government-backed attacks – WindowsTechs.com

Faraway Russian hackers breached US organization via Wi-Fi

Posted on November 25, 2024 by Zeljka Zorz

Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s e… Continue reading Faraway Russian hackers breached US organization via Wi-Fi→

Private US companies targeted by Stonefly APT

Posted on October 3, 2024 by Zeljka Zorz

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly … Continue reading Private US companies targeted by Stonefly APT→

FBI forced Flax Typhoon to abandon its botnet

Posted on September 19, 2024 by Zeljka Zorz

A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operati… Continue reading FBI forced Flax Typhoon to abandon its botnet→

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

Posted on August 29, 2024 by Zeljka Zorz

Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and Jul… Continue reading Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites→

US offers $10 million for information on indicted WhisperGate malware suspect

Posted on June 27, 2024 by Help Net Security

A federal grand jury in Maryland returned an indictment charging a Russian citizen with conspiracy to hack into and destroy computer systems and data. If convicted, he faces a maximum penalty of five years in prison. The U.S. Department of State’s Rewa… Continue reading US offers $10 million for information on indicted WhisperGate malware suspect→

20,000 FortiGate appliances compromised by Chinese hackers

Posted on June 12, 2024 by Zeljka Zorz

Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Militar… Continue reading 20,000 FortiGate appliances compromised by Chinese hackers→

MITRE breach details reveal attackers’ successes and failures

Posted on May 8, 2024 by Zeljka Zorz

MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN ap… Continue reading MITRE breach details reveal attackers’ successes and failures→

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

Posted on April 24, 2024 by Zeljka Zorz

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Tal… Continue reading Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)→

A “cascade” of errors let Chinese hackers into US government inboxes

Posted on April 3, 2024 by Zeljka Zorz

Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The sto… Continue reading A “cascade” of errors let Chinese hackers into US government inboxes→