Government

January 7, 2025

As part of Washington’s lawsuit, the state claims T-Mobile failed to ‘adequately secure sensitive personal information of more than 2 million Washingtonians’. This failure, the state claims, left those consumers vulnerable to fraud and identity theft. The suit claims that the breach was ‘entirely avoidable’ and explains T-Mobile had years to fix key vulnerabilities in its ...

December 30, 2024

The Treasury Department told lawmakers Monday that a state-sponsored actor in China hacked its systems, accessing several user workstations and certain unclassified documents. The treasury was informed on Dec. 8 by a third-party software service provider, BeyondTrust, that a threat actor used a stolen key to remotely access certain workstations and unclassified documents, according to a ...

December 30, 2024

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. ...

December 28, 2024

Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan’s two airports, putting them out of action temporarily, the country’s cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy’s “Russophobes get a well deserved cyber response”. Read more… Source: MSN News Sign ...

December 26, 2024

On April 25, the Illinois Department of Human Services (IDHS) experienced a privacy breach. An outside entity, through a phishing campaign, gained access to multiple employee accounts, and files associated with the accounts. The files included the Social Security numbers (SSNs) of 4,701 customers and three employees. Separately, public assistance account information (name, public assistance account ...

December 20, 2024

Ukraine government databases, described as critically important infrastructure, have been hit by a cyber attack that’s being blamed on Russia. Deputy prime minister Olha Stefanishyna said it was the largest external cyber attack on the state registers of Ukraine in recent times. “As a result of a targeted attack, the work of the Unified and State Registers, ...

December 15, 2024

The Department of Justice has recorded more than 480 data breaches over the past three years, including the loss of sensitive papers, encrypted devices, and unauthorised access to social media. The breaches occurred across the department including key areas such as international protection, the response to the Ukraine refugee crisis, and in citizenship applications. A log ...

December 12, 2024

During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, Kaspersky researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”. The Mask APT is a legendary ...

December 10, 2024

The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in ...

November 27, 2024

In Q3 2024, the Positive Technologies Expert Security Center (PT ESC) TI Department discovered a series of attacks on Russian government agencies. PT ESC researchers were unable to establish any connection with known groups using the same techniques. The main goal was espionage and gaining a foothold to follow through on further attacks. They dubbed the group ...

November 26, 2024

Pakistan’s government has deployed Chinese technology to build what some senior officials familiar with the project are calling a new, national internet “firewall” that will allow authorities to monitor online traffic and regulate the use of popular apps with greater control than before. The project aims to upgrade the government’s web monitoring capabilities at the country’s ...

November 24, 2024

A hacking group that claims it fraudulently collected Social Relief of Distress (SRD) grants and infiltrated South Africa’s financial system through credit bureaus has released data appearing to belong to Absa and Standard Bank customers. N4aughtySecGroup contacted the media earlier this month with a warning that it had breached several credit bureaus and used its access ...

November 23, 2024

The Ministry of Justice has said it is aware of a data breach affecting prisons in England and Wales. Confidential prison layouts had been leaked onto the dark web in the past two weeks, according to The Times. A former prison governor told the paper organised crime groups could potentially use the information to smuggle drugs ...

November 21, 2024

Elon Musk is beefing with British politicians again — and they’re not impressed. The X owner and Donald Trump ally brushed off a call from the House of Commons’ science and technology committee to answer questions on his role in riots that swept the U.K. this summer. Committee chair Chi Onwurah told POLITICO this week that ...

November 15, 2024

A technical network problem rather than a cyberattack was ultimately responsible for the simultaneous loss of access observed on the afternoon of Thursday, November 14, to websites of ADC and other government agencies. As competent sources told prototheme.gr, after an investigation, it was found that the temporary interruption of access to websites of the State, such ...

November 4, 2024

The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests to US-based companies, exposing personally identifying information (PII). While the concept of fraudulent emergency data requests was previously used by other threat actors, such as ...

November 1, 2024

India has been described as an adversary for the first time in an official Canadian government document. That description came in the National Cyber Threat Assessment 2025-2026 released by the Canadian Centre for Cyber Security, on Tuesday. In its section on cyber threat from “state adversaries”, it includes China, Russia, Iran, North Korea and India. In ...

October 31, 2024

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing ...

October 30, 2024

There have been 6,885 data breaches across Government departments over the last ten years. More than half of the breaches, 3,637 of them, occurred at the Department of Social Protection. The Department of Justice accounted for 862 of the breaches, with 757 breaches reported at the Department of Foreign Affairs. The majority of the data breaches ...

October 29, 2024

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard ...