2007, Cybersecurity and Information Security

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

However the signing message was to change — Ben Zhou (@benbybit) February 21, 2025 Blockchain cybersecurity firm Elliptic attributed the cyber heist to the notorious North Korea-linked APT Group Lazarus , however, Bybit has yet to confirm it. “Almost $1.5 billion in crypto was stolen from Bybit today.

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Phishing DNS VPN

Russia-linked APT28 targets western logistics entities and technology firms

Security Affairs

MAY 21, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. After initial access, APT 28 conducted reconnaissance on key personnel, cybersecurity teams, and partners.

Technology

Technology Malware Phishing Government

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

An updated GAO report from earlier this year found some improvements, but the basic problem remained: “DOD is still learning how to contract for cybersecurity in weapon systems, and selected programs we reviewed have struggled to incorporate systems’ cybersecurity requirements into contracts.”

Software

Software Cybersecurity Backups Manufacturing

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

In March, researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The post North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro appeared first on Security Affairs. Win64/NukeSped.JS : devguardmap[.]org

Cybersecurity

Cybersecurity Engineering Software Hacking

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Security Affairs

SEPTEMBER 5, 2024

DFS immediately reported the attack to national security authorities. Cybersecurity experts linked the attack to the Russian nation-state actor APT28 which was responsible for the 2015 attack on the Bundestag.

Cyber Attacks

Cyber Attacks Hacking Government Accountability

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking

Banking Malware Hacking Information Security

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Evil Corp has recently launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

Ransomware

Ransomware Banking Cybercrime Hacking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit and the Cybersecurity and Infrastructure Security Agency (CISA) uploaded the samples on the Virus Total online virus scan platform.

Malware

Malware Advertising Hacking Government

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Malware

Malware Phishing Surveillance Government

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation (FBI), and U.S. North Korea-linked APT group BeagleBoyz intensified its operations since February, US CISA, Department of the Treasury, FBI, and USCYBERCOM warn.

Banking

Banking Malware Advertising Hacking

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

The software also allow dragnet surveillance, according to the brochures presented at Milipol it is an updated copy of Eagle, the program ceded to Gaddafi in 2007. . The post French court indicted Nexa Technologies for complicity in acts of torture appeared first on Security Affairs. .” continues Télérama. Pierluigi Paganini.

Technology

Technology Surveillance Software Government

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Researchers from cybersecurity firm Intezer linked the attacks to a group operating under the APT28.

Malware

Malware Phishing Government Data collection

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Cybersecurity and Infrastructure Security Agency (CISA) in August 2020.

Malware

Malware System Administration Hacking Media

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs

MAY 4, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. .” The attribution to the China-linked APT group is based on the analysis of the forensic artifacts. “The Cybereason research agrees with that assessment.

Manufacturing

Manufacturing Hacking Malware Passwords

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Media Hacking Malware

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Trend Micro researchers speculate the group operates under the China-linked Winnti umbrella.

Cryptocurrency

Cryptocurrency Social Engineering Phishing Media

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Malware

Malware Advertising Encryption Hacking

Chinese state-sponsored hackers breached TeamViewer in 2016

Security Affairs

MAY 17, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. TeamViewer is appalled by any criminal activity; however, the source of the problem, according to our research, is careless use, not a potential security breach on TeamViewer’s side.”

Advertising

Advertising Architecture Software Banking

Winnti APT continues to target game developers in Russia and abroad

Security Affairs

JANUARY 15, 2021

Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007.

Malware

Malware Technology Software Information Security

New Turla ComRAT backdoor uses Gmail for Command and Control

Security Affairs

MAY 26, 2020

Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ , which is a malware that was employed in past campaigns attributed to the Turla APT group. Researchers uncovered a new advanced variant of Turla’s ComRAT backdoor that leverages Gmail’s web interface as C2 infrastructure.

Advertising

Advertising Malware Encryption Authentication

Russia-linked APT breached the network of Dutch police in 2017

Security Affairs

JUNE 10, 2021

The group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. However, Volkskrant doesn’t exclude the involvement of another Russia-linked APT, the APT28 (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ).

Government

Government Surveillance Hacking Ransomware

Mysterious hackers steal data of over 70% of Bulgarians

Security Affairs

JULY 16, 2019

“Your government is slow to develop, your state of cybersecurity is parodyous ,” wrote the hackers. “Upon reviewing the information, Capital has opened databases with more than 1 million rows containing PINs, names, addresses, and even earnings.” “Perhaps the biggest leak of personal data in Bulgaria. .

Media

Media Government Advertising Insurance

The US Treasury placed sanctions on North Korea linked APT Groups

Security Affairs

SEPTEMBER 13, 2019

. “We will continue to enforce existing US and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”

Cyber Attacks

Cyber Attacks Cryptocurrency Hacking Banking

ActiveX Controls in South Korean websites are affected by critical flaws

Security Affairs

MAY 22, 2019

According to research conducted by experts at IssueMakersLab, since 2007 and up to 2018, North Korea linked attacks exploited a large number of zero-day flaws in commonly used ActiveX. Microsoft no longer supports ActiveX in Microsoft Edge, which is the default recommended default browser over Internet Explorer.

Government

Government Technology Internet Internet

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Researchers at cybersecurity firm Lookout pointed out that APT41’s activity has not slowed down since recent indictments by the U.S. government.

Spyware

Spyware Surveillance Malware Mobile

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

System Administration

System Administration Government Phishing Malware

How Dow Jones used the pandemic to undergo a zero trust overhaul

SC Magazine

MAY 18, 2021

Flags and the Dow logo at the main entrance of the Dow world headquarters complex is shown April 12, 2007 in Midland, Michigan. Not surprisingly, one of the first priorities Dow Jones focused on was providing employees secure access to the internet and company IT resources while they worked from home.

IoT

IoT Telecommunications Manufacturing Firewall

HITRUST i1 Assessment control selection leverages security best practices, threat intelligence

CyberSecurity Insiders

DECEMBER 17, 2021

FRISCO, Texas–( BUSINESS WIRE )–HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware.

Cyber threats

Cyber threats Information Security Risk Marketing

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive.

Media

Media Accountability Government Malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Malware

Malware Firmware Government Software

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Read the whole entry. »

CSO

CSO Financial Services CISO Mobile

Great American Insurance Group Launches Innovative Cyber Risk Management Platform for Policyholders

CyberSecurity Insiders

JANUARY 24, 2022

by Great American, a powerful cyber risk management platform that combines the National Institute of Standards and Technology (NIST) driven, inside-out review of an organization’s cyber security posture with insights from continuous, external vulnerability scans and best-in-class cyber security ratings from SecurityScorecard.

Cyber Risk

Cyber Risk Insurance Risk Cyber Insurance

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot , also known as Qbot , Pinkslipbot , and Quakbot is a banking trojan that has been made headlines since 2007. About the author: Pedro Tavares.

Malware

Malware Encryption Banking Software

As Internet-Connected Medical Devices Multiply, So Do Challenges

Cisco Security

JUNE 15, 2022

But for cybersecurity professionals, internet-connected medical devices are more likely to be top-of-mind. I tell them no, and here’s why,” said Matthew Clapham , a veteran product cybersecurity specialist. “In That doesn’t mean the risk is zero, noted Christos Sarris , a longtime information security analyst.

Internet

Internet Internet Manufacturing Healthcare

The Delicate Balance of Security Versus Usability

CyberSecurity Insiders

APRIL 20, 2021

As a security evangelist, you understand the necessity of adhering to a set of security requirements, but as a normal staff member, you can understand the frustration of your non-security coworkers. Is there ever such a thing as being a “normal” staff member after you have crossed into the elite world of information security?

Healthcare

Healthcare Information Security Wireless Security Awareness

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Daniel Miessler

SEPTEMBER 29, 2020

Since 2007 the InfoSec industry has been talking about TheBigOne™—the event that would change cyber threats from annoyances to existential concerns. Even medium and large businesses struggle to handle this threat, and that’s with dedicated security staff to help them. They called it Cyber Pearl Harbor.

Ransomware

Ransomware Government Social Engineering InfoSec

Cyber Heroes Recognized in SecureWorld 2024 Conference Theme

SecureWorld News

FEBRUARY 26, 2024

So, it's fitting that the theme for our 2024 conferences is "Legacies Untold: Revealing Cybersecurity's Hidden Figures." Information Security is no different. We celebrate their contributions to InfoSec, elevating everyone in the cybersecurity profession—today's heroes. Joe died in 2007.

Technology

Technology Cybersecurity Engineering InfoSec

The Hacker Mind Podcast: The Fog of Cyber War

ForAllSecure

JULY 6, 2022

Contrasting that is, perhaps, a more nuanced statement from Howard Schmidt, President Obama’s first cybersecurity czar, who said “We see people talking about the digital Pearl Harbor from the worms and Trojans and viruses. Vamosi: The slogan of the RSA Conference is “Where the World Talks Security,” and, in general.

Cybercrime

Cybercrime Government Ransomware Hacking

Maritime port cybersecurity

Security Affairs

JANUARY 27, 2021

Let’s talk about cyber risk in the maritime and port setting to better understand Maritime Port cybersecurity. In order to better understand the evolutionary trend of worldwide shipping and port facilities from 2007 to present, it is necessary to talk again about cyber risk in the maritime and port setting.

Cybersecurity

Cybersecurity Cyber Risk Risk Education

China-linked APT group Winnti targets Japanese organizations since March 2024

Security Affairs

FEBRUARY 18, 2025

Researchers from cybersecurity firm LAC uncovered a new cyberespionage campaign, tracked as RevivalStone, carried out by the China-linked APT group Winnti in March 2024. ” The APT group was first spotted by Kaspersky in 2013, but according to the researchers,the gang has been active since 2007.

Malware

Malware Manufacturing Encryption Hacking

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

France links Russian APT28 to attacks on dozen French entities

Trending Sources

Russia-linked APT28 targets western logistics entities and technology firms

Vulnerabilities in Weapons Systems

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Colombian authorities arrested hacker behind the Gozi Virus

Grief ransomware gang hit US National Rifle Association (NRA)

US Cyber Command details implants used in attacks on parliaments and embassies

APT28 targets key networks in Europe with HeadLace malware

North Korea-linked APT group BeagleBoyz targets banks

French court indicted Nexa Technologies for complicity in acts of torture

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

North Korea-linked Lazarus APT targets the IT supply chain

China-linked Winnti APT steals intellectual property from companies worldwide

Microsoft disrupted APT28 attacks on Ukraine through a court order

Financially motivated Earth Lusca threat actors targets organizations worldwide

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Chinese state-sponsored hackers breached TeamViewer in 2016

Winnti APT continues to target game developers in Russia and abroad

New Turla ComRAT backdoor uses Gmail for Command and Control

Russia-linked APT breached the network of Dutch police in 2017

Mysterious hackers steal data of over 70% of Bulgarians

The US Treasury placed sanctions on North Korea linked APT Groups

ActiveX Controls in South Korean websites are affected by critical flaws

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

How Dow Jones used the pandemic to undergo a zero trust overhaul

HITRUST i1 Assessment control selection leverages security best practices, threat intelligence

China-linked APT41 group spotted using open-source red teaming tool GC2

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

Great American Insurance Group Launches Innovative Cyber Risk Management Platform for Policyholders

A taste of the latest release of QakBot

As Internet-Connected Medical Devices Multiply, So Do Challenges

The Delicate Balance of Security Versus Usability

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Cyber Heroes Recognized in SecureWorld 2024 Conference Theme

The Hacker Mind Podcast: The Fog of Cyber War

Maritime port cybersecurity

China-linked APT group Winnti targets Japanese organizations since March 2024

Stay Connected