Government, Hacking and Information Security

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office.

Government

Government Hacking Ransomware Insurance

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform.

Government

Government Hacking Ransomware Manufacturing

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. The former head of Poland’s internal security service was arrested Monday and brought before parliament to testify about prior government use of spyware against hundreds of individuals.

Spyware

Spyware Government Surveillance Hacking

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Security Affairs

MAY 17, 2025

The FBI warns that ex-government officials are being targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials to current or former senior US federal or state government officials and their contacts Since April 2025, threat actors have been using texts and AI voice messages impersonating senior U.S.

Government

Government Social Engineering Authentication Accountability

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Security Affairs

JANUARY 23, 2025

The US governments cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). is end-of-life and no longer receives security updates, for this reason, these instances are exposed to hack.

Hacking

Hacking Government Cybersecurity Information Security

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

Security Affairs

OCTOBER 17, 2024

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, RomCom)

Government

Government Malware Cyber Attacks Ransomware

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The cyber spies stole information belonging to targeted individuals that was subject to U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Security Affairs

APRIL 28, 2025

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asias government and telecom sectors. Earth Kurma particularly targeted the Philippines, Vietnam, Thailand, and Malaysia.

Telecommunications

Telecommunications Government Malware Hacking

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers.

Hacking

Hacking Internet Internet Government

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs

MAY 18, 2025

. “That effectively means there is a built-in way to physically destroy the grid,” an anonymous informer told Reuters The rogue devices’ existence is newly revealed, with no public US government acknowledgment. The DOE said its working with the federal government to strengthen U.S.

Energy and Utilities

Energy and Utilities Manufacturing Government Hacking

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors.

Banking

Banking Government Accountability Hacking

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. During the 2024 Matrix Cup hacking contest in China, zbl & srs of team TZL demonstrated the vulnerability.

Hacking

Hacking Government Software Information Security

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. ”

Hacking

Hacking Ransomware Banking Accountability

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. Zero-day prices have risen as the level of security of messaging apps and mobile devices becomes harder to hack.

Government

Government Surveillance Mobile Hacking

Texas is the first state to ban DeepSeek on government devices

Security Affairs

FEBRUARY 2, 2025

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas and other states banned TikTok on government devices. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,DeepSeek)

Government

Government Artificial Intelligence Media Data collection

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. government funding for MITRE s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. MITREs U.S.-funded

Government

Government Risk Cybersecurity Media

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Tor Project maintainers are urging users to deploy 200 WebTunnel bridges by year-end allow users in Russia to bypass government censorship. ” reads the announcement published by Tor Project.

Government

Government Internet Internet Hacking

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The cyber spies stole information belonging to targeted individuals that was subject to U.S.

Mobile

Mobile Telecommunications Data breaches Hacking

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader.

Government

Government Cyber threats Malware Phishing

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

Security Affairs

NOVEMBER 10, 2024

South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. “The government is actively responding to distributed denial of service (DDoS) attacks targeting some public and private websites.

DDOS

DDOS Government Cyber threats Hacking

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency

Cryptocurrency Hacking Government Accountability

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Education

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement and other government agencies to illicitly forward Emergency Data Requests (EDRs) to major online platforms. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,EDR-as-a-Service)

Cybercrime

Cybercrime Social Engineering Accountability Government

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. “An unidentified “adversary” hacked into the email system for the Library of Congress, accessing information sent via email between January and September 2024, the Library said.”

Hacking

Hacking Government Data breaches Information Security

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., European, and Asian entities. systems. .”

Malware

Malware Government Hacking Cybersecurity

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Russia)

Data collection

Data collection Authentication Hacking Government

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Security Affairs

APRIL 13, 2025

. “During the half-day meeting in Geneva, Wang Lei, a top cyber official with Chinas Ministry of Foreign Affairs, indicated that the infrastructure hacks resulted from the U.S.s “Wang or the other Chinese officials didnt directly state that China was responsible for the hacking, the U.S. ” states the WSJ.

Hacking

Hacking Manufacturing Education Government

Russia-linked threat actors threaten the UK and its allies, minister to say

Security Affairs

NOVEMBER 25, 2024

He is expected to warn about the activity conducted by Russia’s GRU Unit 29155 , which the UK government accuses of conducting several attacks across the UK and Europe. He will allege that Russian state-aligned hacking groups have executed at least nine cyberattacks against NATO nations, targeting critical infrastructure.

Cyber Attacks

Cyber Attacks Government Hacking Cyber threats

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states.

Government

Government Phishing DNS VPN

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Pro-Russia group NoName targeted the websites of Italian airports

Security Affairs

DECEMBER 28, 2024

With the renewed support for Ukraine from the Italian government, this group has resumed targeting certain Italian websites.” ” The group published a list of targets on its Telegram channel, which includes government and institutional websites.

DDOS

DDOS Artificial Intelligence Government Cybercrime

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs

OCTOBER 30, 2024

The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. Government Computer Emergency Response Team of Ukraine (CERT-UA) and Amazon also warned about this campaign.

Phishing

Phishing Social Engineering Government Hacking

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Cryptocurrency Cybercrime Artificial Intelligence

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. ” said U.S.

Telecommunications

Telecommunications Software Technology Healthcare

ChatGPT SSRF bug quickly becomes a favorite attack vector

Security Affairs

MARCH 18, 2025

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. “Top targeted industry and geo are Government organisations in the US.” “Security teams often prioritize patching only critical and high-severity vulnerabilities.

Government

Government Healthcare Authentication Hacking

Russian cyber spies stole data and emails from UK government systems

Security Affairs

AUGUST 8, 2024

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media. Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. ” reported The Record Media. .

Government

Government Media Accountability Data breaches

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website.

Malware

Malware Government Encryption Hacking

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts.

Government

Government Phishing Hacking Malware

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Star Blizzard group, aka “ Callisto “, Seaborgium , ColdRiver , and TA446, targeted government officials, military personnel,journalists and think tanks since at least 2015. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia)

Accountability

Accountability Phishing Government Hacking

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. The Chinese hackers have also ramped up the use of zero-day vulnerabilities in targeted devices.

Firmware

Firmware Government Firewall Malware

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Rhysida Ransomware gang claims the hack of the Government of Peru

Trending Sources

Poland probes Pegasus spyware abuse under the PiS government

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Hackers stole millions of dollars from Uganda Central Bank

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Texas is the first state to ban DeepSeek on government devices

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Russian Phobos ransomware operator faces cybercrime charges

EDR-as-a-Service makes the headlines in the cybercrime landscape

Foreign adversary hacked email communications of the Library of Congress says

New Leak Shows Business Side of China’s APT Menace

FBI deleted China-linked PlugX malware from over 4,200 US computers

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Russia-linked threat actors threaten the UK and its allies, minister to say

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

France links Russian APT28 to attacks on dozen French entities

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Pro-Russia group NoName targeted the websites of Italian airports

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Russia warns financial sector organizations of IT service provider LANIT compromise

ChatGPT SSRF bug quickly becomes a favorite attack vector

Russian cyber spies stole data and emails from UK government systems

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Ukraine bans Telegram for government agencies, military, and critical infrastructure

CERT-UA warns of a phishing campaign targeting government entities

Russia-linked APT Star Blizzard targets WhatsApp accounts

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Stay Connected