Tag: russia
-
Chinese Actor Targets Russian IT Provider
Symantec Says It Spotted Likely Supply Chain Hack. Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-actor-targets-russian-provider-a-29738
-
Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America.The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks…
-
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
-
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025, suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers. First seen on therecord.media Jump to article: therecord.media/rare-china-linked-intrusion-russian-tech-firms
-
Pro-Russia TwoNet Hacktivists Target Water Utility Honeypot
Today’s Hapless Hackers Are Tomorrow’s Threat, Warns Forescout. A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant – but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30. First seen on govinfosecurity.com Jump to…
-
Pro-Russian TwoNet Hacktivists Target Water Utility Honeypot
Today’s Hapless Hackers Are Tomorrow’s Threat, Warns Forescout. A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant – but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30. First seen on govinfosecurity.com Jump to…
-
Pro-Russian TwoNet Hacktivists Target Water Utility Honeypot
Today’s Hapless Hackers Are Tomorrow’s Threat, Warns Forescout. A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant – but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30. First seen on govinfosecurity.com Jump to…
-
Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium
The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium/
-
Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium
The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium/
-
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
Tags: access, attack, breach, corporate, credentials, cyber, cybercrime, exploit, login, malware, marketplace, russia, threatThe online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and each compromised login represents a potential gateway into corporate systems. Threat actors routinely purchase credentials to launch credential-based attacks that…
-
Russian Cybercrime Marketplace Shifting from RDP Access to Malware Stealer Log Exploits
Tags: access, attack, breach, corporate, credentials, cyber, cybercrime, exploit, login, malware, marketplace, russia, threatThe online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs. Stolen user credentials are traded daily, and each compromised login represents a potential gateway into corporate systems. Threat actors routinely purchase credentials to launch credential-based attacks that…
-
Pro-Russian Hacktivist Targets OT/ICS Systems to Harvest Credentials
In September, a nascent pro-Russian hacktivist group known as TwoNet staged its first operational technology and industrial control systems (OT/ICS) intrusion against our water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary ultimately created backdoor accounts and defaced the human-machine interface (HMI), demonstrating a concerning pivot from pure DDoS to…
-
Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation
The post Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/pro-russian-hacktivist-group-twonet-exposed-for-fabricating-critical-infrastructure-attacks-to-boost-reputation/
-
Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation
The post Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/pro-russian-hacktivist-group-twonet-exposed-for-fabricating-critical-infrastructure-attacks-to-boost-reputation/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66
Tags: android, cve, cyber, exploit, extortion, international, malware, ransomware, russia, spyware, vulnerabilitySecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps…
-
Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained
Spain’s Guardia Civil dismantled the cybercrime group “GXC Team” and arrested its 25-year-old Brazilian leader. Spanish Guardia Civil dismantled the “GXC Team” cybercrime group, arresting its 25-year-old Brazilian leader “GoogleXcoder.” The gang sold AI-powered phishing kits, Android malware, and voice-scam tools via Telegram and Russian forums, becoming a major supplier of credential theft tools in…
-
Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium
The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium/
-
Pro-Russia hacktivist group dies of cringe after falling into researchers’ trap
Forescout’s phony water plant fooled TwoNet into claiming a fake cyber victory then it quietly shut up shop First seen on theregister.com Jump to article: www.theregister.com/2025/10/10/russia_hacktivists_honeytrap/
-
Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors
Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents,…
-
Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors
Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents,…
-
Pro-Russian hackers caught bragging about attack on fake water utility
Cybersecurity company Forescout said a hacking group known as TwoNet fell for a honeypot that looked like the network for a Dutch water utility. First seen on therecord.media Jump to article: therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group
-
Pro-Russian hackers caught bragging about attack on fake water utility
Cybersecurity company Forescout said a hacking group known as TwoNet fell for a honeypot that looked like the network for a Dutch water utility. First seen on therecord.media Jump to article: therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group
-
ClayRat Android Malware Masquerades as WhatsApp Google Photos
ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers. Primarily targeting Russian users, the malware masquerades as popular applications such as WhatsApp, Google Photos, TikTok, and YouTube, luring victims into installing malicious APKs via deceptive…
-
Pro-Russia Hacktivists “Claim” Attack on Water Utility Honeypot
Forescout said that the TwoNet actor was lured into attacking a honeypot disguised as a water treatment utility, providing insights into the group’s tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russia-hacktivistsattack-water/
-
ClayRat campaign uses Telegram and phishing sites to distribute Android spyware
ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users via fake Telegram channels and phishing sites posing as popular apps like Google Photos, WhatsApp, TikTok, YouTube. Zimperium named the spyware ClayRat after its C2 server,…
-
ClayRat campaign uses Telegram and phishing sites to distribute Android spyware
ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users via fake Telegram channels and phishing sites posing as popular apps like Google Photos, WhatsApp, TikTok, YouTube. Zimperium named the spyware ClayRat after its C2 server,…
-
Clop Attacks Against Oracle E-Business Suite Trace to July
Signs Point to Multiple Exploit Chains, One Including a Zero-Day, Being Employed. Data-stealing attacks targeting Oracle E-Business Suite, for which an affiliate of Russian-speaking Clop ransomware group is claiming credit, appear to have begun by August and involved multiple attack chains, of which one targeted a zero-day vulnerability, report Google threat researchers. First seen on…