Tag: blizzard
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-secret-blizzard-espionage-embassies-moscow/
-
Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-secret-blizzard-apt-embassy-isps
-
LAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts
The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, this campaign targeted Ukraine’s security and defense sectors earlier this month, initiating with spearphishing emails dispatched…
-
Inside Laundry Bear: Unveiling Infrastructure, Tactics, and Procedures
Dutch intelligence agencies AIVD and MIVD, alongside Microsoft Threat Intelligence, have identified Laundry Bear also tracked as Void Blizzard as a sophisticated Russian state-sponsored advanced persistent threat (APT) group active since at least April 2024. This actor has focused on espionage operations against NATO countries, Ukraine, and various organizations including the Dutch police, a Ukrainian…
-
Microsoft launches European Security Program to counter nation-state threats
Tags: access, ai, attack, blizzard, cloud, control, country, crime, crimes, cyber, cybercrime, cybersecurity, framework, google, government, group, infrastructure, intelligence, malicious, malware, microsoft, network, open-source, resilience, russia, service, strategy, threat, vulnerabilityThree-component strategy: The European Security Program will operate through three main components designed to strengthen continental cyber defenses.The first element centers on enhanced threat intelligence sharing, where Microsoft will provide European governments with AI-enhanced, real-time insights into nation-state tactics.The company’s Digital Crimes Unit will expand intelligence sharing through the Cybercrime Threat Intelligence Program, giving European…
-
One hacker, many names: Industry collaboration aims to fix cyber threat label chaos
Tags: advisory, attack, blizzard, china, corporate, country, crowdstrike, cyber, cybersecurity, group, guide, hacker, india, intelligence, international, microsoft, risk, russia, threatBuilding a translation guide, not a standard: The collaboration is analyst-driven, focusing on harmonizing known adversary profiles through direct cooperation between the companies’ threat research teams. Already, the effort has led to alignment on more than 80 threat actors, confirming connections that had previously been uncertain.The companies describe their effort as creating a “Rosetta Stone”…
-
Void Blizzard nimmt NATO-Organisationen ins Visier
Tags: access, api, authentication, blizzard, cloud, cyberattack, cyberespionage, edr, fido, framework, governance, government, hacker, intelligence, mail, malware, mfa, microsoft, open-source, passkey, password, phishing, risk, siem, spear-phishing, threat, tool, ukraineRussische Hacker ändern ihre Taktik von Passwort-Spraying zu Phishing, aber ihre Ziele innerhalb der NATO bleiben gleich.Seit über einem Jahr hat es eine neue Cyberspionage-Gruppe, die mit der russischen Regierung in Verbindung stehen soll, auf Unternehmen aus verschiedenen Branchen innerhalb der NATO abgesehen. Die Gruppe wird von Microsoft Threat Intelligence ‘Void Blizzard” genannt. Die niederländischen…
-
Russian hackers Void Blizzard step up espionage campaign
First seen on scworld.com Jump to article: www.scworld.com/news/russian-hackers-void-blizzard-step-up-espionage-campaign
-
New Russian State Hacking Group Hits Europe and North America
A newly-discovered Russian group, Void Blizzard, has successfully compromised organizations in critical industries, Microsoft warned First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-state-group-europe-america/
-
Void Blizzard: New Russian Cyberespionage Group Targets NATO and Ukraine
Microsoft Threat Intelligence has identified a cyberespionage campaign by a newly recognized Russia-affiliated actor named Void Blizzard, also First seen on securityonline.info Jump to article: securityonline.info/void-blizzard-new-russian-cyberespionage-group-targets-nato-and-ukraine/
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
-
Microsoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT Sectors
Microsoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of global cloud abuse activities orchestrated by a threat actor tracked as Void Blizzard, also known as LAUNDRY BEAR. Assessed with high confidence to be Russia-affiliated, Void Blizzard has been active since at least April 2024, focusing its cyberespionage operations on NATO…
-
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government…
-
Russian Void Blizzard cyberspies linked to Dutch police breach
A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/
-
Orchestrierte Cyberangriffe sowohl auf IT- als auch auf cyberphysische Systeme
Am 21. Mai 2025 gaben der Bundesnachrichtendienst (BND), das Bundesamt für Sicherheit in der Informationstechnik (BSI) und das Bundesamt für Verfassungsschutz (BfV) gemeinsam mit internationalen Partnern wie der US-amerikanischen National Security Agency (NSA) ein Joint-Cybersecurity-Advisory über die Cyberaktivitäten der russischen GRU-Einheit 26165 heraus. Die auch als Fancy-Bear, Sofacy und Forest-Blizzard bekannte Gruppe greift aktuell vor…
-
Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers
Tags: blizzard, cyber, cyberespionage, cybersecurity, email, exploit, group, hacker, malicious, russia, vulnerability, xssA sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to the Russian-linked Sednit group-also known as APT28, Fancy Bear, and Forest Blizzard-this operation targets high-value webmail servers using cross-site scripting (XSS) vulnerabilities. Active since at least 2004, Sednit has a notorious history, including alleged involvement…
-
Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information
The Google Threat Intelligence Group (GTIG) has uncovered a sophisticated new malware dubbed LOSTKEYS, attributed to the Russian government-backed threat actor COLDRIVER, also known as UNC4057, Star Blizzard, and Callisto. Active since at least December 2023, with significant campaigns observed in January, March, and April 2025, LOSTKEYS represents a notable evolution in COLDRIVER’s toolkit, which…
-
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/midnight-european-diplomats-wine/
-
New Midnight Blizzard spear-phishing campaign targets European diplomatic orgs
First seen on scworld.com Jump to article: www.scworld.com/brief/new-midnight-blizzard-spear-phishing-campaign-targets-european-diplomatic-orgs
-
Wein, Politik und Spionage: Russische Hacker greifen europäische Diplomaten an
Im Januar 2025 entdeckten die Sicherheitsexperten von Check Point Research eine besorgniserregende Welle von Phishing-Angriffen, die gezielt gegen europäische Regierungsbeamte und Diplomaten gerichtet sind. Im Zentrum der Attacken steht eine raffinierte russische Hackergruppe: APT29, auch bekannt als Midnight Blizzard oder Cozy Bear dieselben Akteure, die hinter dem berüchtigten SolarWinds-Hack standen. First seen on it-daily.net Jump…
-
APT29 Hackers Use GRAPELOADER in New Attack Against European Diplomats
Check Point Research (CPR) has uncovered a new targeted phishing campaign employing GRAPELOADER, a sophisticated initial-stage downloader, launched by the notorious Russian-linked hacking group APT29, known alternatively as Midnight Blizzard or Cozy Bear. This campaign, identified since January 2025, primarily focuses on European governments and diplomatic entities. Campaign Overview APT29, recognized for its sophisticated cyber…
-
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/
-
Renewed APT29 Phishing Campaign Against European Diplomats
ighlights Introduction Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed toAPT29, a Russialinkedthreat group. APT29, also commonly referred to as Midnight Blizzard…
-
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools
Seashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide. Associated with Russia’s Military Intelligence Unit 74455 (GRU), this group has been active since at least 2009, focusing on sectors such as energy, telecommunications, government, military, manufacturing, and retail. Their operations often involve long-term access…
-
Emulating the Sophisticated Russian Adversary Seashell Blizzard
AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-sophisticated-russian-adversary-seashell-blizzard/
-
Permadeath: Bestimmte Tote in World of Warcraft werden wiedererweckt
Tot ist tot, jedenfalls im Hardcoremodus von World of Warcraft. Nun kündigt Blizzard erstmals Ausnahmen nach DDoS-Attacken an. First seen on golem.de Jump to article: www.golem.de/news/permadeath-bestimmte-tote-in-world-of-warcraft-werden-wiedererweckt-2503-194692.html
-
US Cybercom, CISA retreat in fight against Russian cyber threats: reports
Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threatPurported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…