Tag: russia
-
DarkWatchman cybercrime malware returns on Russian networks
by
in SecurityNewsA financially motivated group tracked as Hive0117 recently attacked multiple Russian industries with a retooled version of DarkWatchman malware, researchers said. First seen on therecord.media Jump to article: therecord.media/darkwatchman-malware-russia-cybercrime-hive0117
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
by
in SecurityNews
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Grinex exchange suspected rebrand of sanctioned Garantex crypto firm
by
in SecurityNewsA new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/cryptocurrency/grinex-exchange-suspected-rebrand-of-sanctioned-garantex-crypto-firm/
-
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
by
in SecurityNewsToday, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-ties-russian-apt28-hackers-to-12-cyberattacks-on-french-orgs/
-
France blames Russian military intelligence for years of cyberattacks on local entities
by
in SecurityNewsIn a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities. First seen on therecord.media Jump to article: therecord.media/france-blames-russian-military-intelligence-for-hacks-against-local-orgs
-
France says Russian hackers behind attack on Macron’s 2017 presidential campaign
by
in SecurityNewsForeign ministry says Russian military intelligence has attacked a dozen French entities since 2021 including a TV stationFrance has accused Russian military intelligence of carrying out a massive <a href=”https://www.theguardian.com/world/2017/may/06/emmanuel-macron-targeted-by-hackers-on-eve-of-french-election”>cyber-attack on Emmanuel Macron’s first presidential campaign in 2017 as well as several other recent major hacks, including on a TV station and an organisation involved…
-
Enterprise-specific zero-day exploits on the rise, Google warns
by
in SecurityNews
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
UK bans game controller exports to Russia in bid to ground drone attacks
by
in SecurityNewsMoscow likely to respawn elsewhere First seen on theregister.com Jump to article: www.theregister.com/2025/04/26/uk_russia_controller_drone_attack/
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
by
in SecurityNewsTrend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
New Android spyware is targeting Russian military personnel on the front lines
by
in SecurityNewsTrojanized mapping app steals users’ locations, contacts, and more. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/russian-military-personnel-on-the-front-lines-targeted-with-new-android-spyware/
-
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
by
in SecurityNewsRussian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/
-
UK bans export of video game controllers to Russia to hinder attack drone pilots
by
in SecurityNewsIn a sanctions package including more than 150 new measures, the British government said it was closing loopholes being exploited by the Kremlin. First seen on therecord.media Jump to article: therecord.media/uk-bans-video-game-controllers
-
Booby-trapped Alpine Quest Android app geolocates Russian soldiers
by
in SecurityNewsBack of the nyet! First seen on theregister.com Jump to article: www.theregister.com/2025/04/24/hacked_alpine_quest_android_app/
-
Chinese hackers target Russian govt with upgraded RAT malware
by
in SecurityNewsChinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/
-
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/midnight-european-diplomats-wine/
-
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
by
in SecurityNewsThe Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
-
China Plans Expanded Cybersecurity Cooperation with Russia
by
in SecurityNewsChina has announced a significant step forward in its partnership with Russia, with plans to expand their cooperation in the field of cybersecurity. In an article published by Sputnik News, Chinese Ambassador to Russia Zhang Hanhui outlined Beijing’s intention to deepen its collaboration, emphasizing the shared importance both countries place on digital security and the…
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
by
in SecurityNewsResearchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
Russia-linked APT29 targets European diplomats with new malware
by
in SecurityNewsWINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts
by
in SecurityNewsLegal battle: As it stands, the allegations are being made by one individual, and the evidence behind them has yet to be examined independently.In a statement to NPR, an NLRB representative said that while Berulis had raised concerns within the agency, an investigation had “determined that no breach of agency systems occurred.”That said, it won’t…
-
Anonymous Releases 10TB of Leaked Data Targeting Russia
by
in SecurityNewsRecently, the hacktivist collective Anonymous has claimed responsibility for a sweeping cyberattack against Russia, releasing a staggering 10 First seen on securityonline.info Jump to article: securityonline.info/anonymous-releases-10tb-of-leaked-data-targeting-russia/
-
Whistleblower describes DOGE IT dept rampage at America’s labor watchdog
Ignored infosec rules, exfiltrated data “¦ then the mysterious login attempts from a Russian IP address began claim First seen on theregister.com Jump to article: www.theregister.com/2025/04/17/whistleblower_nlrb_doge/
-
CVE program averts swift end after CISA executes 11-month contract extension
by
in SecurityNews
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
BidenCash Market Dumps 1 Million Stolen Credit Cards on Russian Forum
by
in SecurityNewsBidenCash dumps almost a million stolen credit card records on Russian forum, exposing card numbers, CVVs, and expiry dates in plain text with no cardholder names. First seen on hackread.com Jump to article: hackread.com/bidencash-market-leak-credit-cards-russian-forum/
-
Russians lure European diplomats into malware trap with wine-tasting invite
by
in SecurityNewsVintage phishing varietal has improved with age First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/cozy_bear_grapeloader/