Government


  • Pro-Russian hackers claim cyber attack on FBI website

    November 15, 2022

    A group of pro-Russian hackers claimed to hack into the FBI website this week, the latest in a string of supposed attacks on U.S. government websites. The group Killnet took responsibility for infiltrating the website on its Telegram page Monday. It said the group was doing justice and guarding Russian cyberspace, writing “Glory to Russian and ...

  • Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries

    November 15, 2022

    State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. Symantec, by Broadcom Software, was able to link this activity to a group we track as Billbug due to the use in this campaign of tools previously attributed to this group. Billbug (aka Lotus ...

  • Russia-based Pushwoosh tricks US Army and others into running its code – for a while

    November 15, 2022

    US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company – which presents itself as American – is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications ...

  • Australia: Government considers making cyber ransom payments illegal after Medibank hack

    November 13, 2022

    It could soon be illegal for companies that fall victim to data breaches to pay ransoms to the hackers. The home affairs minister, Clare O’Neil, confirmed the government was examining whether new laws were needed to stop ransom payments in the wake of the Medibank and Optus data breaches. O’Neil said while short-term successes were needed in ...

  • Hack the Real Box: APT41’s New Subgroup Earth Longzhi

    November 9, 2022

    In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we ...

  • Russian spies ‘hacked Liz Truss’s phone and stole sensitive messages’

    October 29, 2022

    Liz Truss had her phone hacked by Kremlin spies while she was working as foreign secretary, according to a report. The former prime minister’s personal messages with former chancellor Kwasi Kwarteng were raided, as well as sensitive details of international negotiations, it is claimed. Security services discovered the major security breach during the summer Tory leadership election, ...

  • Cyber attack on Bulgarian government websites traced to Russia

    October 16, 2022

    The head of Bulgaria’s National Investigation Service, Borislav Sarafov, said on October 16 that the perpetrator of a cyber attack the previous day on several Bulgarian state, government and private websites had been identified, and the attack had come from a city in Russia. Sarafov told Bulgarian media that the name and address of the perpetrator ...

  • The voting machine hacking threat you probably haven’t heard about

    October 14, 2022

    There’s a largely overlooked hacking target that could help those who want to sow doubt about vote tallies in the November midterms: cellular modems that transmit unofficial election-night results. The modems, which send vote data from precincts to central offices using cellphone networks, help election officials satisfy the public’s demand for rapid results. But putting any ...

  • Budworm: Espionage Group Returns to Targeting U.S. Organizations

    October 13, 2022

    The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...

  • Optus confirms 2.1 million ID numbers exposed in data breach

    October 4, 2022

    Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month. In a press statement released yesterday, the mobile carrier updated the information regarding the personal data of 9.8 million customers exposed during the attack. In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ...

  • CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

    October 3, 2022

    CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so ...

  • UK: Liz Truss’ and Cabinet Ministers’ mobile numbers are being sold online for £6.49

    October 2, 2022

    The personal mobile phone numbers of the Prime Minister and 25 of her Cabinet Ministers are being sold on the internet, The Mail on Sunday can reveal. They can be accessed on a shady US website charging just £6.49 for access to the information, which cyber experts warn could be used by China and Russia to ...

  • 12 senior Indonesian officials targeted by NSO software

    September 30, 2022

    More than 12 senior Indonesian military and government officials were targeted by software developed by Israeli cyber company NSO Group, Ynet reported on Thursday night, citing sources familiar with the matter, six of whom were interviewed by Reuters and said they had also been targeted by the software. The officials include Coordinating Minister for Economic Affairs ...

  • Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

    September 29, 2022

    The Witchetty espionage group (aka LookingFrog) has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa. Among the new tools being used by the group is a backdoor Trojan (Backdoor.Stegmap) that employs steganography, a rarely seen technique where malicious code is hidden within an image. In attacks ...

  • FBI: Iranian State Actors Conduct Cyber Operations Against the Government of Albania

    September 21, 2022

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information ...

  • Gamaredon APT targets Ukrainian government agencies in new campaign

    September 15, 2022

    Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part ...

  • New Wave of Espionage Activity Targets Asian Governments

    September 13, 2022

    A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. The attacks, which have been underway since at least early 2021, appear to ...

  • Albania Claims New Cyberattack on Day the US Sanctions Iran for July Attack

    September 9, 2022

    Albania said it suffered another cyberattack on the day the U.S. announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) for an attack launched against Tirana’s government computer systems in July. “The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in ...

  • Pakistan government labels its own cybersecurity team ‘incompetent’

    September 7, 2022

    A Pakistani parliamentary committee has labelled its own cybersecurity agency “incompetent”. That damning assessment was offered by the nation’s Standing Committee on Information Technology and Telecommunication at a Monday meeting convened to brief committee members on the workings of Pakistan’s Ministry of Information Technology and Telecommunication. Read more… Source: The Register  

  • IRS data leak exposes personal info of 120,000 taxpayers

    September 3, 2022

    The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. IRS Form 990T is used to report ‘unrelated business income’ paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts. This income is commonly derived from sales unrelated ...