Government


  • New Attack Technique GrimResource Sweeps Through China with Fake Website

    July 17, 2024

    QiAnXin Threat Intelligence Center and Falcon Operations Team observed in their daily operations that in June 2024, several foreign counterparts reported in-the-wild attacks related to the new attack technique GrimResource. QiAnXin Threat Intelligence Center and Falcon Operations Team promptly conducted research on this technique and have been continuously monitoring it. In mid-July 2024, they discovered the ...

  • CloudSorcerer – A new APT targeting Russian government entities

    July 8, 2024

    In May 2024, Kaspersky researchers discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them ...

  • Airports, Student Aid Services Struck by Indonesian Cyber Attack

    June 28, 2024

    Indonesia’s parliament called the government to task over another cyber attack that led to airport and scholarship services being put out of service. The ransomware attack that affected hundreds of ministries and public institutions was “catastrophic,” said lawmaker Tubagus Hasanuddin in a Thursday evening hearing with the communications minister and the head of state cybersecurity agency. ...

  • LockBit hackers claim to have cracked the US Federal Reserve

    June 25, 2024

    The LockBit cybercrime gang has claimed to have stolen an enormous database from the US Federal Reserve, which includes sensitive banking information about American citizens – but the claim is being met with suspicion. Earlier this week, the infamous ransomware operator added the Fed on its data leak site, saying it had acquired an archive containing ...

  • Indonesian government says national data center was hit in ransomware attack – but it won’t pay up

    June 25, 2024

    The government of Indonesia has suffered a ransomware attack that crippled many of its organizations and caused quite a nuisance for its citizens – but says it won’t be held to ransom. Government officials confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, with ...

  • Chinese hackers have stepped up attacks on Taiwanese organizations

    June 24, 2024

    A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future. RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded ...

  • ExCobalt: GoRed, the hidden-tunnel technique

    June 19, 2024

    While responding to an incident at one of their clients, the PT ESC CSIRT team discovered a previously unknown backdoor written in Go, which they attributed to a cybercrime gang dubbed ExCobalt. ExCobalt focuses on cyberespionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt gang. Cobalt attacked ...

  • Cleveland City Hall to remain closed after ransomware attack

    June 15, 2024

    City officials have confirmed the “cyber incident” that has hamstrung city operations for days to be a ransomware attack. In such attacks, malicious software effectively locks up a computer or network system, preventing access until users pay a ransom, according to the FBI. Read more… Source: MSN News Sign up for our Newsletter Related:

  • DISGOMOJI Malware Used to Target Indian Government

    June 13, 2024

    In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137. The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit ...

  • Major data breach at Philippines Agricultural Credit Policy Council (ACPC) exposes sensitive information

    June 9, 2024

    The Agricultural Credit Policy Council (ACPC) has been hacked, exposing sensitive data and raising concerns about government agency security. Ph1ns, a hacker who gained unauthorized access to the ACPC’s internal systems, revealed the breach. The hacker was also responsible for several hack attacks on government agencies, including the DOST and the PNP. Read more… Source: Manila Bulletin Sign up ...

  • Canada does not have the tools to fight cyber crime, says watchdog

    June 5, 2024

    Canada’s federal government does not have the capacity and tools to effectively fight cyber crime in part because of excessive bureaucracy and staff shortages, the country’s top watchdog said on Tuesday. In an official report, Auditor General Karen Hogan said she found breakdowns in response, coordination, tracking, and information sharing between and across the organizations responsible ...

  • Ukrainian intelligence’ hackers attack Russian government agencies and large companies

    June 5, 2024

    Hackers from the Main Intelligence Directorate (DIU) of Ukraine’s Ministry of Defense have attacked the electronic services of several Russian ministries and banking institutions, according to RBC-Ukraine source in the special services. According to Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media) , the disruption is allegedly linked to an accident in ...

  • Inside The Box: Malware’s New Playground

    June 3, 2024

    Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). Even though BoxedApp has been commercially available for a while, ...

  • Massive cyber attack against Eritrea’s Internet System

    May 26, 2024

    A massive cyber attack was unleashed against Eritrea’s Internet System on Independence Day, Friday, 24 May 2024, at 12:32’:47 in the afternoon hours. The attempt was foiled by the defensive countermeasures deployed promptly, and the network continued its functions without interruptions. The identity of the originators, architects, and implementers of the attempted cyber attack is not ...

  • Optus sued by regulator over 2022 cyber-attack

    May 23, 2024

    Australia’s Communications and Media Authority (ACMA) has begun legal action against Optus, the country’s second largest telco, over a data breach it suffered in 2022. The watchdog has filed legal proceedings to the Federal Court, alleging that Optus “failed to protect the confidentiality of its customers’ personal information from unauthorised interference or unauthorised access,” and was ...

  • A Microsoft under attack from government and tech rivals after ‘preventable’ hack ties executive pay to cyberthreats

    May 22, 2024

    Microsoft has come under fire recently from both the U.S. government and rival companies for its failure to stop a Chinese hack of its systems last summer. One change the tech giant is making in response: linking executive compensation more closely to cybersecurity. In April, a government review board described a hack of Microsoft last summer attributed ...

  • Positive Technologies detects a series of attacks via Microsoft Exchange Server

    May 17, 2024

    While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 ...

  • SugarGh0st RAT Used to Target American Artificial Intelligence Experts

    May 16, 2024

    Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically ...

  • Ireland: More than 470 legal proceedings issued against health service after ransomware hit

    May 14, 2024

    More than 470 legal proceedings have been issued against the Health Service Executive (HSE) in relation to a cyber attack that shutdown the health service’s IT systems and compromised the data of thousands of patients and staff three years ago. Conti, a Russia-based cybercrime group, launched its ransomware attack on the health service on May 14th, ...

  • Tennessee: New state law to protect entities under cyber attack from class action suits amid Ascension Health hack

    May 13, 2024

    Another healthcare system is under a cyber attack, and while it’s unclear what, if any information has been accessed, a soon-to-be law will prevent those whose information may have been exposed from filing a class action lawsuit against entities that are hacked as long as the organization wasn’t grossly negligent. According to a spokesperson for Ascension ...