Tag: blizzard

BadPilot network hacking campaign fuels Russian SandWorm attacks

Feb 12, 2025 6:55 PM

Tags: attack, blizzard, government, group, hacking, network, russia

A subgroup of the Russian state-sponsored hacking group APT44, also known as ‘Seashell Blizzard’ and ‘Sandworm’, has been targeting critical organizations and governments in a multi-year campaign dubbed ‘BadPilot.’ First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/badpilot-network-hacking-campaign-fuels-russian-sandworm-attacks/
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries

Feb 12, 2025 6:55 PM

Tags: access, attack, blizzard, cyber, group, hacking, infrastructure, Internet, microsoft, network, russia

A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe.”This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations,” the First seen on…
HPE employees alerted of Midnight Blizzard hack

Feb 10, 2025 9:55 PM

Tags: blizzard

First seen on scworld.com Jump to article: www.scworld.com/brief/hpe-employees-alerted-of-midnight-blizzard-hack
Over A Dozen HPE Employees Alerted of Midnight Blizzard Attack

Feb 10, 2025 9:55 PM

Tags: attack, blizzard

First seen on scworld.com Jump to article: www.scworld.com/brief/over-a-dozen-hpe-employees-alerted-of-midnight-blizzard-attack
HPE issues breach notifications for 2023 Midnight Blizzard attack

Feb 10, 2025 5:55 PM

Tags: attack, blizzard, breach, email, hacker, office, russia

Russian state-sponsored hackers compromised the tech giant’s Office 365 email environment. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hpe-issues-breach-notifications-for-2023-midnight-blizzard-attack/739674/
EU Sanctions Three Russians For 2020 Cyber-Attack on Estonia

Jan 28, 2025 1:36 PM

Tags: attack, blizzard, cyber, hacker, russia

The three Russian hackers are believed to be part of Unit 29155 of the GRU, also known as Cadet Blizzard, Ember Bear and Ruinous Ursa First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/eu-sanctions-russians-2020/
Star Blizzard: WhatsApp-Kontoübernahme durch Phishing-Kampagne

Jan 22, 2025 4:22 PM

Tags: blizzard, microsoft, phishing

Microsoft berichtet von einer Phishing-Kampagne der kriminellen Gruppe Star Blizzard. Sie versucht, WhatsApp-Konten zu übernehmen. First seen on heise.de Jump to article: www.heise.de/news/Star-Blizzard-WhatsApp-Kontouebernahme-durch-Phishing-Kampagne-10252402.html
Hacker nehmen Diplomaten ins Visier

Jan 22, 2025 9:22 AM

Tags: blizzard, hacker, phishing, spear-phishing

Die russische Hackergruppe Star Blizzard hat offenbar eine neue Spear-Phishing-Kampagne gestartet, um WhatsApp-Accounts von hochrangigen Diplomaten und politisch aktiven Personen zu kompromittieren. First seen on 8com.de# Jump to article: www.8com.de#
Star Blizzard Shifts Tactics: Spear-Phishing Campaign Targets WhatsApp Accounts

Jan 20, 2025 5:22 AM

Tags: blizzard, intelligence, microsoft, phishing, russia, spear-phishing, tactics, threat

Microsoft Threat Intelligence has uncovered a new spear-phishing campaign orchestrated by the Russian threat actor known as Star First seen on securityonline.info Jump to article: securityonline.info/star-blizzard-shifts-tactics-spear-phishing-campaign-targets-whatsapp-accounts/
Star Blizzard hackers abuse WhatsApp to target high-value diplomats

Jan 19, 2025 6:22 PM

Tags: blizzard, defense, hacker, international, phishing, russia, spear-phishing, ukraine

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/star-blizzard-hackers-abuse-whatsapp-to-target-high-value-diplomats/
The 2024 cyberwar playbook: Tricks used by nation-state actors

Dec 25, 2024 7:43 AM

Tags: access, ai, apt, at&t, attack, authentication, backdoor, blizzard, botnet, breach, china, cisa, cloud, control, credentials, cve, cvss, cyber, cybersecurity, data, ddos, defense, detection, email, espionage, exploit, flaw, fortinet, google, government, group, hacker, hacking, healthcare, india, infrastructure, iran, ivanti, linux, login, malicious, malware, mfa, microsoft, mobile, network, offense, office, open-source, password, phishing, powershell, remote-code-execution, router, russia, service, social-engineering, software, spear-phishing, spy, strategy, supply-chain, tactics, theft, threat, tool, unauthorized, update, vpn, vulnerability, warfare, windows, worm, zero-day

In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless, they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros.”There was definitely a continued and noted uptick in nation-state activity in…
Russia-linked APT29 group used red team tools in rogue RDP attacks

Dec 19, 2024 12:42 AM

Tags: attack, blizzard, cyber, cyberattack, data, email, espionage, government, group, malicious, phishing, RedTeam, russia, tool, ukraine

Russia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The…
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

Dec 18, 2024 4:42 PM

Tags: attack, blizzard, email, group, malicious, phishing, RedTeam, russia, tool

The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/midnight-blizzard-taps-phishing-email-rogue-rdp-nets
Russian APT >>Secret Blizzard<< Leverages Cybercriminal Tools in Ukraine Attacks

Dec 16, 2024 5:42 AM

Tags: apt, attack, blizzard, cybercrime, intelligence, microsoft, russia, threat, tool, ukraine

A new report from Microsoft Threat Intelligence reveals that the Russian state-sponsored threat actor known as Secret Blizzard (also tracked as Turla, Waterbug, Venomous Bear, Snake, Turla Team, and Turla... First seen on securityonline.info Jump to article: securityonline.info/russian-apt-secret-blizzard-leverages-cybercriminal-tools-in-ukraine-attacks/
Russia Used Borrowed Spyware to Target Ukrainian Troops

Dec 13, 2024 12:05 AM

Tags: backdoor, blizzard, data, group, hacker, intelligence, microsoft, military, russia, spy, spyware, threat, ukraine

Secret Blizzard Used Third-party Amadey Bots to Hack Ukrainian Military Devices. A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian military units, according to a report from the Microsoft threat intelligence team. First seen on…
For Russian spies, existing cybercrime tools become avenues into Ukrainian military devices

Dec 12, 2024 3:05 PM

Tags: blizzard, cybercrime, espionage, group, infrastructure, military, russia, tool, ukraine

A Kremlin-backed group tracked as Secret Blizzard or Turla recently used existing cybercrime infrastructure for an espionage campaign aimed at Ukrainian military devices.]]> First seen on therecord.media Jump to article: therecord.media/turla-secret-blizzard-russia-espionage-ukraine-cybercrime-tools
Russia takes unusual route to hack Starlink-connected devices in Ukraine

Dec 12, 2024 1:05 AM

Tags: blizzard, group, russia, ukraine

Secret Blizzard has used the resources of at least 6 other groups in the past 7 years. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/russia-takes-unusual-route-to-hack-starlink-connected-devices-in-ukraine/
Russian cyber spies hide behind other hackers to target Ukraine

Dec 11, 2024 10:05 PM

Tags: blizzard, cyber, espionage, group, hacker, infrastructure, military, russia, threat, ukraine

Russian cyber-espionage group Turla, aka “Secret Blizzard,” is utilizing other threat actors’ infrastructure to target Ukrainian military devices connected via Starlink. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-cyber-spies-hide-behind-other-hackers-to-target-ukraine/
Password Spraying verhindern in 4 Schritten

Dec 9, 2024 5:07 AM

Tags: access, authentication, blizzard, cloud, corporate, cyberattack, hacker, infrastructure, mail, mfa, microsoft, password, risk, service, update
Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Dec 6, 2024 3:49 PM

Tags: access, blizzard, control, cyber, government, group, hacker, intelligence, malware, network, russia, threat

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to the Pakistani group Storm-0156, which allows Secret Blizzard to access networks of Afghan government entities and Pakistani operators. They have deployed their own malware, TwoDash and Statuezy, and leveraged Storm-0156’s malware, Waiscot and CrimsonRAT, to gather intelligence on targeted networks, which…
Russian Hacker Secret Blizzard Hijack C2 Infrastructure in New Espionage Campaign

Dec 6, 2024 5:48 AM

Tags: blizzard, espionage, hacker, infrastructure, russia, threat

Lumen’s Black Lotus Labs has uncovered an elaborate campaign by the Russian threat actor Secret Blizzard (also known as Turla). This operation demonstrates their signature tradecraft of hijacking other groups’... First seen on securityonline.info Jump to article: securityonline.info/russian-hacker-secret-blizzard-hijack-c2-infrastructure-in-new-espionage-campaign/
Russian FSB Hackers Breach Pakistani APT Storm-0156

Dec 5, 2024 4:48 PM

Tags: apt, blizzard, breach, government, hacker, infrastructure, military, russia, threat

Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT’s infrastructure, and stole the same kinds of info it targets in South Asian government and military victims. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156
Russian Hackers Exploit Rival Attackers’ Infrastructure for Espionage

Dec 5, 2024 1:48 PM

Tags: apt, blizzard, cyber, cybercrime, espionage, exploit, hacker, infrastructure, microsoft, russia

Microsoft has found that Russian APT Secret Blizzard piggybacks on other cybercriminals’ infr4asytructure to conduct cyber espionage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russia-hackers-exploit-rival/
Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Dec 5, 2024 11:49 AM

Tags: apt, blizzard, group, infrastructure, intelligence, microsoft, russia, threat, tool

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla,Snake,Uroburos,Waterbug,Venomous BearandKRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the…
Russian FSB Hackers Breach Pakistan’s APT Storm-0156

Dec 4, 2024 11:48 PM

Tags: apt, blizzard, breach, government, hacker, infrastructure, military, russia, threat

Parasitic advanced persistent threat Secret Blizzard accesses another APT’s infrastructure and steals what it has stolen from South Asian government and military targets. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

Dec 1, 2024 4:20 AM

Tags: blizzard, phishing, spear-phishing

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
Faraway Russian hackers breached US organization via Wi-Fi

Nov 25, 2024 6:08 PM

Tags: blizzard, computer, group, hacker, intelligence, military, russia, service, threat, wifi

Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/25/enterprise-wi-fi-compromised/
How to Prevent Evilginx Attacks Targeting Entra ID

Nov 23, 2024 3:55 PM

Tags: access, advisory, attack, authentication, blizzard, cisa, credentials, cyber, framework, group, mfa, phishing, russia, threat, tool, unauthorized
‘Midnight Blizzard’ Targets Networks With Signed RDP Files

Nov 7, 2024 2:01 PM

Tags: access, blizzard, data, group, intelligence, network, russia

The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operatio… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/midnight-blizzard-targets-networks-signed-rdp-files
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations

Nov 6, 2024 11:01 PM

Tags: attack, blizzard, phishing, spear-phishing

First seen on techrepublic.com Jump to article: www.techrepublic.com/article/midnight-blizzard-spearphishing-us-officials/