Tag: russia
-
Russia-linked ‘Curly COMrades’ turn to malicious virtual machines for digital spy campaigns
A cyber-espionage operation installed lightweight virtual machines to evade detection, researchers said, in the latest sign of Russia-linked hackers adapting their tactics. First seen on therecord.media Jump to article: therecord.media/virtual-machines-cyber-espionage-russia-linked-curly-comrades
-
Curly COMrades Hacker Group Deploys New Tools for Stealthy Remote Access on Compromised Windows 10 Systems
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolitical interests, the group has deployed innovative tools and techniques that successfully bypass traditional endpoint detection and response (EDR) solutions. This investigation, conducted in…
-
Curly COMrades Hacker Group Deploys New Tools for Stealthy Remote Access on Compromised Windows 10 Systems
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolitical interests, the group has deployed innovative tools and techniques that successfully bypass traditional endpoint detection and response (EDR) solutions. This investigation, conducted in…
-
Pro-Russian Hackers Use Linux VMs to Hide in Windows
A threat actor known as Curly COMrades is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows
-
Russian spies pack custom malware into hidden VMs on Windows machines
Curly COMrades strike again First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/russian_spies_pack_custom_malware/
-
Ex-L3Harris Exec Sold U.S. Cyber Secrets to Russia, Pleads Guilty
Former L3Harris executive Peter Williams admitted selling U.S. cyber tools to a Russian broker, endangering national security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ex-l3harris-exec-sold-u-s-cyber-secrets-to-russia-pleads-guilty/
-
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades has been abusing Microsoft’s Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
-
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…
-
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…
-
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and interviews with former Trenchant staff, explains how Williams pulled off the heist of hacking tools. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/
-
How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and interviews with former Trenchant staff, explains how Williams pulled off the heist of hacking tools. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/
-
Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group
The company said the breach exposed contact information and inquiry details from users of its online stores, Askul, Lohaco and Soloel Arena, as well as supplier data stored on its internal servers. First seen on therecord.media Jump to article: therecord.media/askul-confirms-data-breach-ransomware-incident
-
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military
A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/
-
Chinese hackers target Western diplomats using hardpatch Windows shortcut flaw
Tags: access, attack, china, control, cyber, endpoint, exploit, flaw, group, hacker, intelligence, mitigation, monitoring, rat, russia, threat, ukraine, update, vulnerability, windowsMitigation: In the absence of a patch, organizations worried about .LNK attacks should consider blocking .LNK files or disabling their execution in Windows Explorer, Arctic Wolf advised.”This should be put in place across all Windows systems, prioritizing endpoints used by personnel with access to sensitive diplomatic or policy information. While this vulnerability was disclosed in…
-
Russia Arrests Meduza Stealer Developers After Government Hack
Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group’s ‘fatal error’ led to the crackdown on domestic cybercrime. First seen on hackread.com Jump to article: hackread.com/russia-arrests-meduza-stealer-developers/
-
Russian Police Bust Suspected Meduza Infostealer Developers
3 ‘Young IT Specialists’ Arrested After Malware Tied to Government Agency Infection. Russian police have arrested three young IT specialists in Moscow, charging them with developing and selling the notorious Meduza information-stealing malware, and members of their group using the infostealer to breach a Russian government institution in May and exfiltrate data. First seen on…
-
Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs
Tags: russiaRare case of the state turning on its own, but researchers say it may be doing so more often First seen on theregister.com Jump to article: www.theregister.com/2025/10/31/russia_arrests_three_meduza_cyber_suspects/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Three suspected developers of Meduza Stealer malware arrested in Russia
Russia’s Interior Ministry posted a video of raids on suspected developers of the Meduza Stealer malware, which has been sold to cybercriminals since 2023. First seen on therecord.media Jump to article: therecord.media/meduza-stealer-malware-suspected-developers-arrested-russia
-
Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads
Tags: control, cyber, cyberattack, cybercrime, exploit, framework, hacking, intelligence, malicious, open-source, russia, threat, toolThreat intelligence researchers have uncovered a growing campaign where cybercriminals are weaponizing AdaptixC2, a legitimate open-source Command and Control framework designed for authorized penetration testers. The discovery reveals how threat actors are exploiting ethical hacking tools to conduct sophisticated cyberattacks, with significant ties linking the framework’s development to Russian criminal networks. Silent Push threat analysts…
-
Threat Actors Exploiting Open-Source C2 Frameworks to Deploy Malicious Payloads
Tags: control, cyber, cyberattack, cybercrime, exploit, framework, hacking, intelligence, malicious, open-source, russia, threat, toolThreat intelligence researchers have uncovered a growing campaign where cybercriminals are weaponizing AdaptixC2, a legitimate open-source Command and Control framework designed for authorized penetration testers. The discovery reveals how threat actors are exploiting ethical hacking tools to conduct sophisticated cyberattacks, with significant ties linking the framework’s development to Russian criminal networks. Silent Push threat analysts…
-
Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping
The post Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-apts-exploit-lotl-techniques-in-ukraine-cyber-attacks-deploying-sandworm-linked-webshell-and-credential-dumping/
-
US Defense Contractor Boss Sold Zero Days to Russia, Cops a Plea
So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/l3harris-trenchard-the-final-sb-blogwatch-cheerio-richixbw/
-
US Defense Contractor Boss Sold Zero Days to Russia, Cops a Plea
So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/l3harris-trenchard-the-final-sb-blogwatch-cheerio-richixbw/
-
US Defense Contractor Boss Sold Zero Days to Russia, Cops a Plea
So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/l3harris-trenchard-the-final-sb-blogwatch-cheerio-richixbw/