Tag: russia
-
Hackers exploit 3D design software to target game developers, animators
Russia-linked hackers are exploiting 3D design tools to infect animators, game developers and visual effects studios with information-stealing malware, according to new research. First seen on therecord.media Jump to article: therecord.media/hackers-blender-software-malware
-
Threat Actors Use Fake Update Lures to Deploy SocGholish Malware
In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the first documented instance of RomCom payloads being distributed through SocGholish’s infrastructure, signaling a dangerous convergence…
-
Threat Actors Use Fake Update Lures to Deploy SocGholish Malware
In a significant escalation of cyber threats, Arctic Wolf Labs has identified a coordinated campaign in which the Russian-aligned RomCom threat group leverages the SocGholish malware to target a U.S.-based engineering firm with suspected ties to Ukraine. This marks the first documented instance of RomCom payloads being distributed through SocGholish’s infrastructure, signaling a dangerous convergence…
-
New ClickFix attacks use fake Windows Update screens to fool employees
Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
-
Rare APT Collaboration Emerges Between Russia and North Korea
Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-russia-north-korea-apt-collab/
-
Russia-aligned hackers target US company in attack linked to Ukraine war effort
A threat group called RomCom has a history of cyberattacks against entities connected to the conflict. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russia-hackers-us-company-attack-ukraine-war/806423/
-
With Friends Like These: China Spies on Russian IT Orgs
State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-spies-russian-it-orgs
-
Russia arrests young cybersecurity entrepreneur on treason charges
Details of the case are classified, but Russian media say Timur Kilin may have drawn official ire after publicly criticizing the state-owned messaging app Max and the government’s anti-cybercrime legislation. First seen on therecord.media Jump to article: therecord.media/russia-arrests-tech-entrepreneur-treason
-
Morphisec warns StealC V2 malware spread through weaponized blender files
StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
-
Morphisec warns StealC V2 malware spread through weaponized blender files
StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
-
Russian and North Korean Hackers Forge Global Cyberattack Alliance
Tags: cyber, cyberattack, group, hacker, infrastructure, korea, lazarus, north-korea, russia, threat, warfareState-sponsored hackers from Russia and North Korea are collaborating on shared infrastructure, marking a significant shift in cyber geopolitics. Security researchers have uncovered evidence suggesting that Gamaredon, a Russia-aligned advanced persistent threat (APT) group, and Lazarus, North Korea’s primary cyber warfare unit, may be operating jointly a development with profound implications for global security. Russia…
-
Russian spy ship theories sink after Orkney blackout traced to wind farm fault
Timing of Yantar’s visit sparked gossip, but engineers point to a misbehaving protection system First seen on theregister.com Jump to article: www.theregister.com/2025/11/25/russian_warship_fears_orkney/
-
Malicious Blender model files deliver StealC infostealing malware
A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-blender-model-files-deliver-stealc-infostealing-malware/
-
Hackers knock out systems at Moscow-run postal operator in occupied Ukraine
Donbas Post, which operates in the Russian-controlled parts of Donetsk and Luhansk, said the incident affected its corporate network, web platform and email systems. The company had restricted access to several services to contain the breach and was working to restore operations. First seen on therecord.media Jump to article: therecord.media/hackers-knock-out-systems-russia-operated-post-ukraine
-
Russian-linked Malware Campaign Hides in Blender 3D Files
Morphisec has observed a new operation embedding StealC V2 malware in Blender project files, targeting users via 3D assets and launching a multi-stage infection chain First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-malware-blender-3d-files/
-
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
Tags: attack, china, cloud, cyber, cyberattack, government, group, russia, service, technology, threatThe China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time.”In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions for…
-
SEC Ends SolarWinds Suit After Major Legal Setbacks
High-Profile Case Ends After Judge Guts SEC’s Cyber Fraud Allegations. The SEC has dropped its remaining claims against SolarWinds and CISO Tim Brown, ending a controversial cyber fraud lawsuit that aimed to expand securities law to cover operational security failures tied to the 2020 Russian hacking campaign. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sec-ends-solarwinds-suit-after-major-legal-setbacks-a-30101
-
SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO
The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers. First seen on securityboulevard.com…
-
SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO
The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers. First seen on securityboulevard.com…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
China’s APT31 linked to hacks on Russian tech firms
Moscow-based Positive Technologies says a China-linked group tracked as APT31 appears to be responsible for breaches of entities in Russia’s tech sector. First seen on therecord.media Jump to article: therecord.media/russia-report-apt31-china-linked-hacks
-
Russia-linked crooks bought a bank for Christmas to launder cyber loot
UK cops trace street-level crime to sanctions-busting networks tied to Moscow’s war economy First seen on theregister.com Jump to article: www.theregister.com/2025/11/21/russia_cybercrime_bank_purchase/
-
Allies Sanction Russian Network Behind Major Cyberattacks
The UK, US, and Australia sanctioned Media Land, a Russian network enabling major cyberattacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/allies-sanction-russian-network-behind-major-cyberattacks/
-
Russian money launderers bought a bank to disguise ransomware profit
A billion-dollar money laundering network active in the UK funnelled money, including the profits of ransomware attacks, into its own bank to circumvent sanctions on Russia and help fund its attacks on Ukraine First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634571/Russian-money-launderers-bought-a-bank-to-disguise-ransomware-profit
-
UK drug funds flowed into bank tied to Russian spy services, military
The NCA on Friday confirmed that a money laundering network under investigation was used to purchase Keremet Bank in Kyrgyzstan, which was sanctioned earlier this year. First seen on therecord.media Jump to article: therecord.media/uk-drug-funds-flowed-into-bank-tied-to-russia
-
SEC drops case against SolarWinds tied to monumental breach
The Securities and Exchange Commission on Thursday dropped its case against SolarWinds and its chief information security officer over its handling of an alleged Russian cyberespionage campaign uncovered in 2020, an incident that penetrated at least nine federal agencies and hundreds of companies. The SEC’s decision brings to a halt one of the more divisive…
-
Tsundere Botnet Targets Windows, Linux macOS via Node.js Packages
A Russian-speaking threat actor attributed to the username >>koneko