Government


  • HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft

    January 25, 2024

    HP Enterprise was infiltrated by a hacking group linked to Russian intelligence last year, the business IT company has revealed in a Securities and Exchange Commission filing. The threat actor is believed to be Midnight Blizzard, also known as Cozy Bear, which was the same group that recently breached the email accounts of several senior executives ...

  • Lebanon: Ministry of Social Affairs’ website suffers cybersecurity breach

    January 22, 2024

    The Ministry of Social Affairs’ website has been subjected to a cyber-attack. Authorities are actively working to resolve the issue and ensure the restoration of normalcy to the site. Reportedly, the website does not contain any personal information. Read more… Source: Lebanese Broadcasting Corporation International   

  • Swiss government accused of massive online surveillance

    January 11, 2024

    The Swiss Federal Intelligence Service (SRC) is allegedly monitoring the digital activities of the Swiss population, particularly on their mobile phones and computers, according to the German-language magazine Republik.ch on Tuesday. What’s more, Swiss spies are said to be storing far more information than they promised when the new intelligence law was introduced. The SRC denies ...

  • Thailand: Elderly to get anti-scam education as cybercrime explodes

    January 10, 2024

    Alarmed by research indicating that the elderly are the most vulnerable to fraudsters, Thailand’s Ministry of Social Development and Human Security and CIB cybercrime investigators will collaborate with partners to provide digital literacy to senior people nationwide. The minister, Varawut Silpa-archa, stated that more than 13 million people, or almost 20% of the Thai population, are ...

  • Proposed Irish hate speech regulations could have a chilling effect on freedom

    January 4, 2024

    In light of the Dublin riots, which estimates suggest resulted in millions of euro worth of damage, following the stabbing of three children outside their school by a foreign national, Ireland’s regional free speech culture war battleground has become global. Several public figures from across the world have sounded the alarm over potential threats to freedom ...

  • Pakistan: Separate agency set up to tackle cybercrime challenge

    December 28, 2023

    The government has established a separate agency, National Cyber Crime Investigation Agency, equipped with all the required equipment and skills with which Pakistan’s cyberspace, data of public and private institutions, business transactions, and online activities of citizens can be secured, effectively. This was stated by Caretaker Federal Minister for Information Technology and Telecommunication Dr Umar Saif, ...

  • A cyberattack targets Albanian Parliament, cellphone provider and air flight company

    December 27, 2023

    Albania’s Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. A statement said Monday’s cyberattack had not “touched the data of the system,” adding that experts were working to discover what consequences the attack could have. It said ...

  • Governments spying on Apple, Google users through push notifications -US senator

    December 7, 2023

    Unidentified governments are surveilling smartphone users via their apps’ push notifications, a U.S. senator warned on Wednesday. In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet’s Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track ...

  • Star Blizzard increases sophistication and evasion in ongoing attacks

    December 7, 2023

    Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard (formerly SEABORGIUM, also known as COLDRIVER and Callisto Group). Star Blizzard has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against the same targets. Star Blizzard, whose activities we ...

  • TA422’s Dedicated Exploitation Loop – the Same Week After Week

    December 5, 2023

    Starting in March 2023, Proofpoint researchers have observed the Russian advanced persistent threat (APT) TA422 readily use patched vulnerabilities to target a variety of organizations in Europe and North America. TA422 overlaps with the aliases APT28, Forest Blizzard, Pawn Storm, Fancy Bear, and BlueDelta, and is attributed by the United States Intelligence Community to the Russian ...

  • New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

    December 1, 2023

    Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. The researchers will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors’ activity. Unit 42 team is sharing this research to provide detection, prevention and hunting ...

  • France bans ministers from WhatsApp, Signal; demands French alternatives

    November 30, 2023

    French Prime Minister Élisabeth Borne has banned widely used messaging apps WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo obtained by French news outlet Le Point. “These digital tools are not devoid of security flaws, and therefore cannot guarantee the security of conversations and information shared via ...

  • HrServ – Previously unknown web shell used in APT attack

    November 22, 2023

    In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Kaspersky analysis of the sample led to the discovery of related variants compiled in 2021, indicating a potential correlation between ...

  • Ukraine sacks ‘corrupt’ cyber defence chiefs

    November 21, 2023

    Ukraine has sacked two top cyber defence officials after they were charged with orchestrating a multi-million pound embezzlement scheme. Yurii Shchyhol and Viktor Zhora, the head and deputy of the Service of Special Communications and Information Protection of Ukraine (SSSCIP), are accused of inflating the value of a software deal for personal gain by £1.4million ($1.7million). Read ...

  • Canada: Current and former public service, RCMP, military members affected by data breach

    November 18, 2023

    The federal government is warning current and former public service employees and members of the RCMP and Canadian Armed Forces their personal and financial information may have been accessed in a data breach that occurred on Oct. 19. The breach affects federal government data held by Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & ...

  • Zimbra 0-day used to target international government organizations

    November 16, 2023

    In June 2023, Google’s Threat Analysis Group (TAG) discovered an in-the-wild 0-day exploit targeting Zimbra Collaboration, an email server many organizations use to host their email. Since discovering the 0-day, now patched as CVE-2023-37580, TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this ...

  • #StopRansomware: Rhysida Ransomware

    November 15, 2023

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the MultiState Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known Rhysida ransomware IOCs and TTPs identified through investigations as recently as September 2023. Rhysida – an emerging ransomware variant – has predominately been deployed against the education, ...

  • TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities

    November 14, 2023

    In mid-2023, Proofpoint researchers first identified TA402 (Molerats, Gaza Cybergang, Frankenstein, WIRTE) activity using a labyrinthine infection chain to target Middle Eastern governments with a new initial access downloader Proofpoint has dubbed IronWind. From July through October 2023, TA402 utilized three variations of this infection chain—Dropbox links, XLL file attachments, and RAR file attachments—with each variant ...

  • Australia: Defence recalls cybersecurity coordinator Air Marshal Darren Goldie

    November 14, 2023

    The senior Air Force officer recently appointed as the National Cyber Security Coordinator has been recalled to Defence to deal with what the department describes as a “workplace matter”. The government said in a statement that Department of Home Affairs Deputy Secretary of Cyber and Infrastructure Security Hamish Hansford would act as National Cyber Security Coordinator ...

  • UK: Government has never paid a ransomware demand, minister says

    November 7, 2023

    The government has announced that it has never paid a ransom demanded by cybercriminals – and pledged that it never will. The announcement – made to tie in with last week’s meeting of members of the international Counter Ransomware Initiative – rubber-stamps what the government said “has been a long-standing policy but … the first ...