Tag: blizzard
-
Russian suspect detained in Thailand is allegedly tied to Void Blizzard group
More details are emerging about a 35-year-old Russian man arrested by Thai police in Phuket earlier this month with reported help from the FBI. First seen on therecord.media Jump to article: therecord.media/russian-arrested-thailand-allegedly-void-blizzard-apt-member
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
New LOSTKEYS Malware Tied to Russian State-Sponsored Hacker Group COLDRIVER
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. After details of LOSTKEYS surfaced, COLDRIVER (also tracked as UNC4057, Star Blizzard, and Callisto) pivoted away from the compromised malware.…
-
5 steps for deploying agentic AI red teaming
Tags: access, ai, application-security, attack, automation, blizzard, business, cloud, control, data, defense, exploit, framework, gartner, governance, infrastructure, malicious, open-source, RedTeam, risk, risk-assessment, service, software, threat, tool, zero-trustFive steps to take towards implementing agentic red teaming: 1. Change your attitude Perhaps the biggest challenge for agentic red teaming is adjusting your perspective in how to defend your enterprise. “The days where database admins had full access to all data are over,” says Suer. “We need to have a fresh attitude towards data…
-
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amazon-disrupts-russian-apt29-hackers-targeting-microsoft-365/
-
Amazon blocks APT29 campaign targeting Microsoft device code authentication
Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes). Amazon experts labeled the attacks as an opportunistic watering hole campaign using compromised…
-
Microsoft deckt Secret Blizzard-Kampagne gegen Diplomaten auf
Kurzer Nachtrag von dieser Woche. Microsoft hat eine Kampagne der russischen Cybergruppe Secret Blizzard aufgedeckt und öffentlich gemacht. Die staatliche Gruppe nutzt eine Man-in-the-Middle-Position (AiTM), um eine maßgeschneiderte Malware ApolloShadow bei Botschaften in Moskau für Spionagezwecke einzusetzen. Microsoft Threat Intelligence … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/03/microsoft-deckt-secret-blizzard-kampagne-gegen-diplomaten-auf/
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/secret-blizzard-moscow-embassies/
-
Staatliche Akteure: Hacker infiltrieren Botschaften in Russland über Provider
Microsoft deckt Cyberattacken der Hackergruppe Secret Blizzard auf ausländische Botschaften auf. Die Angreifer nutzen russische Internetprovider. First seen on golem.de Jump to article: www.golem.de/news/staatliche-akteure-hacker-infiltrieren-botschaften-in-russland-ueber-provider-2508-198712.html
-
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…
-
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow.”ApolloShadow has the capability to install a trusted root certificate to…
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-secret-blizzard-espionage-embassies-moscow/
-
Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-secret-blizzard-apt-embassy-isps
-
LAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts
The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, this campaign targeted Ukraine’s security and defense sectors earlier this month, initiating with spearphishing emails dispatched…
-
Inside Laundry Bear: Unveiling Infrastructure, Tactics, and Procedures
Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on espionage operations against NATO countries, Ukraine, and various organizations including the Dutch police, a Ukrainian…
-
Microsoft launches European Security Program to counter nation-state threats
Tags: access, ai, attack, blizzard, cloud, control, country, crime, crimes, cyber, cybercrime, cybersecurity, framework, google, government, group, infrastructure, intelligence, malicious, malware, microsoft, network, open-source, resilience, russia, service, strategy, threat, vulnerabilityThree-component strategy: The European Security Program will operate through three main components designed to strengthen continental cyber defenses.The first element centers on enhanced threat intelligence sharing, where Microsoft will provide European governments with AI-enhanced, real-time insights into nation-state tactics.The company’s Digital Crimes Unit will expand intelligence sharing through the Cybercrime Threat Intelligence Program, giving European…
-
One hacker, many names: Industry collaboration aims to fix cyber threat label chaos
Tags: advisory, attack, blizzard, china, corporate, country, crowdstrike, cyber, cybersecurity, group, guide, hacker, india, intelligence, international, microsoft, risk, russia, threatBuilding a translation guide, not a standard: The collaboration is analyst-driven, focusing on harmonizing known adversary profiles through direct cooperation between the companies’ threat research teams. Already, the effort has led to alignment on more than 80 threat actors, confirming connections that had previously been uncertain.The companies describe their effort as creating a “Rosetta Stone”…
-
Void Blizzard nimmt NATO-Organisationen ins Visier
Tags: access, api, authentication, blizzard, cloud, cyberattack, cyberespionage, edr, fido, framework, governance, government, hacker, intelligence, mail, malware, mfa, microsoft, open-source, passkey, password, phishing, risk, siem, spear-phishing, threat, tool, ukraineRussische Hacker ändern ihre Taktik von Passwort-Spraying zu Phishing, aber ihre Ziele innerhalb der NATO bleiben gleich.Seit über einem Jahr hat es eine neue Cyberspionage-Gruppe, die mit der russischen Regierung in Verbindung stehen soll, auf Unternehmen aus verschiedenen Branchen innerhalb der NATO abgesehen. Die Gruppe wird von Microsoft Threat Intelligence ‘Void Blizzard” genannt. Die niederländischen…
-
Russian hackers Void Blizzard step up espionage campaign
First seen on scworld.com Jump to article: www.scworld.com/news/russian-hackers-void-blizzard-step-up-espionage-campaign
-
New Russian State Hacking Group Hits Europe and North America
A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-state-group-europe-america/
-
Void Blizzard: New Russian Cyberespionage Group Targets NATO and Ukraine
Microsoft Threat Intelligence has identified a cyberespionage campaign by a newly recognized Russia-affiliated actor named Void Blizzard, also First seen on securityonline.info Jump to article: securityonline.info/void-blizzard-new-russian-cyberespionage-group-targets-nato-and-ukraine/
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
-
Microsoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT Sectors
Microsoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of global cloud abuse activities orchestrated by a threat actor tracked as Void Blizzard, also known as LAUNDRY BEAR. Assessed with high confidence to be Russia-affiliated, Void Blizzard has been active since at least April 2024, focusing its cyberespionage operations on NATO…