Government


  • Ransomware gang targets Belgian municipality, hits police instead

    November 26, 2022

    The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. The leaked data reportedly exposed thousands of car number plates, fines, crime report files, personnel details, investigation reports, and more. This type of ...

  • Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability

    November 25, 2022

    The Cybersecurity and Infrastructure Security Agency (CISA) said Iranian hackers breached a federal agency that failed to patch the Log4Shell vulnerability and deployed a crypto miner. The Log4Shell vulnerability (CVE-2021-44228) is a critical remote code execution flaw on Apache’s Log4j logging library popular with Java developers. The breach that occurred as early as February 2022 impacted ...

  • Vanuatu: Hackers strand Pacific island government for over a week

    November 18, 2022

    Vanuatu’s government has been knocked offline for more than 11 days after a suspected cyber-attack on servers in the country. The hack has disabled the websites of the Pacific island’s parliament, police and prime minister’s office. It has also taken down the email system, intranet and online databases of schools, hospitals and other emergency services as well ...

  • Earth Preta Spear-Phishing Governments Worldwide

    November 17, 2022

    Trend Micro researchers have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents researchers observed in the wild, this is a large-scale cyberespionage campaign that began around March. After months of tracking, the seemingly wide outbreak of targeted attacks includes but ...

  • Pro-Russian hackers claim cyber attack on FBI website

    November 15, 2022

    A group of pro-Russian hackers claimed to hack into the FBI website this week, the latest in a string of supposed attacks on U.S. government websites. The group Killnet took responsibility for infiltrating the website on its Telegram page Monday. It said the group was doing justice and guarding Russian cyberspace, writing “Glory to Russian and ...

  • Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries

    November 15, 2022

    State-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. Symantec, by Broadcom Software, was able to link this activity to a group we track as Billbug due to the use in this campaign of tools previously attributed to this group. Billbug (aka Lotus ...

  • Russia-based Pushwoosh tricks US Army and others into running its code – for a while

    November 15, 2022

    US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company – which presents itself as American – is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications ...

  • Australia: Government considers making cyber ransom payments illegal after Medibank hack

    November 13, 2022

    It could soon be illegal for companies that fall victim to data breaches to pay ransoms to the hackers. The home affairs minister, Clare O’Neil, confirmed the government was examining whether new laws were needed to stop ransom payments in the wake of the Medibank and Optus data breaches. O’Neil said while short-term successes were needed in ...

  • Hack the Real Box: APT41’s New Subgroup Earth Longzhi

    November 9, 2022

    In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we ...

  • Russian spies ‘hacked Liz Truss’s phone and stole sensitive messages’

    October 29, 2022

    Liz Truss had her phone hacked by Kremlin spies while she was working as foreign secretary, according to a report. The former prime minister’s personal messages with former chancellor Kwasi Kwarteng were raided, as well as sensitive details of international negotiations, it is claimed. Security services discovered the major security breach during the summer Tory leadership election, ...

  • Cyber attack on Bulgarian government websites traced to Russia

    October 16, 2022

    The head of Bulgaria’s National Investigation Service, Borislav Sarafov, said on October 16 that the perpetrator of a cyber attack the previous day on several Bulgarian state, government and private websites had been identified, and the attack had come from a city in Russia. Sarafov told Bulgarian media that the name and address of the perpetrator ...

  • The voting machine hacking threat you probably haven’t heard about

    October 14, 2022

    There’s a largely overlooked hacking target that could help those who want to sow doubt about vote tallies in the November midterms: cellular modems that transmit unofficial election-night results. The modems, which send vote data from precincts to central offices using cellphone networks, help election officials satisfy the public’s demand for rapid results. But putting any ...

  • Budworm: Espionage Group Returns to Targeting U.S. Organizations

    October 13, 2022

    The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...

  • Optus confirms 2.1 million ID numbers exposed in data breach

    October 4, 2022

    Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month. In a press statement released yesterday, the mobile carrier updated the information regarding the personal data of 9.8 million customers exposed during the attack. In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ...

  • CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

    October 3, 2022

    CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so ...

  • UK: Liz Truss’ and Cabinet Ministers’ mobile numbers are being sold online for £6.49

    October 2, 2022

    The personal mobile phone numbers of the Prime Minister and 25 of her Cabinet Ministers are being sold on the internet, The Mail on Sunday can reveal. They can be accessed on a shady US website charging just £6.49 for access to the information, which cyber experts warn could be used by China and Russia to ...

  • 12 senior Indonesian officials targeted by NSO software

    September 30, 2022

    More than 12 senior Indonesian military and government officials were targeted by software developed by Israeli cyber company NSO Group, Ynet reported on Thursday night, citing sources familiar with the matter, six of whom were interviewed by Reuters and said they had also been targeted by the software. The officials include Coordinating Minister for Economic Affairs ...

  • Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

    September 29, 2022

    The Witchetty espionage group (aka LookingFrog) has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa. Among the new tools being used by the group is a backdoor Trojan (Backdoor.Stegmap) that employs steganography, a rarely seen technique where malicious code is hidden within an image. In attacks ...

  • FBI: Iranian State Actors Conduct Cyber Operations Against the Government of Albania

    September 21, 2022

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information ...

  • Gamaredon APT targets Ukrainian government agencies in new campaign

    September 15, 2022

    Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part ...