Government


  • Capitol attack’s cybersecurity fallout: Stolen laptops, lost data and possible espionage

    January 11, 2021

    When hostile actors penetrated the Capitol Building on January 6, they gained access to individual chambers and offices and remained at large within the Capitol complex for well over two hours. We have reports that items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated “items, electronic items were stolen ...

  • US government formally blames Russia for SolarWinds hack

    January 5, 2021

    Four US cyber-security agencies, including the FBI, CISA, ODNI, and the NSA, have released a joint statement today formally accusing the Russian government of orchestrating the SolarWinds supply chain attack. US officials said that “an Advanced Persistent Threat (APT) actor, likely Russian in origin” was responsible for the SolarWinds hack, which officials described as “an intelligence ...

  • Emotet malware hits Lithuania’s National Public Health Center

    December 30, 2020

    The internal networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country’s state institutions. “When infected recipients opened infected messages, the virus entered the internal networks of the institutions,” NVSC officials said in a statement published today. “Infected computers, after downloading additional ...

  • Digital Footprint Intelligence Report

    December 29, 2020

    The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Sudan, Syria, Turkey, UAE, Yemen. The data presented in this report was collected through Kaspersky’s own threat ...

  • Finland says hackers accessed MPs’ emails accounts

    December 28, 2020

    The Finnish Parliament said on Monday that hackers gained entry to its internal IT system and accessed email accounts for some members of Parliament (MPs). Government officials said the attack took place in the fall of 2020 and was discovered this month by the Parliament’s IT staff. The matter is currently being investigated by the Finnish ...

  • Vietnam targeted in complex supply chain attack

    December 28, 2020

    A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues ...

  • Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

    December 18, 2020

    Microsoft has become the latest victim of the ever-widening SolarWinds-driven cyberattack that has impacted rafts of federal agencies and tech targets. Its president, Brad Smith, warned late Thursday to expect many more victims to come to light as investigations continue. Adversaries were able to use SolarWinds’ Orion network management platform to infect users with a stealth ...

  • Suspected Russian hackers spied on U.S. Treasury emails – sources

    December 13, 2020

    Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg. The hack is so serious it led to a National Security Council meeting at ...

  • Chinese APT suspected of supply chain attack on Mongolian government agencies

    December 10, 2020

    A Chinese state-sponsored hacking group, also known as an APT, is suspected of having breached a Mongolian software company and compromised a chat app used by hundreds of Mongolian government agencies. The attack is believed to have taken place earlier this year, in June, according to a report published today by Slovak security firm ESET. The hackers ...

  • Norway: Russian APT28 state hackers likely behind Parliament attack

    December 9, 2020

    Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament (Stortinget) email accounts on August 24, 2020, according to the Norwegian Police Security Service (PST, short for Politiets Sikkerhetstjeneste). Attackers gained access to a limited number of Stortinget email accounts of representatives and employees as disclosed by Stortinget director Marianne Andreassen. A statement published on the parliament’s ...

  • Kazakhstan government is intercepting HTTPS traffic in its capital

    December 6, 2020

    Under the guise of a “cybersecurity exercise,” the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services. Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users’ devices via a technique ...

  • Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

    November 30, 2020

    A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal” campaigns, respectively. The malware then all but disappeared from ...

  • Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

    November 18, 2020

    The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...

  • FBI: Hackers stole source code from US government agencies and private companies

    November 7, 2020

    The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public ...

  • When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

    November 6, 2020

    As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...

  • Abandoned Hunter Biden’s laptop contained phone numbers for the Clintons, Secret Service officers and most of the Obama cabinet

    November 1, 2020

    The son of the man expected by many to be America’s next President abandoned a laptop containing a treasure trove of top-secret material, including his father’s private emails and mobile phone numbers, The Mail on Sunday can reveal. In an astonishing lapse, Hunter Biden chose to protect his MacBook Pro computer – crammed with what an ...

  • FBI: Hackers stole government source code via SonarQube instances

    October 27, 2020

    The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages. Vulnerable SonarQube servers have ...

  • EU sanctions Russian hackers over 2015 German parliament attack

    October 22, 2020

    The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag). EU’s sanctions include both travel bans and asset freezes and also block EU organizations and individuals from ...

  • Russian state hackers stole data from US government networks

    October 22, 2020

    DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. Energetic Bear (also tracked as Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala), a hacking group active since ...

  • Hacker groups chain VPN and Windows bugs to attack US government networks

    October 12, 2020

    Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been ...