Researchers find over 40,000 stolen logins for government portals

Russian cybersecurity firm Group-IB discovered login credentials for over 40,000 accounts that unlock government services in more than 30 countries. The credentials were harvested via phishing attacks that distributed spyware tools such as Pony Formgrabber, AZORult, and Qbot. It is believed the logins may have already been sold on underground hacking forms. As the researchers pointed out, “Even one compromised government employee’s account can lead to the theft of commercial or state secrets.” Other cybersecurity news: Seedworm group backdoors telecoms, IT firms and more; 131 victims so far. A cyber-espionage group dubbed Seedworm managed to compromise 131 victims with its Powermud backdoor from late September to mid-November. The backdoor, part of the group’s MuddyWater campaign, steals credentials. Symantec researchers revealed that telecommunications providers and IT services sectors were hit the hardest, although oil and gas production, embassies, universities, and public health agencies were also targeted.