Tag: russia
-
Russian Coldriver Hackers Deploy New ‘NoRobot’ Malware
The Coldriver hacking group reportedly shifted its operation quickly after the May 2025 public disclosure of its LostKeys malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-coldriver-hackers-new/
-
Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases
Russian hackers stole and leaked MoD files on eight RAF and Navy bases, exposing staff data in a “catastrophic” cyberattack via Dodd Group breach. Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident…
-
ColdRiver Drops Fresh Malware on Targets
The Russia-backed threat actor’s latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/coldriver-drops-fresh-malware-targets
-
UK Ministry of Defense Probes Military Contractor Data Leak
Ransomware Group Lynx Reportedly Stole 4TB of Data. The U.K. Ministry of Defense is investigating an apparent data breach by Russian-speaking ransomware hackers of a building facilities contractor with ties to the military. The Lynx ransomware group posted on its darkweb site samples of what it says is 4 terabytes of data stolen from the…
-
CAPI Backdoor targets Russia’s auto and e-commerce sectors
A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. >>SEQRITE Labs Research Team has recently uncovered a…
-
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
Tags: access, attack, authentication, breach, china, control, corporate, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, flaw, framework, government, group, hacker, identity, infrastructure, intelligence, Intruder, korea, microsoft, monitoring, network, ransomware, reverse-engineering, risk, russia, supply-chain, tactics, technology, theft, threat, vulnerability, zero-day, zero-trustChina or Russia? Conflicting attribution: Microsoft attributed the broader wave of SharePoint exploitations to three Chinese-linked groups: Linen Typhoon, Violet Typhoon, and a third actor it tracks as Storm-2603. The company said the attackers were preparing to deploy Warlock ransomware across affected systems.However, the source familiar with the Kansas City incident tells CSO that a…
-
‘I lost 25 pounds in 20 days’: what it’s like to be on the frontline of a global cyber-attack
The security chief of SolarWinds reflects on the Russian hack that exposed US government agencies and the heart attack he suffered in the aftermathTim Brown will remember 12 December 2020 for ever.It was the day the software company SolarWinds was notified it had been hacked by Russia. <a href=”https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health”>Continue reading… First seen on theguardian.com Jump…
-
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based…
-
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses
Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerabilityF5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
-
Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook
Chaos Theory and Ransomware’s Love Child Serves Up Nonstop Unpredictability All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.…
-
Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook
Chaos Theory and Ransomware’s Love Child Serves Up Nonstop Unpredictability All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.…
-
Madman Theory Drives Crazy Scattered Lapsus$ Hunters Playbook
Chaos Theory and Ransomware’s Love Child Serves Up Nonstop Unpredictability All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.…
-
Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
Dutch prosecutors suspect three teens of aiding a foreign power, with one allegedly linked to a Russian-affiliated hacker group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teen-russian-hacking-group-ties/
-
APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents
Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents a significant evolution in APT28’s tactics, leveraging legitimate cloud infrastructure and novel obfuscation techniques to…
-
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi? First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/chinese_russian_cyber_espionage/
-
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi? First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/chinese_russian_cyber_espionage/
-
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack
China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by…
-
China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2
The post China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-jewelbug-apt-breaches-russian-it-provider-for-5-months-using-yandex-cloud-and-graph-api-c2/
-
Chinese Actor Targets Russian IT Provider
Symantec Says It Spotted Likely Supply Chain Hack. Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-actor-targets-russian-provider-a-29738
-
Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America.The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks…
-
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
-
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
-
Pro-Russia TwoNet Hacktivists Target Water Utility Honeypot
Today’s Hapless Hackers Are Tomorrow’s Threat, Warns Forescout. A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant – but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30. First seen on govinfosecurity.com Jump to…
-
Pro-Russian TwoNet Hacktivists Target Water Utility Honeypot
Today’s Hapless Hackers Are Tomorrow’s Threat, Warns Forescout. A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant – but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30. First seen on govinfosecurity.com Jump to…
-
Pro-Russian TwoNet Hacktivists Target Water Utility Honeypot
Today’s Hapless Hackers Are Tomorrow’s Threat, Warns Forescout. A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant – but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30. First seen on govinfosecurity.com Jump to…
-
Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium
The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium/
-
Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium
The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium/
-
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
Tags: access, attack, breach, corporate, credentials, cyber, cybercrime, exploit, login, malware, marketplace, russia, threatThe online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and each compromised login represents a potential gateway into corporate systems. Threat actors routinely purchase credentials to launch credential-based attacks that…
-
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
Tags: access, attack, breach, corporate, credentials, cyber, cybercrime, exploit, login, malware, marketplace, russia, threatThe online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and each compromised login represents a potential gateway into corporate systems. Threat actors routinely purchase credentials to launch credential-based attacks that…