government-backed attacks

CISA says Treasury was the only US agency breached via BeyondTrust

BeyondTrust, CISA, Don't miss, government-backed attacks, Hot stuff, News, USA /

CISA says Treasury was the only US agency breached via BeyondTrust 2025-01-07 at 14:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving compromised BeyondTrust Remote Support SaaS instances. On the same […]

React to this headline:

Loading spinner

CISA says Treasury was the only US agency breached via BeyondTrust Read More »

How widespread is mercenary spyware? More than you think

Don't miss, government-backed attacks, Hot stuff, iVerify, News, nso group, smartphone hacking, spyware /

How widespread is mercenary spyware? More than you think 2024-12-04 at 16:18 By Zeljka Zorz A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat

React to this headline:

Loading spinner

How widespread is mercenary spyware? More than you think Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless /

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Private US companies targeted by Stonefly APT

APT, Don't miss, enterprise, extortion, government-backed attacks, Hot stuff, Mandiant, News, North Korea, Symantec, USA /

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

FBI forced Flax Typhoon to abandon its botnet

botnet, China, consumer, Don't miss, DVR, enterprise, FBI, government-backed attacks, Hot stuff, IoT, Justice Department, Lumen, NAS, News, router, security cameras, SMBs /

FBI forced Flax Typhoon to abandon its botnet 2024-09-19 at 14:16 By Zeljka Zorz A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operations to take control of

React to this headline:

Loading spinner

FBI forced Flax Typhoon to abandon its botnet Read More »

North Korean hackers’ social engineering tricks

Cryptocurrency, Cryptocurrency Exchange, Don't miss, government-backed attacks, Hot stuff, News, North Korea, social engineering /

North Korean hackers’ social engineering tricks 2024-09-04 at 15:31 By Zeljka Zorz “North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a public service announcement. This suggests that they are likely to target companies associated with

React to this headline:

Loading spinner

North Korean hackers’ social engineering tricks Read More »

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

APT, Don't miss, exploit, Government, government-backed attacks, Hot stuff, Malware, News, Russian Federation /

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

US offers $10 million for information on indicted WhisperGate malware suspect

Government, government-backed attacks, Justice Department, law enforcement, Malware, News, Russian Federation, Ukraine, USA /

US offers $10 million for information on indicted WhisperGate malware suspect 2024-06-27 at 10:36 By Help Net Security A federal grand jury in Maryland returned an indictment charging a Russian citizen with conspiracy to hack into and destroy computer systems and data. If convicted, he faces a maximum penalty of five years in prison. The

React to this headline:

Loading spinner

US offers $10 million for information on indicted WhisperGate malware suspect Read More »

20,000 FortiGate appliances compromised by Chinese hackers

attacks, China, Don't miss, enterprise, Fortinet, Government, government-backed attacks, hardware, Hot stuff, Malware, News, Remote Access Trojan /

20,000 FortiGate appliances compromised by Chinese hackers 2024-06-12 at 14:16 By Zeljka Zorz Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Military Intelligence and Security Service (MIVD)

React to this headline:

Loading spinner

20,000 FortiGate appliances compromised by Chinese hackers Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

0-day, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, Lumen, Microsoft, NCSC, News, security update /

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

React to this headline:

Loading spinner

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »

A “cascade” of errors let Chinese hackers into US government inboxes

APT, CISA, cloud security, CSP, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, News, UK, USA /

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

React to this headline:

Loading spinner

State-sponsored hackers know enterprise VPN appliances inside out Read More »

How are state-sponsored threat actors leveraging AI?

APT, Artificial Intelligence, Don't miss, generative AI, government-backed attacks, Hot stuff, LLMs, Microsoft, News, OpenAI, threats /

How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to

React to this headline:

Loading spinner

How are state-sponsored threat actors leveraging AI? Read More »

Chinese hackers breached Dutch Ministry of Defense

Don't miss, EU, Fortinet, Government, government-backed attacks, Hot stuff, Malware, News, Remote Access Trojan, vulnerability /

Chinese hackers breached Dutch Ministry of Defense 2024-02-07 at 16:46 By Helga Labus Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented from the

React to this headline:

Loading spinner

Chinese hackers breached Dutch Ministry of Defense Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

0-day, APT, Don't miss, Europe, government-backed attacks, Hot stuff, News, open source, Roundcube /

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

React to this headline:

Loading spinner

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

React to this headline:

Loading spinner

State-sponsored APTs are leveraging WinRAR bug Read More »

Russian APT phished government employees via Microsoft Teams

APT, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, Microsoft Teams, News, phishing, social engineering /

Russian APT phished government employees via Microsoft Teams 03/08/2023 at 15:17 By Zeljka Zorz An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. A social engineering attack to bypass MFA protection “To facilitate their attack, the actor uses Microsoft

React to this headline:

Loading spinner

Russian APT phished government employees via Microsoft Teams Read More »

North Korean hackers targeted tech companies through JumpCloud and GitHub

APT, CrowdStrike, Don't miss, GitHub, government-backed attacks, Hot stuff, JumpCloud, Mandiant, News, North Korea, social engineering, spear-phishing /

North Korean hackers targeted tech companies through JumpCloud and GitHub 21/07/2023 at 16:03 By Helga Labus North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusion On June 27, JumpCloud

React to this headline:

Loading spinner

North Korean hackers targeted tech companies through JumpCloud and GitHub Read More »

Scroll to Top