Tag: military
-
India-Pakistan Conflicts Escalating: Military Operations and DDoS Attacks Making Targeted Strikes
Background On May 7, 2025, NSFOCUS Fuying Lab released “Two-Front Confrontation: Parallel Narratives of India-Pakistan Reality Friction and Cyber DDoS Attacks”, which analyzed the DDoS attack activities in the early stage of India-Pakistan friction. This article is the second in this series, mainly analyzing the DDoS attack activities against India after May 7. May 7,…The…
-
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users…
-
Output Messenger flaw exploited as zero-day in espionage attacks
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/
-
India Tells Financial Sector to Strengthen Cyber Defenses
Old Visuals, AI Deepfakes and Fake Claims Go Viral Amid Escalating Conflict. Misinformation is going viral in India as the New Delhi government called Friday on the financial sector to strengthen cyber defenses amid growing military activity along the Pakistani border. Tensions between the two countries ratcheted significantly upward Friday. First seen on govinfosecurity.com Jump…
-
India-Pakistan conflict underscores your C-suite’s need to prepare for war
Tags: business, ciso, communications, conference, cyber, cyberattack, data-breach, disinformation, government, india, infrastructure, military, network, russia, service, supply-chain, ukraine, update, usa, vulnerabilityHow the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in…
-
Quantum supremacy: Cybersecurity’s ultimate arms race has China way in front
Tags: ai, authentication, automation, backup, banking, breach, business, china, ciso, computing, control, crypto, cryptography, cybersecurity, data, encryption, finance, government, healthcare, identity, infrastructure, jobs, military, ml, nist, risk, service, skills, technology, threat, update, vulnerability, zero-dayThe DeepSeek/Qwen factor: What we learned from recent AI advances, such as DeepSeek and Qwen, that caught the world by surprise is that China’s technology is much more advanced than anyone anticipated. I’d argue that this is a leading indicator that China’s quantum computing capabilities are also in absolute stealth-mode development and ahead of the…
-
Ukraine detains alleged FSB agent recruited via TikTok for spying on military
A 43-year-old woman was reportedly tasked with identifying and photographing the positions of Ukrainian forces near the front-line town of Pokrovsk, currently one of the most active combat zones. First seen on therecord.media Jump to article: therecord.media/ukraine-arrests-fsb-agent-spying-recruited-tiktok
-
State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape
Tags: attack, cyber, cybersecurity, government, group, india, infrastructure, military, russia, threat, ukraineGlobal cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts: BlackJack, Handala Group, Indian Cyber Force, and NoName057(16). Critical infrastructure, including government, military, transportation, logistics,…
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-ties-russian-apt28-hackers-to-12-cyberattacks-on-french-orgs/
-
France blames Russian military intelligence for years of cyberattacks on local entities
In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities. First seen on therecord.media Jump to article: therecord.media/france-blames-russian-military-intelligence-for-hacks-against-local-orgs
-
France says Russian hackers behind attack on Macron’s 2017 presidential campaign
Foreign ministry says Russian military intelligence has attacked a dozen French entities since 2021 including a TV stationFrance has accused Russian military intelligence of carrying out a massive <a href=”https://www.theguardian.com/world/2017/may/06/emmanuel-macron-targeted-by-hackers-on-eve-of-french-election”>cyber-attack on Emmanuel Macron’s first presidential campaign in 2017 as well as several other recent major hacks, including on a TV station and an organisation involved…
-
New Android spyware is targeting Russian military personnel on the front lines
Trojanized mapping app steals users’ locations, contacts, and more. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/russian-military-personnel-on-the-front-lines-targeted-with-new-android-spyware/
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools
The China-sponsored hacking group, Mustang Panda, has been uncovered by Zscaler ThreatLabz to employ new techniques and tools, including the updated backdoor ToneShell and a novel tool named StarProxy, to evade endpoint detection and response (EDR) systems. Mustang Panda’s New Techniques Mustang Panda, known for targeting government and military entities primarily in East Asia, has…
-
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
-
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in late February 2025 and continued into March, signifies Shuckworm’s persistent focus on Ukrainian entities and…
-
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
-
Tainted drive appears to be source of malware attack on Western military mission in Ukraine
Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine. First seen on therecord.media Jump to article: therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine
-
Shuckworm’s Sophisticated Cyber Campaign Targets Ukraine Military Mission
Russia-linked espionage group Shuckworm (also known as Gamaredon or Armageddon) has launched a renewed and more sophisticated cyber campaign targeting a foreign military mission based in Ukraine, according to a detailed report by the Symantec Threat Hunter Team. This latest wave of activity, which began in February 2025 and continued through March, underscores Shuckworm’s relentless…
-
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first…
-
Rogue RDP: Abusing RDP for File Theft and Espionage
A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
-
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware.The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said.The attacks involve distributing phishing emails First seen on thehackernews.com Jump…
-
Trump Fires NSA, Cyber Command Chief, Fueling Security Fears
Officials Warn Trump’s Abrupt Firings Severely Weaken National Cyber Defenses. President Donald Trump fired National Security Agency and Cyber Command chief Gen. Timothy Haugh after a meeting with far-right conspiracy theorist Laura Loomer, sparking concerns among cybersecurity experts and lawmakers that the dismissals weaken national cyber defenses and military readiness. First seen on govinfosecurity.com Jump…
-
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools
Seashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide. Associated with Russia’s Military Intelligence Unit 74455 (GRU), this group has been active since at least 2009, focusing on sectors such as energy, telecommunications, government, military, manufacturing, and retail. Their operations often involve long-term access…
-
Veterans are an obvious fit for cybersecurity, but tailored support ensures they succeed
Security is built into just about any military role: “Veterans make great cybersecurity specialists, because they’ve had security-focused roles, whether physical or information security, no matter what branch of the service they were in,” says Bryan Radliff, a 31-year veteran of the US Army who now serves as the CyberVets program manager in the Onward…
-
Evolution and Growth: The History of Penetration Testing
The history of penetration testing begins with military strategies used to test enemy defenses. Over time, this evolved into a formal practice for identifying vulnerabilities in computer systems. This article traces the brief history of of penetration testing, from its early conceptual roots in military exercises, through the rise of ‘Tiger Teams’ in the 1970s,……
-
How an Interdiction Mindset Can Help Win War on Cyberattacks
The US military and law enforcement learned to outthink insurgents. It’s time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/how-interdiction-mindset-cyberattacks