Tag: russia
-
Meet LockBit 5.0: Faster ESXi drive encryption, better at evading detection
the Windows binary uses heavy obfuscation and packing: it loads its payload through DLL reflection while implementing anti-analysis techniques like Event Tracing for Windows (ETW) patching and terminating security services;the Linux variant maintains similar functionality with command-line options for targeting specific directories and file types;the ESXi variant specifically targets VMware virtualization environments, and is designed…
-
Teens arrested by Dutch police reportedly suspected of spying for Russia
Reports said two boys arrested in the Netherlands are suspected of working on behalf of pro-Russian hackers outside prominent buildings in The Hague. First seen on therecord.media Jump to article: therecord.media/teens-arrested-netherlands-reportedly-suspected-cyber-espionage-russia
-
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new “lightweight” malware families tracked as BAITSWITCH and SIMPLEFIX.Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a First…
-
Researchers say media outlet targeting Moldova is a Russian cutout
Tags: russiaREST Media has garnered millions of views on social media for its content targeting Moldova’s EU-friendly leadership. Researchers say it’s a pro-Kremlin operation. First seen on cyberscoop.com Jump to article: cyberscoop.com/researchers-say-media-outlet-targeting-moldova-is-russian-cutout/
-
UK chancellor Putin the blame on Russia for cyber chaos, but evidence says otherwise
Reeves points finger at Moscow in interview when authorities reckon it’s local lads First seen on theregister.com Jump to article: www.theregister.com/2025/09/23/reeves_blames_russia_cyberattacks/
-
Russia Leveraging Cyber-Attacks as a Strategic Weapon Against Key Industries in Major Nations
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has become a central battleground for international conflict. Russia is leveraging cyber-attacks to alleviate economic pressure from international sanctions and to enhance its war-fighting capabilities, targeting key industries in major countries around the globe. In November…
-
Russia steps up disinformation efforts to sway Moldova’s parliamentary vote
Russia is reportedly ramping up covert influence operations ahead of Moldova’s parliamentary election in an alleged attempt to block its path to the European Union. First seen on therecord.media Jump to article: therecord.media/russia-steps-disinfo-moldova-election
-
ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
Tags: attack, cyberattack, cybersecurity, finance, group, hacker, hacking, malware, phishing, russiaOrganizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025.The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published last week.The attack chain involves First seen…
-
Fake Ukrainian Police Emails Spread New CountLoader Malware Loader
A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker. First seen on hackread.com Jump to article: hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/
-
Fake Ukrainian Police Emails Spread New CountLoader Malware Loader
A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker. First seen on hackread.com Jump to article: hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/
-
Russian Hackers Join Forces: Gamaredon + Turla Target Ukraine
ESET reports FSB-linked Gamaredon and Turla collaborating in cyberattacks on Ukraine. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/russian-hackers-join-forces-gamaredon-turla-target-ukraine/
-
MI6 Opens Dark Web Portal >>Silent Courier<< for Russians to Share Secrets
The UK’s spy agency, MI6, has launched a new dark web portal called Silent Courier to securely recruit agents worldwide, particularly from Russia. Learn how this shift to the dark web marks a new era in modern espionage and national security. First seen on hackread.com Jump to article: hackread.com/mi6-dark-web-portal-silent-courier-russia-secrets/
-
ESET uncovers GamaredonTurla collaboration in Ukraine cyberattacks
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous…
-
New Botnet Exploits Simple DNS Flaws That Leads to Massive Cyber Attack
Cybersecurity researchers have uncovered a sophisticated Russian botnet operation that leveraged DNS misconfigurations and compromised MikroTik routers to deliver malware through massive spam campaigns. The discovery reveals how threat actors exploited simple DNS errors to bypass email security protections and distribute malicious payloads on a global scale. The investigation began in November 2024 when researchers…
-
Two of the Kremlin’s most active hack groups are collaborating, ESET says
Turla is getting a helping hand from Gamaredon. Both are units of Russia’s FSB. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/two-of-the-kremlins-most-active-hack-groups-are-collaborating-eset-says/
-
Russian spy groups Turla, Gamaredon join forces to hack Ukraine, researchers say
Slovak cybersecurity firm ESET said it had detected four cases in which both groups compromised the same Ukrainian machines. First seen on therecord.media Jump to article: therecord.media/russian-spy-groups-turla-gamaredon-target-ukraine
-
Russian Nation-State Hackers Join Forces to Target Ukraine
First-Ever Malware Tie-Up Spotted Between FSB’s Turla and Gamaredon Hacking Groups. Two long-running advanced persistent threat groups tied to Russia’s Federal Security Service, the FSB, called Turla and Gamaredon, appear for the first time to be running a joint cyberespionage operation using their separate malware arsenals, designed to hit high-value targets in Ukraine. First seen…
-
Russia’s main airport in St. Petersburg says its website was hacked
Tags: russiaRussia’s aviation sector continues to report digital disruptions, with the latest affecting the website of one of its busiest airports. First seen on therecord.media Jump to article: therecord.media/russia-pulkovo-airport-st-petersburg-website-hacked
-
Russia’s main airport in St. Petersburg says its website was hacked
Tags: russiaRussia’s aviation sector continues to report digital disruptions, with the latest affecting the website of one of its busiest airports. First seen on therecord.media Jump to article: therecord.media/russia-pulkovo-airport-st-petersburg-website-hacked
-
Russian State Hackers Collaborate in Attacks Against Ukraine
ESET found that the FSB-affiliated groups, Gamaredon and Turla, are sharing tools to help conduct espionage attacks against Ukrainian organizations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-state-hackers-collaborate/
-
Russian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor
Silhouetted hooded figures represent Russian hackers operating under the auspices of the FSB against targeted organizations. Two prominent Russian state-sponsored hacking groups, Gamaredon and Turla, have been observed collaborating in sophisticated cyberattacks targeting Ukrainian organizations to deploy the advanced Kazuar backdoor. New evidence reveals an unprecedented level of coordination between these Federal Security Service (FSB)…
-
Russian Airline Hit by Cyberattack, Website and Systems Disrupted
Russian regional carrier KrasAvia is grappling with a major IT outage after what appears to be a cyberattack. Passengers have been unable to buy tickets online, and flight operations have been forced to switch to manual procedures. The airline confirmed the disruption to local media but has not provided a timeline for restoring normal service.…
-
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities.Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group’s Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely…
-
Researchers believe Gamaredon and Turla threat groups are collaborating
ESET Research has discovered evidence of collaboration between the Gamaredon and Turla threat groups. Both groups are linked to Russia’s primary intelligence agency, the FSB, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/19/gamaredon-turla-threat-groups-collaborating/
-
Russian regional airline disrupted by suspected cyberattack
Siberia-based airline KrasAvia experienced some outages to digital services in an incident that bears similarities to one that Ukraine-aligned hackers claimed in late July. First seen on therecord.media Jump to article: therecord.media/russia-krasavia-airline-disrupted-suspected-cyberattack
-
The Hidden War Above: How GPS Jamming Exposes Our Digital Vulnerabilities
Every day, thousands of flights cross the skies above the Baltic Sea. Pilots expect their GPS systems to guide them safely through busy air corridors, just as they have for decades. But since Russia’s invasion of Ukraine in 2022, something has changed. Navigation screens flicker with false readings. Aircraft suddenly lose their bearings. Pilots find..…
-
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT.”CountLoader is being used either as part of an Initial Access Broker’s (IAB) toolset or by a ransomware…
-
Russian CopyCop Network Expands: 200+ Fake News Sites Target US, Canada, and France
The Russian covert influence network known as CopyCop has significantly expanded its disinformation operations, creating over 200 new fake websites since March 2025 to target audiences in the United States, France, and Canada. Digital fingerprint over the Russian flag symbolizing Russian GRU cyber espionage and influence operations This dramatic escalation represents the largest documented expansion…