Cyber Security Informer

TAG-70 Spying Campaign Targets Europe, Iran

Penetration Testing

FEBRUARY 17, 2024

The ongoing war in Ukraine has intensified an already complex world of cyberwarfare, and groups like TAG-70 underscore the urgent need to counter state-sponsored espionage actors. Also operating under names like Winter Vivern, TA473,... The post TAG-70 Spying Campaign Targets Europe, Iran appeared first on Penetration Testing.

Penetration Testing

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

The Hacker News

SEPTEMBER 26, 2023

A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations.

Government

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Government

Government Social Engineering Engineering Hacking

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

The Hacker News

OCTOBER 31, 2023

The threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets.

Spyware

Spyware Malware

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Media Accountability Software

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Dark Reading

MARCH 29, 2023

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Government

Government Spyware Surveillance Marketing

Google Threat Analysis Group took down ten influence operations in Q2 2020

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. response to COVID-19.

Accountability

Accountability Advertising Media Government

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer. TAG also identified other documents that were used to exploit the same vulnerability, the experts speculate they may be part of the same campaign. CVE-2017-0199 ).

Internet

Internet Internet Engineering Malware

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware

Spyware Surveillance Firmware Internet

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG. ” concludes TAG.

Ransomware

Ransomware Cybercrime Government Media

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

The Hacker News

APRIL 17, 2023

The tech giant's Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is

Media

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

DDOS

DDOS Phishing Government Hacking

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

The Hacker News

MARCH 29, 2023

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed.

Spyware

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium , Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S.

Government

Government Phishing DDOS Hacking

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The researchers uncovered a phishing campaign conducted by a Russia-linked threat actor tracked as COLDRIVER (aka Calisto ) against a NATO Centre of Excellence and Eastern European militaries. ” concludes Google.

Phishing

Phishing Accountability Government Hacking

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Accountability

Accountability Malware Phishing Social Engineering

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

The Hacker News

APRIL 19, 2023

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war.

Phishing

120 Compromised Ad Servers Target Millions of Internet Users

The Hacker News

APRIL 20, 2021

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Internet

Internet Internet Advertising Malware

Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems

The Hacker News

DECEMBER 14, 2022

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags.

Malware

Malware Hacking Phishing

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp. .

Spyware

Spyware Surveillance Mobile Hacking

New Kritec Magecart skimmer found on Magento stores

Malwarebytes

MARCH 22, 2023

In the listed indicators of compromise, we noticed domains that we had seen used in a distinct skimming campaign which didn't seem to be documented yet. Kritec campaign Akamai notes that they identified multiple compromised websites that had similarities. We believe this is a different campaign and threat actor altogether.

Users in Italy and Kazakhstan Targeted by Spyware Provider

Heimadal Security

JUNE 24, 2022

Every campaign that TAG was made aware of began with […]. What Happened? The post Users in Italy and Kazakhstan Targeted by Spyware Provider appeared first on Heimdal Security Blog.

Spyware

Spyware Mobile Cybersecurity

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Government Phishing Passwords

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. China is working hard here too. government.

Government

Government Engineering Phishing Hacking

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The watering hole campaign targeted websites of a media outlet and important pro-democracy labor and political group. Pierluigi Paganini.

Malware

Malware Media Surveillance Encryption

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

CSO Magazine

MARCH 31, 2023

"The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices," researchers with Google's Threat Analysis Group (TAG) said in a report detailing the attack campaigns.

Spyware

Spyware Mobile Surveillance Manufacturing

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance

Surveillance Mobile Spyware Telecommunications

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

Researchers at Google’s Threat Analysis Group (TAG) have published their findings about a group they have dubbed Coldriver. In December 2023, the US charged two Russians believed to be members of this group, for their role in a campaign that hacked government accounts. TAG has created a YARA rule that cab help find the Spica backdoor.

Social Engineering

Social Engineering Government Media DNS

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

The Hacker News

MARCH 8, 2022

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine.

Phishing

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT and Media Firms

The Hacker News

MARCH 25, 2022

Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. based organizations

Media

Media Government

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

The Hacker News

OCTOBER 21, 2021

That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting

Accountability

Accountability Cryptocurrency Scams Phishing

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

The Hacker News

SEPTEMBER 7, 2022

Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022.

Cybercrime

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs

DECEMBER 1, 2019

Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. ” reads the report published by Google TAG.”We SecurityAffairs – Google TAG, state-sponsored hacking). Pierluigi Paganini.

Phishing

Phishing Accountability Advertising Cyber Attacks

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

Heimadal Security

OCTOBER 19, 2021

Two malicious accounts used by threat actors in a seemingly North Korean cyber-espionage campaign were suspended by Twitter. The ones who initially discovered this campaign that is still developing were the TAG […].

Accountability

Accountability Malware Cybersecurity

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware

Spyware Cyber Insurance Hacking Advertising

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

Heimadal Security

OCTOBER 21, 2021

According to Google, YouTube influencers have been targeted with password-stealing malware in a phishing campaign allegedly conducted by Russian-speaking cybercriminals. According to them, the YouTube creators have been targeted […].

Accountability

Accountability Phishing Passwords Malware

DMARC Setup & Configuration: Step-By-Step Guide

eSecurity Planet

JUNE 1, 2023

To avoid issues, we need to understand the DMARC record tags in detail. DMARC Record Tags in Detail To understand the DMARC record, we start with an example record and then explore the detailed options for each tag. Tags are separated by semicolons ( ; ) with no extra spaces.

DNS

DNS Authentication Marketing eCommerce

Russia’s SVR WellMess Malware Is Seemingly Still in the Game

Heimadal Security

AUGUST 2, 2021

In July 2020, a joint advisory was published that revealed a Russian espionage campaign named APT29 or Cozy Bear, seen also as an extension of SVR (Russia’s Foreign Intelligence Services). Presidency accused Russian […].

Malware

Malware Cybersecurity

Exposing a Massive Anti-NSA Chinese Themed Online Influence and Propaganda Campaign – An OSINT Analysis

Security Boulevard

DECEMBER 3, 2022

Based on my most recent analysis on online influence and Chinese themed propaganda campaigns I've just intercepted a what appears to be a live Chinese-themed online influence and propaganda campaign targeting the NSA including the U.S hxxp://twitter.com/BritneyZucker1. hxxp://twitter.com/Bridget14179557. Stay tuned!

Surveillance

Surveillance Accountability

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code.

Retail

Retail Security Intelligence Hacking Software

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

The Hacker News

JANUARY 26, 2021

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development.

Media

Media Internet Internet Government

TAG-70 Spying Campaign Targets Europe, Iran

Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

Webinars

Trending Sources

Zimbra zero-day exploited to steal government emails by four groups

Webinars

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

North Korea-linked threat actors target cybersecurity experts with a zero-day

Google TAG warns of Russia-linked APT groups targeting Ukraine

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google Threat Analysis Group took down ten influence operations in Q2 2020

APT37 used Internet Explorer Zero-Day in a recent campaign

Google TAG shares details about exploit chains used to install commercial spyware

Ex-members of the Conti ransomware gang target Ukraine

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

Google blocked China-linked APT31’s attacks targeting U.S. Government

Google TAG details cyber activity with regard to the invasion of Ukraine

YouTube creators’ accounts hijacked with cookie-stealing malware

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

120 Compromised Ad Servers Target Millions of Internet Users

Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

New Kritec Magecart skimmer found on Magento stores

Users in Italy and Kazakhstan Targeted by Spyware Provider

China-linked APT Curious Gorge targeted Russian govt agencies

China-linked threat actors are targeting the government of Ukraine

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Coldriver threat group targets high-ranking officials to obtain credentials

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT and Media Firms

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

Google warned 12K+ users targeted by state-sponsored hackers

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

DMARC Setup & Configuration: Step-By-Step Guide

Russia’s SVR WellMess Malware Is Seemingly Still in the Game

Exposing a Massive Anti-NSA Chinese Themed Online Influence and Propaganda Campaign – An OSINT Analysis

A new Magecart campaign hides the malicious code in 404 error page

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

Stay Connected