Government, Hacking and Phishing - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

US Government Sites Give Bad Security Advice

Krebs on Security

MARCH 25, 2020

government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Census Bureau website [link] carries a message that reads, “An official Web site of the United States government.

Government

Government Phishing Encryption Scams

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code.

Malware

Malware Antivirus DDOS Software

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs

OCTOBER 30, 2024

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Phishing

Phishing Social Engineering Government Hacking

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

Security Affairs

OCTOBER 17, 2024

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. “The infection chain consists of a spear-phishing message delivering a downloader consisting of either of two variants: “RustyClaw” – a RUST-based downloader, and a C++ based variant we track as “MeltingClaw”.”

Government

Government Malware Cyber Attacks Ransomware

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

The Hacker News

MAY 27, 2025

Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,

Phishing

Phishing Government Hacking

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders.

Hacking

Hacking Malware Ransomware Government

Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam

eSecurity Planet

JUNE 9, 2025

An organised crime gang has stolen £47 million ($64 million) from the UK’s tax office by hacking into over 100,000 customer accounts and fraudulently claiming government payments. “We have not been hacked, we have not had data extracted from us,” MacDonald told MPs. billion in other attempted frauds last year.

Scams

Scams Phishing Password Management Accountability

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. commercial and government interests.

Hacking

Hacking Identity Theft Government Phishing

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.

Accountability

Accountability Phishing Government Hacking

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

New Hacking-for-Hire Company in India

Schneier on Security

JUNE 19, 2020

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents.

Hacking

Hacking Phishing Accountability Government

FBI shared a list of phishing domains associated with the LabHost PhaaS platform

Security Affairs

MAY 1, 2025

The FBI shared 42K phishing domains tied to LabHost, a PhaaS platform shut down in April 2024, to boost awareness and help identify compromises. The domain list helps prevent future malicious use, allows security teams to scan past logs for breaches, and supports phishing analysis and model training.

Phishing

Phishing Banking Threat Detection Authentication

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. In September 2024, Ukraines National Coordination Centre for Cybersecurity (NCCC) banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to national security concerns. continues the announcement.

Government

Government Surveillance Mobile Hacking

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA. Air Force, Navy, Army, and the FAA.”

Phishing

Phishing Government Identity Theft Engineering

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states. CVE-2023-23397 ).

Government

Government Phishing DNS VPN

Researchers discovered the largest data breach ever, exposing 16 billion login credentials

Security Affairs

JUNE 19, 2025

With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. The data, structured by URL, login, and password, targets services like Apple, Google, Facebook, Telegram, GitHub, and even government portals.

Data breaches

Data breaches Identity Theft Passwords Malware

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Education

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader.

Government

Government Cyber threats Phishing Malware

Russia-linked APT29 group used red team tools in rogue RDP attacks

Security Affairs

DECEMBER 18, 2024

In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware.

Phishing

Phishing Government Firewall VPN

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. Image: FBI.

Antivirus

Antivirus Hacking Government Software

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses GAI has captured the attention of researchers and investors for its transformative potential across industries. GAI is also a boon for attackers seeking financial gain. As the technology evolves, so will its misuse.

Artificial Intelligence

Artificial Intelligence Phishing Media Cybercrime

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 8, 2024

Now He Wants to Help You Escape, Too Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Artificial Intelligence

Artificial Intelligence Spyware Hacking Ransomware

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website.

Malware

Malware Government Encryption Hacking

Russia-linked APT TAG-110 uses targets Europe and Asia

Security Affairs

NOVEMBER 25, 2024

The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe. Used by TAG-110, it targets government and research entities to extract sensitive data and monitor systems. CHERRYSPY, a Python backdoor, enables encrypted data exfiltration using RSA and AES.

Malware

Malware Encryption Phishing Government

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. Related: How China challenged Google in Operation Aurora.

Hacking

Hacking Passwords Firewall Internet

GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked

Penetration Testing

MAY 13, 2025

A sophisticated phishing campaign has exploited compromised Indiana state government accounts to distribute fraudulent toll collection messages via The post GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked appeared first on Daily CyberSecurity.

Scams

Scams Government Accountability Hacking

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs

APRIL 21, 2025

Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER.

Malware

Malware Phishing Encryption Hacking

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses.

Encryption

Encryption Identity Theft Media Telecommunications

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] us , a site unabashedly dedicated to helping people hack email and online gaming accounts. Don’t settle for a ‘hack’; this is your career, let’s do it right!

Hacking

Hacking Accountability Data breaches Marketing

Formula 1 governing body discloses data breach after email hacks

Bleeping Computer

JULY 3, 2024

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [.]

Government

Government Data breaches Hacking Phishing

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts. .”

Government

Government Phishing Hacking Malware

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. 9, 2024, U.S. On July 28 and again on Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. Organizations should adopt secure password storage, phishing-resistant MFA, session token limits, and Role-Based Access Control (RBAC).

Telecommunications

Telecommunications Government Mobile Cyber threats

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Smishing Triad )

Social Engineering

Social Engineering Phishing Banking DNS

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. ” continues the report. .”

Government

Government Authentication Phishing Hacking

US Federal agencies fall prey to Phishing Scam via Remote Management Software

CyberSecurity Insiders

JANUARY 25, 2023

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software.

Scams

Scams Software Phishing Social Engineering

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch The logic of the raid mainly comes down to using unsecured RDP ports or spear-phishing to infiltrate networks and gain a foothold in them. inch diskettes.

Ransomware

Ransomware Hacking Encryption Penetration Testing

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Security Affairs

AUGUST 29, 2023

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. According to Mandiant, starting as early as October 10, 2022, the UNC4841 group sent spear-phishing emails to victim organizations. reads the report published by Mandiant. At the end of July, the U.S.

Government

Government Hacking Malware Accountability

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Trending Sources

US Government Sites Give Bad Security Advice

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Storm-2372 used the device code phishing technique since August 2024

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Russia-linked APT Star Blizzard targets WhatsApp accounts

CERT-UA warns of a phishing campaign targeting government entities

New Hacking-for-Hire Company in India

FBI shared a list of phishing domains associated with the LabHost PhaaS platform

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Chinese man charged for spear-phishing against NASA and US Government

France links Russian APT28 to attacks on dozen French entities

Researchers discovered the largest data breach ever, exposing 16 billion login credentials

Russian Phobos ransomware operator faces cybercrime charges

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Russia-linked APT29 group used red team tools in rogue RDP attacks

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

How threat actors can use generative artificial intelligence?

Security Affairs newsletter Round 501 by Pierluigi Paganini – INTERNATIONAL EDITION

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Russia-linked APT TAG-110 uses targets Europe and Asia

U.S. Indicts North Korean Hackers in Theft of $200 Million

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Americans urged to use encrypted messaging after large, ongoing cyberattack

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Formula 1 governing body discloses data breach after email hacks

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Cybercriminals Use Azure Front Door in Phishing Attacks

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Zimbra zero-day exploited to steal government emails by four groups

US Federal agencies fall prey to Phishing Scam via Remote Management Software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Stay Connected