Tag: blizzard
-
Russian national charged in connection with Void Blizzard cyberespionage campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-national-charged-in-connection-with-void-blizzard-cyber-espionage-campaign
-
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations
A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and compromised EdgeRouters to enable resilient cyber operations. This shift amplifies APT28’s long-standing focus on NATO, Ukrainian and critical-infrastructure targets by moving key capabilities from traditional cloud VPS and commodity hosting into…
-
Russian national charged in connection with Void Blizzard espionage campaign
Denis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S. companies as part of the Kremlin-linked group’s sprawling espionage operation.\ First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-national-charged-void-blizzard-cyber-espionage/
-
Hacker linked to Void Blizzard faces charges over cyberespionage campaign
Denis Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday after being transferred to U.S. custody from Thailand, where he was arrested last November. First seen on therecord.media Jump to article: therecord.media/hacker-linked-to-void-blizzard-faces-charges
-
Hacker linked to Void Blizzard faces charges over cyberespionage campaign
Denis Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday after being transferred to U.S. custody from Thailand, where he was arrested last November. First seen on therecord.media Jump to article: therecord.media/hacker-linked-to-void-blizzard-faces-charges
-
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
-
Russian hackers turn Kazuar backdoor into modular P2P botnet
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-turn-kazuar-backdoor-into-modular-p2p-botnet/
-
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture
Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espionage. Originally identified as a traditional backdoor, Kazuar has steadily transformed into a sophisticated ecosystem that prioritizes resilience, low visibility, and flexible…
-
Russia’s Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Heard of fileless malware? How about malwareless cyber espionage? Russia’s APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-forest-blizzard-logins-soho-routers
-
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX.”PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control,” Trend Micro First seen on…
-
Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying
Microsoft Threat Intelligence reveals how Russian hacking group Forest Blizzard uses home routers for DNS hijacking and spying. First seen on hackread.com Jump to article: hackread.com/russian-forest-blizzard-hackers-hijack-home-routers/
-
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
-
Russian Threat Actors Abuse Home Routers in Expanding DNS Hijacking Wave
Russian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and spy on organizations worldwide. Microsoft Threat Intelligence recently exposed this massive global campaign by a group known as Forest Blizzard, which has already impacted over 200 organisations and 5,000 consumer devices. Forest Blizzard is a sophisticated state-sponsored threat…
-
Feds quash widespread Russia-backed espionage network spanning 18,000 devices
Forest Blizzard, a threat group attributed to Russia’s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services. First seen on cyberscoop.com Jump to article: cyberscoop.com/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade/
-
CERT-UA reports PLUGGYAPE cyberattacks on defense forces
CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the attack with medium confidence to the Russian-linked group Void Blizzard (aka Laundry Bear, UAC-0190), active…
-
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025.The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed…
-
Snowflake update caused a blizzard of failures worldwide
Customers in 10 of the company’s 23 regions had “operations fail or take an extended amount of time to complete.” First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/snowflake_update_caused_a_blizzard/
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russische APT-Gruppe greift westliche KRITIS-Betreiber an
Tags: access, apt, authentication, backup, blizzard, cloud, credentials, cve, cyberattack, cyberespionage, infrastructure, intelligence, kritis, malware, mfa, mssp, router, service, threat, veeam, vpn, vulnerability, zero-dayEine russische Cyberspionage-Kampagne zielt auf Energieversorger.Das Team von Amazon Threat Intelligence stellte fest, dass eine vom russischen Staat geförderte Cyberspionagegruppe vermehrt Energieunternehmen und Anbieter kritischer Infrastrukturen (KRITIS) ins Visier genommen hat.Die Gruppe ist demnach seit mindestens 2021 aktiv und hat es vor allem auf Fehlkonfigurationen von Geräten abgesehen. Die Angreifer nutzen aber auch bekannte Schwachstellen…
-
Russian Hackers Launch Attacks on Network Edge Devices in Western Critical Infrastructure
Tags: attack, blizzard, cyber, hacker, infrastructure, intelligence, network, russia, threat, vulnerabilityRussian state-sponsored hackers are intensifying attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant tactical shift as 2025 comes to a close. According to new insights from Amazon Threat Intelligence, this campaign linked with high confidence to Russia’s Main Intelligence Directorate (GRU) and the Sandworm/APT44/Seashell Blizzard cluster has deprioritized overt vulnerability…
-
Russian Hackers Launch Attacks on Network Edge Devices in Western Critical Infrastructure
Tags: attack, blizzard, cyber, hacker, infrastructure, intelligence, network, russia, threat, vulnerabilityRussian state-sponsored hackers are intensifying attacks on misconfigured network edge devices across Western critical infrastructure, marking a significant tactical shift as 2025 comes to a close. According to new insights from Amazon Threat Intelligence, this campaign linked with high confidence to Russia’s Main Intelligence Directorate (GRU) and the Sandworm/APT44/Seashell Blizzard cluster has deprioritized overt vulnerability…
-
Russian suspect detained in Thailand is allegedly tied to Void Blizzard group
More details are emerging about a 35-year-old Russian man arrested by Thai police in Phuket earlier this month with reported help from the FBI. First seen on therecord.media Jump to article: therecord.media/russian-arrested-thailand-allegedly-void-blizzard-apt-member
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
New LOSTKEYS Malware Tied to Russian State-Sponsored Hacker Group COLDRIVER
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. After details of LOSTKEYS surfaced, COLDRIVER (also tracked as UNC4057, Star Blizzard, and Callisto) pivoted away from the compromised malware.…
-
5 steps for deploying agentic AI red teaming
Tags: access, ai, application-security, attack, automation, blizzard, business, cloud, control, data, defense, exploit, framework, gartner, governance, infrastructure, malicious, open-source, RedTeam, risk, risk-assessment, service, software, threat, tool, zero-trustFive steps to take towards implementing agentic red teaming: 1. Change your attitude Perhaps the biggest challenge for agentic red teaming is adjusting your perspective in how to defend your enterprise. “The days where database admins had full access to all data are over,” says Suer. “We need to have a fresh attitude towards data…