active since 2011. In July 2020, Trend Micro researchers noticed interesting activity coming from the group, and they have been closely monitoring it since. The actors seem to be targeting organizations in the transportation industry and government agencies related ...

  • NICKEL targeting government organizations across Latin America and Europe

    December 6, 2021

    The Microsoft Threat Intelligence Center (MSTIC) has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016 and observed some common activity with other actors known in the security community as APT15, APT25, ...

  • UK government transport website caught showing porn

    November 25, 2021

    A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department’s business plan. Racy traffic ahead The UK DfT’s charts.dft.gov.uk website was seen serving porn today, as confirmed by BleepingComputer. Read more… Source: Bleeping Computer  

  • North Korean cyberspies target govt officials with custom malware

    November 18, 2021

    A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky (aka Thallium). TA406 has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March and June 2021, ...

  • Philippines gov takes down passport application website amid privacy leak fears

    November 11, 2021

    The Philippines’ Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a “data privacy issue” and hinting that information could have leaked. “The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed,” states a notice on ...

  • CISA Binding Operational Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities

    November 3, 2021

    A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security (DHS) to develop and oversee the implementation of binding operational directives. Federal agencies are required to comply ...

  • New White House Cyber Director Wants to Fight Like Cobra Kai

    November 1, 2021

    The first U.S. National Cyber Director wants the government to take a tougher, more proactive approach to those who threaten America’s networks: degrade their capabilities and demonstrate how they would suffer should they attack. John “Chris” Inglis’ vision for his brand-new office somewhat resembles the match-day strategy employed by the Cobra Kai dojo in the original ...

  • Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t

    October 27, 2021

    Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed “Balikbayan Foxes” and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy ...

  • FBI: Ranzy Locker ransomware hit at least 30 US companies this year

    October 26, 2021

    The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. “Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021,” the FBI said in a TLP: WHITE flash alert. “The victims include the construction subsector of ...

  • Hacker sells the data for millions of Moscow drivers for $800

    October 23, 2021

    Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019 Russian news publisher Kommersant called a small sample of the exposed individuals and ...

  • Russia and China left out of global anti-ransomware meetings

    October 13, 2021

    The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat. Publicly disclosed ransomware payments have reached more than $400 million globally in 2020 and over $81 million in the ...