Tag: russia
-
Google Exposes Russian Disinformation Blitz Over Poland Airspace Incursion Using Portal Kombat Network
The post Google Exposes Russian Disinformation Blitz Over Poland Airspace Incursion Using Portal Kombat Network appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/google-exposes-russian-disinformation-blitz-over-poland-airspace-incursion-using-portal-kombat-network/
-
Russia’s Coldriver Revamps Malware to Evade Detection
Russian Intel Hackers Flexible in Face of Detection. Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-coldriver-revamps-malware-to-evade-detection-a-29776
-
Google finds Russian state hackers replacing burned malware with new tools
A Russia-linked group tracked as Coldriver or Callisto is using three new pieces of malicious code to replace the LostKeys malware outed by Google earlier this year, the company said. First seen on therecord.media Jump to article: therecord.media/coldriver-callisto-russia-hackers-new-malware-google
-
Russian Disinformation Followed Drone Incursion of Poland
Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers. After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts. First seen on govinfosecurity.com…
-
Russia pressures Apple to make Russian search engines default on locally-sold iPhones
In a letter to Apple cited by the state news agency TASS, the Federal Antimonopoly Service (FAS) said Apple’s current setup gives preference to foreign search engines, putting local providers at a “competitive disadvantage” and infringing on consumers’ rights. First seen on therecord.media Jump to article: therecord.media/russia-apple-search-engine-default
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf”, also tracked as YoroTrooper and Silent Lynx”, executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, and manufacturing. The coordinated offensive leveraged trusted relationships for highly targeted spear-phishing and deployed a custom multi-language malware…
-
New LOSTKEYS Malware Tied to Russian State-Sponsored Hacker Group COLDRIVER
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. After details of LOSTKEYS surfaced, COLDRIVER (also tracked as UNC4057, Star Blizzard, and Callisto) pivoted away from the compromised malware.…
-
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor.The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following…
-
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor.The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following…
-
Russian Coldriver Hackers Deploy New ‘NoRobot’ Malware
The Coldriver hacking group reportedly shifted its operation quickly after the May 2025 public disclosure of its LostKeys malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-coldriver-hackers-new/
-
Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases
Russian hackers stole and leaked MoD files on eight RAF and Navy bases, exposing staff data in a “catastrophic” cyberattack via Dodd Group breach. Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident…
-
ColdRiver Drops Fresh Malware on Targets
The Russia-backed threat actor’s latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/coldriver-drops-fresh-malware-targets
-
UK Ministry of Defense Probes Military Contractor Data Leak
Ransomware Group Lynx Reportedly Stole 4TB of Data. The U.K. Ministry of Defense is investigating an apparent data breach by Russian-speaking ransomware hackers of a building facilities contractor with ties to the military. The Lynx ransomware group posted on its darkweb site samples of what it says is 4 terabytes of data stolen from the…
-
CAPI Backdoor targets Russia’s auto and e-commerce sectors
A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. >>SEQRITE Labs Research Team has recently uncovered a…
-
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
Tags: access, attack, authentication, breach, china, control, corporate, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, flaw, framework, government, group, hacker, identity, infrastructure, intelligence, Intruder, korea, microsoft, monitoring, network, ransomware, reverse-engineering, risk, russia, supply-chain, tactics, technology, theft, threat, vulnerability, zero-day, zero-trustChina or Russia? Conflicting attribution: Microsoft attributed the broader wave of SharePoint exploitations to three Chinese-linked groups: Linen Typhoon, Violet Typhoon, and a third actor it tracks as Storm-2603. The company said the attackers were preparing to deploy Warlock ransomware across affected systems.However, the source familiar with the Kansas City incident tells CSO that a…
-
‘I lost 25 pounds in 20 days’: what it’s like to be on the frontline of a global cyber-attack
The security chief of SolarWinds reflects on the Russian hack that exposed US government agencies and the heart attack he suffered in the aftermathTim Brown will remember 12 December 2020 for ever.It was the day the software company SolarWinds was notified it had been hacked by Russia. <a href=”https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health”>Continue reading… First seen on theguardian.com Jump…
-
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company’s analysis is based…
-
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses
Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerabilityF5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
-
Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook
Chaos Theory and Ransomware’s Love Child Serves Up Nonstop Unpredictability All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.…
-
Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook
Chaos Theory and Ransomware’s Love Child Serves Up Nonstop Unpredictability All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.…
-
Madman Theory Drives Crazy Scattered Lapsus$ Hunters Playbook
Chaos Theory and Ransomware’s Love Child Serves Up Nonstop Unpredictability All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.…
-
Teen Tied to Russian Hackers in Dutch Cyber Espionage Probe
Dutch prosecutors suspect three teens of aiding a foreign power, with one allegedly linked to a Russian-affiliated hacker group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teen-russian-hacking-group-ties/
-
APT28 Deploys BeardShell and Covenant Modules via Weaponized Office Documents
Security researchers at Sekoia.io have uncovered a sophisticated cyberattack campaign orchestrated by APT28, the notorious Russian state-sponsored threat actor, targeting Ukrainian military personnel with weaponized Office documents that deliver advanced malware frameworks including BeardShell and Covenant modules. The operation represents a significant evolution in APT28’s tactics, leveraging legitimate cloud infrastructure and novel obfuscation techniques to…
-
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi? First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/chinese_russian_cyber_espionage/
-
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi? First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/chinese_russian_cyber_espionage/
-
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack
China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by…
-
China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2
The post China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinas-jewelbug-apt-breaches-russian-it-provider-for-5-months-using-yandex-cloud-and-graph-api-c2/