Tag: russia
-
Spain Arrests Suspected Russian Hacktivist After FBI Tip
Investigators Say Suspect Supported CARR, Z-Pentest and NoName057(16). Spanish authorities, acting on FBI intelligence, arrested a man accused of supporting Cyber Army of Russia Reborn, Z-Pentest and NoName057(16), underscoring international efforts to dismantle Russian state-linked hacktivist networks targeting critical infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spain-arrests-suspected-russian-hacktivist-after-fbi-tip-a-32169
-
Spain arrests suspected member of pro-Russian hacktivist groups
The National Police in Spain have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spain-arrests-suspected-member-of-pro-russian-hacktivist-groups/
-
Attackers Exfiltrate AnyDesk Configuration Data via Blat SMTP in Aerospace Phishing Campaign
A targeted spear-phishing campaign that configures AnyDesk for silent, persistent remote access and exfiltrates its configuration using the Blat SMTP utility. The campaign uses an aerospace-themed invoice lure that impersonates the Russian research institute VNIIR via a freshly registered spoof domain (vniir-avia.space) and delivers a password-protected archive that, when opened, triggers a multi-stage dropper and…
-
AI-Generated Malware Powers New Armored Likho APT Campaign
Armored Likho APT uses AI-generated malware, phishing, and BusySnake Stealer to target governments and power grids in Russia, Kazakhstan, and Brazil. Kaspersky’s threat research team has documented a previously unknown APT group they’re calling Armored Likho, also tracked under the name Eagle Werewolf. The group runs two parallel tracks: financially motivated attacks against private individuals…
-
FBI and Spanish Police Arrest Alleged Cyber Army of Russia Reborn Member
Spanish police and the FBI arrested an alleged Cyber Army of Russia Reborn member as international efforts against pro Russia cyberattacks continue worldwide. First seen on hackread.com Jump to article: hackread.com/fbi-spanish-police-arrest-cyber-army-russia-reborn-member/
-
‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks
A threat group researchers call Armored Likho has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/busysnake-infostealer-critical-infrastructure-networks
-
Ukrainian media outlets now among ‘priority targets’ for Russian hackers
A top Ukrainian security official described two previously unreported attacks on TV media organizations and said Russia has ramped up hacking activities against the industry. First seen on therecord.media Jump to article: therecord.media/ukraine-media-organizations-priority-hacking-targets-russia
-
Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets
A focused phishing campaign operated by a previously unreported APT we’ve named Armored Likho (also tracked under the provisional alias Eagle Werewolf). The group is targeting government agencies and the electric power sector across Russia, Brazil and Kazakhstan, and demonstrates an evolving toolkit that blends commodity and bespoke tooling to support both financially motivated operations…
-
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.”Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky said in a technical analysis published today. “ First seen on…
-
ISMG Editors: Signs of Russia in Jaguar Land Rover Probe
Also: AI Export Controls Reshape Post-Quantum Debate, Grappling With AI Governance. In this week’s ISMG Editors’ Panel, four editors discussed new developments in the Jaguar Land Rover cyberattack probe, why export controls on artificial intelligence tools are reshaping post-quantum cryptography plans, and cybersecurity leaders’ latest thinking about how to best govern AI. First seen on…
-
Russian influence operations shift focus to US and Europe, leveraging AI
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-influence-operations-shift-focus-to-us-and-europe-leveraging-ai
-
XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t
Police arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy. On 22 July 2025, French and Ukrainian police arrested a 38-year-old man in Kyiv and shut down XSS.is, the most influential Russian-language cybercrime forum of the past decade. Europol, which coordinated the operation under the…
-
Russian Water System Hack Attempted to Turn Canada Dry
Hackers Said They Gained Access to Pumps, Chlorine Dosing and Pressure Settings. Canada’s Communications Security Establishment, the Maple Leaf version of the U.S. National Security Agency, refreshed a warning to the country’s water sector, revealing for the first time that Russian hackers attacked operational technology systems at a Quebec municipality utility last year. First seen…
-
Kremlin Expands AI-Backed Campaigns Across Europe, US
GenAI Is Accelerating Propaganda, Planning and Content Creation. Google Threat Intelligence Group says Russia is expanding AI-enabled influence operations beyond Ukraine to target the European Union and NATO, relying on proxy networks, hacktivists and coordinated cyber campaigns to undermine Western cohesion while reducing attribution. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-kremlin-expands-ai-backed-campaigns-across-europe-us-a-32120
-
$10 Million Reward for Russian Hackers Targeting Messaging App Users
The U.S. Department of State is offering up to $10 million for information on Russian-linked groups UNC5792 and UNC4221. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/10-million-reward-for-russian-hackers-targeting-messaging-app-users/
-
US offers $10 million for info on group behind Signal and WhatsApp hacking spree
Operation by two Russia-state groups has been ongoing since at least March. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/06/us-offers-10-million-for-info-on-group-behind-signal-and-whatsapp-hacking-spree/
-
U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks
The U.S. offers up to $10M for information on Russian hackers targeting Signal and WhatsApp accounts of officials and journalists. The U.S. government is offering rewards of up to $10 million for information leading to the identification of members of the Russian-linked groups UNC5792 and UNC4221. The hackers target government officials, military personnel, journalists, and…
-
Iran, Russia, China Target Water Systems for Sabotage
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation, not sophisticated malware. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/iran-russia-china-target-water-systems-sabotage
-
Russian Threat Actors Continue Signal and WhatsApp Targeting
Thousands of Victims Tricked Into Giving Attackers Account Access, Say Officials. Russian military hackers, foiled by end-to-end encryption in Signal and WhatsApp, have compromised thousands of people by tricking them into granting direct access to their accounts instead, lately by revealing backup recovery keys and PIN codes, warns a new U.S. government cybersecurity alert. First…
-
US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp
Russia-linked hacking groups tracked as UNC5792 and UNC4221 have socially engineered their way into the messaging accounts of government officials. First seen on therecord.media Jump to article: therecord.media/10million-reward-us-russian-hackers-unc4221-unc5792
-
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia’s intelligence and military services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/
-
STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth
Analysis of a .NET backdoor tracked as STOCKSTAY exposes a mature, modular espionage implant actively developed and deployed by the Russia-linked Turla cluster since at least December 2022. STOCKSTAY demonstrates several operational techniques designed to maximize stealth and survivability: secure WebSocket-based C2, asymmetric encryption using a 4096-bit RSA keypair, inter-component IPC, and environment-based keying of…
-
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025.Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the…
-
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
Tags: cyber, data-breach, espionage, government, hacking, intelligence, military, russia, service, ukraineUkraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States.…
-
FBI and CISA Warn Russian Hackers Stealing Verification Codes and Account PINs From Signal Users
U.S. cybersecurity authorities have issued a new warning about Russian intelligence-linked threat actors targeting secure messaging platforms, specifically highlighting the increased risk for Signal users. These threat actors are employing sophisticated phishing campaigns designed to steal verification codes and account PINs. In a joint Public Service Announcement (PSA) published on June 26, 2026, the Cybersecurity…
-
Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-hackers-destructive-jaguar/
-
FBI Sounds Alarm Over Russian Intelligence Signal Phishing
The FBI claims Russian spies are targeting Signal backup keys First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-alarm-russian-intelligence/
-
Security Affairs newsletter Round 583 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages Hospitality Sector Hit by…
-
Russian hackers suspected in Jaguar Land Rover cyberattack
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-hackers-suspected-in-jaguar-land-rover-cyberattack
-
New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages
FBI warns Russian spies now target Signal Backup Recovery Keys, enabling access to message history and long-term account takeover. The FBI and CISA updated their March 2026 warning about Russian intelligence phishing campaigns, and the new advisory adds a detail that wasn’t in the original: the operators have shifted their primary objective from stealing verification…

