Collecting Cyber-News from over 60 sources

Tag: russia

Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations

May 26, 2026 5:00 PM

Tags: cyber, cyberattack, disinformation, infrastructure, russia

Investigators seized more than 800 servers as they arrested two men suspected of violating European sanctions and assisting pro-Russian cyberattacks and disinformation campaigns. First seen on therecord.media Jump to article: therecord.media/dutch-authorities-arrest-suspects-over-russian-cyber-operations
Chinese phishing gangs grow into a force to be reckoned with

May 26, 2026 5:00 PM

Tags: china, cybercrime, google, phishing, russia, service, threat

Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/chinese-language-phishing-services/
Kremlin appoints cyber executive with alleged GRU ties to Security Council role

May 26, 2026 1:00 PM

Tags: cyber, cybersecurity, defense, russia

Andrei Kozlov, the former head of a cybersecurity center within Russia’s state-owned defense conglomerate Rostec, was named an aide to Security Council Secretary Sergei Shoigu on Friday. First seen on therecord.media Jump to article: therecord.media/andrei-kozlov-appointed-russia-security-council
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist

May 26, 2026 8:00 AM

Tags: ai, credentials, crypto, cyber, hacking, russia, theft, threat

Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, all operated by a single threat actor using a fake “patriot” persona. Trend Micro researchers recently documented how a solo Russian-speaking criminal, tracked as “bandcampro,” abused a compromised Gemini setup to automate content, hacking…
Authorities seize 800 servers used for cyberattacks and disinformation

May 25, 2026 4:00 PM

Tags: cyberattack, disinformation, russia

Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/25/dutch-seize-800-servers-russian-linked-infrastructure/
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions

May 25, 2026 3:00 PM

Tags: apt, cloud, cyber, espionage, government, group, russia, threat, windows

A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on compromised systems. Observed throughout 2025 and continuing into 2026, the activity primarily targets government and commercial entities in Russia and…
Netherlands Busts Bulletproof Hosting Network Linked to Disinformation and Cybercrime

May 25, 2026 2:00 PM

Tags: cybercrime, disinformation, network, russia

Dutch authorities arrested two suspects after dismantling a bulletproof hosting network linked to cybercrime, disinfo, and Russian sanctions evasion. First seen on hackread.com Jump to article: hackread.com/netherlands-busts-bulletproof-hosting-disinfo-cybercrime/
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation

May 25, 2026 12:00 PM

Tags: crime, cyberattack, disinformation, finance, network, russia

Dutch authorities arrested two suspects and seized 800 servers tied to Stark Industries, a hosting firm linked to cyberattacks and disinformation. Dutch financial crime investigators arrested two men and seized 800 servers connected to Stark Industries, a hosting provider accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities said the suspects supported Russian and…
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops

May 25, 2026 9:00 AM

Tags: blizzard, cyber, defense, espionage, government, group, malware, russia, spyware, threat, tool

A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
Russian Hackers Exploit RDP, VPNs, Supply Chains for Initial Access

May 22, 2026 3:00 PM

Tags: access, cyber, defense, exploit, government, group, hacker, infrastructure, network, russia, social-engineering, supply-chain, threat, vpn

Russian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and sophisticated social engineering to gain initial access to targeted networks across government, critical infrastructure, and commercial sectors. This multi-vector approach allows them to bypass perimeter defenses, blend in with legitimate traffic, and maintain long-term…
Europe dismantles VPN service used by cybercriminals to hide ransomware attacks

May 21, 2026 4:00 PM

Tags: attack, cybercrime, international, law, ransomware, russia, service, vpn

The international operation targeted a service known as First VPN, which had been marketed for years on Russian-speaking cybercrime forums as a secure way for criminals to evade law enforcement. First seen on therecord.media Jump to article: therecord.media/europe-dismantles-first-vpn
Ukraine says Russia is deploying AI-powered malware on the battlefield

May 20, 2026 4:00 PM

Tags: ai, cyber, defense, malware, russia, social-engineering, ukraine

A new report from Ukraine’s National Security and Defense Council says Russia’s use of AI across cyber operations expanded dramatically over the past year, reshaping everything from social engineering campaigns to malware development and creating what Ukrainian officials describe as a growing imbalance between attackers and defenders. First seen on therecord.media Jump to article: therecord.media/ukraine-says-russia-using-ai-malware-on-battlefield
Ukraine says Russia is deploying AI-powered malware on the battlefield

May 20, 2026 4:00 PM

Tags: ai, cyber, defense, malware, russia, social-engineering, ukraine

A new report from Ukraine’s National Security and Defense Council says Russia’s use of AI across cyber operations expanded dramatically over the past year, reshaping everything from social engineering campaigns to malware development and creating what Ukrainian officials describe as a growing imbalance between attackers and defenders. First seen on therecord.media Jump to article: therecord.media/ukraine-says-russia-using-ai-malware-on-battlefield
Void Botnet Leverages Ethereum for Resilient C2

May 20, 2026 11:00 AM

Tags: blockchain, botnet, control, cyber, cybercrime, infrastructure, russia

A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled cybercrime. Discovered in March 2026 and advertised on a Russian-language cybercrime forum, Void Botnet follows closely behind the earlier Aeternum C2 campaign documented by Qrator Labs, but introduces notable differences…
Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown

May 18, 2026 9:00 PM

Tags: ai, china, control, nvidia, russia

US export-control cases show how Nvidia chips and other restricted tech are allegedly diverted to China and Russia through shell firms and intermediaries. The post Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-nvidia-ai-chip-smuggling-export-controls-apac/
Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer

May 18, 2026 2:00 PM

Tags: adobe, apt, attack, cyber, cyberattack, email, finance, phishing, rat, russia, threat

A sophisticated Russian-language threat cluster known asPaper Werewolf(also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a phishing email carrying a PDF attachment. Embedded inside the PDF is a URL pointing to a ZIP archive named…
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

May 16, 2026 8:00 PM

Tags: access, apt, backdoor, botnet, control, detection, group, malware, microsoft, russia, tool

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

May 16, 2026 8:00 PM

Tags: access, apt, backdoor, botnet, control, detection, group, malware, microsoft, russia, tool

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

May 16, 2026 8:00 PM

Tags: access, apt, backdoor, botnet, control, detection, group, malware, microsoft, russia, tool

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

May 16, 2026 8:00 PM

Tags: access, apt, backdoor, botnet, control, detection, group, malware, microsoft, russia, tool

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
Russian hackers turn Kazuar backdoor into modular P2P botnet

May 16, 2026 5:00 PM

Tags: backdoor, blizzard, botnet, data, group, hacker, russia

The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-turn-kazuar-backdoor-into-modular-p2p-botnet/
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

May 15, 2026 8:00 PM

Tags: access, backdoor, botnet, cybersecurity, group, hacking, infrastructure, russia, service

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB) First…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture

May 15, 2026 9:00 AM

Tags: backdoor, blizzard, botnet, cyber, group, malware, microsoft, resilience, russia

Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espionage. Originally identified as a traditional backdoor, Kazuar has steadily transformed into a sophisticated ecosystem that prioritizes resilience, low visibility, and flexible…
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts

May 14, 2026 5:02 PM

Tags: data-breach, espionage, government, group, hacker, russia, spyware

A group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/14/a-spyware-investigator-exposed-russian-government-hackers-trying-to-hijack-signal-accounts/
Sandworm Hackers Shift From IT Breaches to Critical OT Targets

May 14, 2026 4:00 PM

Tags: breach, cyber, group, hacker, network, russia, technology, threat

A new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn that the Russian state-backed threat actor is no longer just infiltrating IT networks it is actively pivoting into operational technology (OT) environments where real-world disruption becomes possible. The findings are based on…
Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware

May 12, 2026 2:19 PM

Tags: github, russia, spyware

Operation HumanitarianBait uses fake aid documents, GitHub-hosted payloads, and Python spyware to target Russian-speaking victims. First seen on hackread.com Jump to article: hackread.com/operation-humanitarianbait-fake-aid-docs-python-spyware/
The British public need to be better prepared for emergencies | Letter

May 7, 2026 7:47 PM

Tags: attack, china, cyber, data-breach, disinformation, iran, resilience, russia, supply-chain, threat, warfare

<strong>Jean Coussins</strong> says a cross-party Lords committee has been tasked with coming up with a plan to normalise resilience in our everyday livesYour editorial (<a href=”https://www.theguardian.com/commentisfree/2026/may/01/the-guardian-view-on-britains-fragile-systems-when-global-shocks-hit-your-shopping-bill”>Britain’s fragile systems: when global shocks hit your shopping bill, 1 May) makes clear that the public need to be more fully informed about global threats and actively engaged in…
Polish intelligence warns hackers attacked water treatment control systems

May 7, 2026 3:48 PM

Tags: control, country, cyber, group, hacker, intelligence, russia, service

The agency did not publicly attribute the incidents to a specific group or country but said Poland faced intensified hostile cyber activity in 2024 and 2025, “with particular emphasis on the special services of the Russian Federation.” First seen on therecord.media Jump to article: therecord.media/polish-intelligence-warns-hackers-attacked-water-treatment