Tag: russia
-
Russia’s mobile internet shutdowns hit record high amid Ukrainian drone attacks
Russia shut down mobile internet services more than 2,000 times in July as authorities ramped up digital restrictions in the name of security. First seen on therecord.media Jump to article: therecord.media/russia-mobile-internet-shutdowns-record
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/secret-blizzard-moscow-embassies/
-
Russian State Hackers Spy on Moscow Embassies via ISP-Level AiTM Attacks
The post Russian State Hackers Spy on Moscow Embassies via ISP-Level AiTM Attacks appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-state-hackers-spy-on-moscow-embassies-via-isp-level-aitm-attacks/
-
Microsoft catches Russian hackers targeting foreign embassies
End goal is the installation of a malicious TLS root certificate for use in intel gathering. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/07/microsoft-catches-russian-hackers-targeting-foreign-embassies/
-
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…
-
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow.”ApolloShadow has the capability to install a trusted root certificate to…
-
Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-russian-hackers-use-isp-access-to-hack-embassies-in-aitm-attacks/
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-secret-blizzard-espionage-embassies-moscow/
-
Kremlin goons caught abusing ISPs to spy on Moscow-based diplomats, Microsoft says
Russia spying on foreign embassies? Say it ain’t so First seen on theregister.com Jump to article: www.theregister.com/2025/07/31/kremlin_goons_caught_abusing_isps/
-
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. First seen on wired.com Jump to article: www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
-
Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-secret-blizzard-apt-embassy-isps
-
LAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts
The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, this campaign targeted Ukraine’s security and defense sectors earlier this month, initiating with spearphishing emails dispatched…
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
Russia blocks popular US-made internet speed test tool over national security concerns
Speedtest, made by Seattle-based Ookla, collects data that could be exploited for cyberattacks, Russia’s telecom regulator said in blocking the service. First seen on therecord.media Jump to article: therecord.media/russia-bans-speedtest-ookla
-
Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services
The Stolichki pharmacy chain, which operates about 1,000 stores across Russia confirmed that a technical failure that halted its operations on Tuesday was caused by a hack. First seen on therecord.media Jump to article: therecord.media/cyberattack-shuts-down-russian-pharmacies
-
Hackers Deploy Cobalt Strike Beacon Using GitHub and Social Media
A sophisticated cyberattack campaign disrupted the Russian IT industry and entities in several other countries, leveraging advanced evasion techniques to deploy the notorious Cobalt Strike Beacon. Attackers ingeniously concealed payload information within user profiles on platforms like GitHub, Microsoft Learn Challenge, Quora, and Russian social networks, blending malicious data into legitimate user-generated content to bypass…
-
Cyberangriff auf zwei Apotheken-Ketten in Russland
Cyberattacks Force Major Russian Pharmacy Chains to Shut Down First seen on themoscowtimes.com Jump to article: www.themoscowtimes.com/2025/07/29/cyberattacks-force-major-russian-pharmacy-chains-to-shut-down-a90014
-
Russian airline Aeroflot grounds dozens of flights after cyberattack
Aeroflot, Russia’s flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-airline-aeroflot-grounds-dozens-of-flights-after-cyberattack/
-
Qilin Ransomware Gains Momentum with Legal Assistance Option for Affiliates
The Qilin ransomware gang has introduced a >>Call Lawyer>legal department
-
Poland says more than 30 suspects face trial over pro-Russian sabotage
Prime Minister Donald Tusk said the suspects were allegedly recruited to conduct attacks aimed at destabilizing the country. First seen on therecord.media Jump to article: therecord.media/poland-32-suspects-pro-russia-sabotage
-
Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights
A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ‘s systems, canceling over 100 flights. On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. Over 100 flights were cancelled following the attack, which also caused delays. The…
-
Cyberangriff auf eine staatliche russische Fluggesellschaft
Pro-Ukrainian hackers claim massive cyberattack on Russia’s Aeroflot First seen on reuters.com Jump to article: www.reuters.com/en/pro-ukrainian-hackers-claim-massive-cyberattack-russias-aeroflot-2025-07-28/
-
Aeroflot Hit by Year”‘Long Cyber Operation That Allegedly Wiped 7,000 Servers
Russia’s flagship carrier Aeroflot is reeling from a devastating cyberattack that pro-Ukraine hacking groups claim wiped approximately 7,000 servers and stole over 20 terabytes of sensitive data during a year-long clandestine operation. The airline was forced to cancel dozens of flights Monday morning, leaving passengers stranded at Moscow’s Sheremetyevo Airport amid what officials described as…
-
Rise of Chaos Ransomware Tied to BlackSuit Group’s Exit
Operation Checkmate Disrupts One of the Large Russian-Speaking Ransomware Groups. An international law enforcement operation has disrupted BlackSuit, a ransomware group tied to hundreds of victims and ransom demands that exceeded half a billion dollars. The takedown occurred as security experts tracked the rise of a new group called Chaos, which may be a BlackSuit…
-
Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel
State-owned Aeroflot cancels dozens of flights, stranding travelers throughout Russia. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/pro-ukrainian-hackers-take-credit-for-attack-that-snarls-russian-flight-travel/
-
Russia’s Flag Carrier Cancels Flights After Hack Attack
Aeroflot Hit With Wiper Malware, Claim Pro-Ukrainian Hackers From Belarus. Russia’s largest airline, Aeroflot, canceled dozens of flights on Monday and delayed more due to an IT disruption. Two pro-Ukrainian hacking groups from Belarus claimed to have wiped stolen extensive customer data before wiping 7,000 physical and virtual servers used by the airline. First seen…
-
Cyberattack on Aeroflot causing mass flight disruptions, Russia says
Russian authorities confirmed on Monday that ongoing Aeroflot flight disruptions are due to a cyberattack affecting the nation’s largest carrier. First seen on therecord.media Jump to article: therecord.media/cyberattack-aeroflot-russia-delays
-
Flights grounded as Russia’s largest airline Aeroflot hacked and systems ‘destroyed’
Russian prosecutor said it opened a criminal investigation into the cyberattack targeting Aeroflot, the largest airline in Russia. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/28/flights-grounded-as-russias-largest-airline-aeroflot-hit-by-cyberattack/