Government


  • Awaken Likho is awake: new techniques of an APT group

    October 7, 2024

    In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf). While investigating ...

  • Storm-0501: Ransomware attacks expanding to hybrid cloud environments

    September 26, 2024

    Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...

  • From 12 to 21: How Kaspersky discovered connections between the Twelve and BlackJack groups

    September 25, 2024

    While analyzing attacks on Russian organizations, Kaspersky team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. Kaspersky researchers recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity. In this report, ...

  • China accuses Taiwan-backed group of cyberattacks

    September 23, 2024

    The Ministry of State Security said a Taiwan military-backed hacking group has been carrying out cyberattacks against targets in China, urging people to report “anti-propaganda sabotage”. The ministry said since the beginning of this year, Anonymous 64 had sought to upload and broadcast “content that denigrates the mainland’s political system and major policies” on websites, outdoor ...

  • Philippines: Department of Foreign Affairs concerned over data breach at passport printing unit

    September 21, 2024

    The Department of Foreign Affairs (DFA) of the Philippines has announced that they’re really concerned over the data breach at APO Production Unit – a government-owned and controlled corporation (GOCC) in charge of printing passports. During a Senate finance subcommittee hearing on the agency’s proposed budget for 2025, DFA Office of Consular Affairs Assistant Secretary Adelio ...

  • -=TWELVE=- is back

    September 20, 2024

    In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques ...

  • Indonesia’s tax agency probes alleged personal data breach

    September 19, 2024

    Indonesia’s tax agency is investigating an alleged data breach that exposes the taxpayer identification numbers of millions of Indonesians, including President Joko “Jokowi” Widodo, his ministers and his two sons, an official said. A series of cyber-attacks have hit Indonesian companies and government agencies in the past few years, which experts attribute to the government’s lax ...

  • TikTok just had the most important two hours of its life

    September 16, 2024

    Who really controls TikTok’s magical algorithm — the US-based company that runs the app or its Chinese parent, ByteDance? That’s the question that bedeviled a trio of federal judges on Monday charged with deciding whether to allow the implementation of a law that could ultimately result in TikTok being banned for all Americans. After more than ...

  • Chinese APT Abuses VSCode to Target Government in Asia

    September 6, 2024

    Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target ...

  • Tropic Trooper spies on government entities in the Middle East

    September 5, 2024

    Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle ...

  • Should State Governments Ban Ransomware Payments?

    September 3, 2024

    In 2021, North Carolina became the first state to prohibit public ransomware payments, even going so far as to ban negotiations with cyber criminals. It was a groundbreaking move. Florida followed suit in 2022, but its legislation took a less stringent approach, covering a narrower range of entities and omitting some of the stricter provisions ...

  • Head Mare: adventures of a unicorn in Russia and Belarus

    September 2, 2024

    Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...

  • UK: Watchdog reprimands Labour following data breach

    August 29, 2024

    The information watchdog has formally reprimanded the Labour Party for failing in its data protection duties following a cyber attack. More than 150 complaints were made to the Information Commissioner’s Office (ICO) about the handling of inquiries about personal data, known as Subject Access Requests (SARs). An investigation revealed the problem developed in part because an ...

  • Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

    August 28, 2024

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. This includes organizations across several sectors ...

  • ACSC chief appointed new top cyber spy

    August 26, 2024

    Australian Cyber Security Centre chief Abigail Bradshaw has been named the new director-general of the Australian Signals Directorate, replacing outgoing chief Rachel Noble. Ms Bradshaw, a former Navy officer with deep expertise in cyber, national security, crisis management and incident response roles across government, will take up the top job on September 6. Prime Minister Anthony ...

  • Security gaps leave local governments vulnerable to a variety of cyber threats

    August 21, 2024

    Cities and counties are beefing up their IT security, and that makes sense, says Augustine Boateng, interim chief information officer (CIO) in Memphis, Tenn. “It’s important to note that local governments have developed a reputation over the years for having lackluster cybersecurity; and not without good reason. As a result, we’re seeing more and more cyberattacks ...

  • BlindEagle flying high in Latin America

    August 19, 2024

    BlindEagle, also known as “APT-C-36”, is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin America. They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy ...

  • T-Mobile Fined $60 Million to Settle Alleged National Security Violations

    August 15, 2024

    Wireless company T-Mobile US has agreed to pay about $60 million to settle allegations it failed to promptly report incidents of unauthorized data access in violation of a national security agreement that allowed its merger with rival Sprint, according to senior U.S. government officials. The civil penalty, announced Wednesday by the Committee on Foreign Investment in ...

  • EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

    August 14, 2024

    In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service. Attackers used this malware to download ...

  • Venezuela is the Victim of a Cyber Coup

    August 10, 2024

    On Friday, Joaquin Perez, the Deputy Ambassador of Venezuela to the United Nations, participated in the United Nations Convention on Cybercrime meeting held in New York. The Bolivarian diplomat denounced that Venezuela is being subjected to a cyber coup d’état orchestrated by transnational far-right powerful actors who control major media outlets and social networks. “The meeting ...