2020, Government and Hacking - Cyber Security Informer

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Security Affairs

APRIL 28, 2025

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asias government and telecom sectors. Earth Kurma particularly targeted the Philippines, Vietnam, Thailand, and Malaysia.

Telecommunications

Telecommunications Government Malware Hacking

Government contractor Conduent disclosed a data breach

Security Affairs

APRIL 16, 2025

Conduent suffered another security breach in 2020 by the Maze ransomware gang, which stole corporate data. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,data breach)

Data breaches

Data breaches Government Cyber Insurance Business Services

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The Chinese APT focuses on government entities and telecommunications companies in Southeast Asia.

Mobile

Mobile Telecommunications Data breaches Hacking

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

Security Affairs

JULY 8, 2025

government, including the US Treasury. The man is also accused of 2020 attacks on U.S. “Zewei Xu is wanted by the FBI for allegedly being part of a team of hackers that allegedly carried out espionage operations, particularly in 2020 on anti-COVID vaccines being produced at the University of Texas.” authorities.

Government

Government Hacking Risk Information Security

Russia-linked threat actors threaten the UK and its allies, minister to say

Security Affairs

NOVEMBER 25, 2024

He is expected to warn about the activity conducted by Russia’s GRU Unit 29155 , which the UK government accuses of conducting several attacks across the UK and Europe. He will allege that Russian state-aligned hacking groups have executed at least nine cyberattacks against NATO nations, targeting critical infrastructure.

Cyber Attacks

Cyber Attacks Government Hacking Cyber threats

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The charges result from an investigation conducted by the US government into public companies potentially impacted by the supply chain attack on SolarWinds’ Orion software.

Hacking

Hacking Risk Cybersecurity Government

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Hacking

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

NSO Group continued using WhatsApp exploits, including spyware called Erised, even after being sued for violating anti-hacking laws. 2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. continues the court filing.

Spyware

Spyware Surveillance Hacking Software

Brazilian citizen charged for threatening to release data stolen from a company in 2020

Security Affairs

DECEMBER 27, 2024

charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach. A Brazilian citizen faces U.S.

Government

Government Hacking Data breaches Information Security

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. The Chinese hackers have also ramped up the use of zero-day vulnerabilities in targeted devices.

Firmware

Firmware Government Firewall Malware

EU announced sanctions on three members of Russia’s GRU Unit 29155

Security Affairs

JANUARY 28, 2025

The EU sanctioned three members of Russia’s GRU Unit 29155 for cyberattacks on Estonia’s government agencies in 2020. “The Council today adopted additional restrictive measures against three Russian individuals responsible for a series of cyberattacks carried out against the Republic of Estonia in 2020. .

Cyber Attacks

Cyber Attacks Government Healthcare Financial Services

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader.

Government

Government Cyber threats Phishing Malware

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs

OCTOBER 30, 2024

The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. The group is known for the SolarWinds supply chain attack that in 2020 hit more than 18,000 customer organizations, including Microsoft.

Phishing

Phishing Social Engineering Government Hacking

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

One of these virtual private servers was exclusively employed in attacks against entities across Taiwan, including commercial firms and at least one municipal government organization. Follow me on Twitter: @securityaffairs and Facebook and Mastodon PierluigiPaganini ( SecurityAffairs hacking,HiatusRAT)

Architecture

Architecture Malware IoT Internet

Authorities released free decryptor for Phobos and 8base ransomware

Security Affairs

JULY 18, 2025

Based on information from open sources, government experts linked multiple Phobos ransomware variants to Phobos intrusions due to observed similarities in Tactics, Techniques, and Procedures (TTPs). Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims.

Ransomware

Ransomware Encryption Malware Cybercrime

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Security Affairs

DECEMBER 21, 2024

In August 2020, the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations. In July, the FBI warned of NetWalker attacks targeting government organizations. million ransom to recover its files. million as a result of the offenses charged in the indictment.

Ransomware

Ransomware Healthcare Cryptocurrency Government

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

Privacy Shield framework in 2020. Privacy Shield in 2020, Meta continued transferring data under a framework that was deemed insufficient to protect European citizens from U.S. government surveillance. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, GDPR )

Data privacy

Data privacy Risk Surveillance Government

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

The network of data brokers that political campaigns rely on to target voters with ads is enormous, as one Washington Post reporter found in 2020, with “3,000 data points on every voter.” Escaping this data collection regime has proven difficult for most people. Instead, it may point to how people interpret “cyber interference.

Scams

Scams Identity Theft Cybercrime Accountability

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure. The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment.

Phishing

Phishing Malware Security Intelligence Hacking

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. Recent incidents include attacks on government agencies, critical infrastructure, and major corporations, highlighting the vulnerability of national cybersecurity defenses.

Cyber Attacks

Cyber Attacks Phishing Penetration Testing Healthcare

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

PRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978 , Tropical Scorpius , UNC2596 ), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities.

Encryption

Encryption Ransomware Malware Phishing

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. The group has been active since 2020, they use web shells for command execution and data theft.

Energy and Utilities

Energy and Utilities Passwords Healthcare Hacking

Can Cybersecurity Make You a Millionaire?

Hacker's King

OCTOBER 22, 2024

YOU MAY ALSO WANT TO READ ABOUT: Can Cybersecurity Hack Your Phone? As businesses, governments, and individuals continue to migrate to digital platforms, the risk of cyberattacks rises exponentially. For example, in 2020, a hacker reportedly earned over $1 million in bug bounties from Facebook alone.

Cybersecurity

Cybersecurity CISO Engineering Education

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

NOVEMBER 16, 2024

” NSO Group continued using WhatsApp exploits, including spyware called “Erised,” even after being sued for violating anti-hacking laws. 2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. .

Spyware

Spyware Surveillance Malware Hacking

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims. government agencies and first responders. “Negotiate a deal in Telegram.”

Cybercrime

Cybercrime Mobile Hacking Telecommunications

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co.,

Firewall

Firewall Hacking Malware Encryption

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

Security Affairs

JUNE 9, 2025

District Court for the District of Columbia alleging that North Korean information technology (IT) workers obtained illegal employment and amassed millions in cryptocurrency for the benefit of the North Korean government, all as a means of evading U.S. government was able to freeze and seize over $7.74 sanctions placed on North Korea.”

Scams

Scams Identity Theft Cryptocurrency Accountability

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

government is aligning two foundational privacy and cybersecurity frameworks. NIST first published the PFW in 2020, with the goal of helping organizations mitigate the privacy risks associated with the processing of personal data in their computer systems. Dive into five things that are top of mind for the week ending April 18.

Risk

Risk Cybersecurity Data privacy Software

Trump Administration Cybersecurity Funding Cuts: A Risky Gamble?

Hacker's King

MAY 24, 2025

Notably, experts warned that such cuts could undermine efforts to secure election systems, government databases, and national defense networks. Moreover, some state and local governments that rely on federal support for election security were left scrambling for alternative resources.

Cybersecurity

Cybersecurity Cyber threats Government Risk

U.S. warns of incoming cyber threats following Iran airstrikes

Security Affairs

JUNE 24, 2025

. “Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks.” officials linked to a 2020 military commander’s death. officials linked to a 2020 military commander. .” Recent U.S.

Cyber threats

Cyber threats Cyber Attacks Government Mobile

Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 13, 2025

CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites An APT group exploited ESET flaw to execute malware Oracle confirms the hack of two obsolete servers hacked.

Data breaches

Data breaches Cybercrime Hacking Ransomware

Trump Revenge Tour Targets Cyber Leaders, Elections

Krebs on Security

APRIL 14, 2025

President Trump last week revoked security clearances for Chris Krebs , the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. telecommunications providers.

Government

Government Cybersecurity Risk Telecommunications

DOGE to Fired CISA Staff: Email Us Your Personal Data

Krebs on Security

MARCH 19, 2025

government employees. If a foreign government had known even part of his name from a list of confirmed CIA officers, his cover would have been blown.” ” Meanwhile, NBC News reported on March 7 that Starlink is expanding its footprint across the federal government. On Monday, The New York Times reported that U.S.

Government

Government Passwords Cybersecurity Internet

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

Security Affairs

JULY 1, 2025

Their campaign included hack-and-leak ops tied to Gaza protests, aiming to damage reputations, steal data, and erode trust in cybersecurity. Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks.” Even a U.S.

Cyber threats

Cyber threats Cyber Attacks Passwords Internet

More on the Security of the 2020 US Election

Schneier on Security

NOVEMBER 23, 2020

Last week I signed on to two joint letters about the security of the 2020 election. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise. Details of what to do are known.

Government

Government Hacking Risk Cybersecurity

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. However, the government's plan has its technical merits. I am less optimistic about the country's ability to secure all of this stuff -- especially before the 2020 Summer Olympics.

IoT

IoT Government Firmware Hacking

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

DECEMBER 14, 2020

Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. released between March 2020 and June 2020.” Communications at the U.S. HF 5 through 2020.2.1,

Hacking

Hacking Antivirus Telecommunications Accountability

Latest on the SVR’s SolarWinds Hack

Schneier on Security

JANUARY 5, 2021

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). There is also no indication yet that any human intelligence alerted the United States to the hacking. Its chief executive, Kevin B. We know at minimum they had access Oct.

Hacking

Hacking System Administration Surveillance Software

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Krebs on Security

DECEMBER 16, 2020

13, cyber incident response firm FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye said hacked networks were seen communicating with a malicious domain name — avsvmcloud[.]com

Hacking

Hacking Malware Software Cybercrime

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

JUNE 20, 2021

APT31 (aka Zirconium) is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers.

Government

Government Hacking Cyber Attacks Passwords

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

companies and government entities. A spam email from 2020 containing a Trickbot-infected attachment. “During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States,” the sanctions notice continued.

Hacking

Hacking Cybercrime Ransomware Government

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Hacking

Hacking Ransomware Banking Accountability

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

JANUARY 19, 2021

military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The release was granted in part due to Ferizi’s 2018 diagnosis if asthma, as well as a COVID outbreak at the facility where he was housed in 2020. He admitted to hacking a U.S.-based

Identity Theft

Identity Theft Government Accountability Social Engineering

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Schneier on Security

APRIL 8, 2021

This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors.

Government

Government Hacking Malware Cybersecurity

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Government contractor Conduent disclosed a data breach

Trending Sources

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

Russia-linked threat actors threaten the UK and its allies, minister to say

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Russian Phobos ransomware operator faces cybercrime charges

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Brazilian citizen charged for threatening to release data stolen from a company in 2020

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

EU announced sanctions on three members of Russia’s GRU Unit 29155

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Authorities released free decryptor for Phobos and 8base ransomware

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Increased GDPR Enforcement Highlights the Need for Data Security

Election season raises fears for nearly a third of people who worry their vote could be leaked

North Korea-linked APT Emerald Sleet is using a new tactic

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

China-linked APT Silk Typhoon targets IT Supply Chain

Can Cybersecurity Make You a Millionaire?

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Canadian Man Arrested in Snowflake Data Extortions

Chinese national charged for hacking thousands of Sophos firewalls

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Trump Administration Cybersecurity Funding Cuts: A Risky Gamble?

U.S. warns of incoming cyber threats following Iran airstrikes

Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

Trump Revenge Tour Targets Cyber Leaders, Elections

DOGE to Fired CISA Staff: Email Us Your Personal Data

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

More on the Security of the 2020 US Election

Japanese Government Will Hack Citizens' IoT Devices

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Latest on the SVR’s SolarWinds Hack

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Norway blames China-linked APT31 for 2018 government hack

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

New Charges Derail COVID Release for Hacker Who Aided ISIS

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Stay Connected