Tag: russia
-
Pro-Russian hacking group snared by Forescout Vedere Labs honeypot
Forescout Vedere Labs published a report exposing how a pro-Russian hacktivist group was duped into thinking they had hacked a European water facility, unaware their target was in fact a carefully crafted honeypot. This “hack” provided Forescout researchers the rare opportunity to see first-hand how these groups look for and exploit weaknesses in critical infrastructure. The…
-
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them.”Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with…
-
ClayRat Spyware Campaign Targets Android Users in Russia
A new ClayRat spyware campaign has been observed targeting Russian users via fake apps on Telegram and exfiltrating data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/clayrat-spyware-targets-android/
-
Hacktivists target critical infrastructure, hit decoy plant
A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacktivists-target-critical-infrastructure-hit-decoy-plant/
-
From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine
Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Communications and Information Protection (SSSCIP) said.”Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed…
-
Arrests Underscore Fears of Teen Cyberespionage Recruitment
Telegram Used to Lure Teen Recon Recruits. The late September arrest of two teenagers in the Netherlands on suspicion of capturing Wi-Fi signals for pro-Russian hackers has sparked warnings from security analysts over a digital drive for low-skill reconnaissance tasks by nation-state spymasters. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/arrests-underscore-fears-teen-cyberespionage-recruitment-a-29681
-
OpenAI Blocks Global Hackers Misusing ChatGPT for Cyberattacks
OpenAI halts hackers from Russia, North Korea, and China exploiting ChatGPT for malware and phishing attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-cyberattacks/
-
OpenAI Blocks Global Hackers Misusing ChatGPT for Cyberattacks
OpenAI halts hackers from Russia, North Korea, and China exploiting ChatGPT for malware and phishing attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-cyberattacks/
-
OpenAI Blocks Global Hackers Misusing ChatGPT for Cyberattacks
OpenAI halts hackers from Russia, North Korea, and China exploiting ChatGPT for malware and phishing attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chatgpt-cyberattacks/
-
Russian hackers turn to AI as old tactics fail, Ukrainian CERT says
Russian hackers are now using AI not only to write phishing messages but also to generate malicious code itself. First seen on therecord.media Jump to article: therecord.media/russian-hackers-turn-to-ai-ukraine-cert
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Russia is at ‘hybrid war’ with Europe, warns EU chief, calling for members ‘to take it very seriously’
Tags: russiaEuropean Commission President Ursula Von der Leyen urged the EU to “urgently equip itself with a strategic capacity to respond” to Russian hybrid warfare. First seen on therecord.media Jump to article: therecord.media/russia-hybrid-war-europe-von-der-leyen-speech
-
OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups
OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea. First seen on hackread.com Jump to article: hackread.com/openai-ai-tools-exploitation-threat-groups/
-
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
Tags: access, ai, chatgpt, china, credentials, cyberattack, hacker, intelligence, malware, north-korea, openai, russia, threat, toolOpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.This includes a Russian”‘language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator…
-
OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks
Tags: access, ai, chatgpt, china, credentials, cyberattack, hacker, intelligence, malware, north-korea, openai, russia, threat, toolOpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.This includes a Russian”‘language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator…
-
Medusa Ransomware Affiliates Tied to Fortra GoAnywhere Hacks
Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last Month. Affiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts. First seen on govinfosecurity.com Jump to…
-
Medusa Ransomware Affiliates Tied to Fortra GoAnywhere Hacks
Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last Month. Affiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts. First seen on govinfosecurity.com Jump to…
-
OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance
It also banned some suspected Russian accounts trying to create influence campaigns and malware First seen on theregister.com Jump to article: www.theregister.com/2025/10/07/openai_bans_suspected_china_accounts/
-
Russia blocks mobile internet for foreign SIM cards, citing drone threats
The new rule imposes a mandatory 24-hour mobile internet blackout for anyone entering Russia with a foreign SIM card. First seen on therecord.media Jump to article: therecord.media/russia-blocks-mobile-internet-foreign-sim-cards
-
Russia blocks mobile internet for foreign SIM cards, citing drone threats
The new rule imposes a mandatory 24-hour mobile internet blackout for anyone entering Russia with a foreign SIM card. First seen on therecord.media Jump to article: therecord.media/russia-blocks-mobile-internet-foreign-sim-cards
-
Cavalry Werewolf APT Targets Russian Organizations Using FoalShell and Telegram C2
Cavalry Werewolf, a Russian-focused advanced persistent threat (APT) cluster, has intensified its offensive operations by experimenting with new malware variants and leveraging Telegram-based command-and-control (C2). Security teams must prioritize real-time visibility into the tools employed by this group to maintain effective detection and prevention measures. Without timely insights into FoalShell and StallionRAT, defenders risk falling…
-
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more. First seen on wired.com Jump to article: www.wired.com/story/apple-and-google-pull-ice-tracking-apps-bowing-to-doj-pressure/
-
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more. First seen on wired.com Jump to article: www.wired.com/story/apple-and-google-pull-ice-tracking-apps-bowing-to-doj-pressure/
-
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more. First seen on wired.com Jump to article: www.wired.com/story/apple-and-google-pull-ice-tracking-apps-bowing-to-doj-pressure/
-
GhostSocks Malware-as-a-Service Turns Compromised Devices into Proxies for Threat Actors
On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn compromised Windows machines into residential SOCKS5 proxies, enabling cybercriminals to bypass anti-fraud defenses and monetize infected hosts. The initial…
-
New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT
A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT.Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It’s also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade…
-
Ukrainian Defenders Report Rise in Russian Cyberattacks
Numerous Attacks Designed and Timed ‘to Amplify the Impact of Kinetic Strikes’. Russia in the first half of this year markedly increased the tempo of its cyberattacks targeting Ukraine, with defenders cataloging 3,000 cybersecurity incidents, largely targeting the military, government, local authorities and energy sector, often timed to amplify the impact of kinetic attacks. First…
-
Russia, Chinese Hacking Buffets Europe
ENISA: Nation-State Hacking ‘Steadily Intensified’ Over 12-Month Period. Nearly every member government of the European Union experienced a cyberattack from a nation-state hacker in the 12 months ending in July, primarily from Russian and Chinese threat actors who steadily intensified hacking, says the European cyber agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russia-chinese-hacking-buffets-europe-a-29616
-
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot
Two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/dutch-teens-recruited-telegram-russia
-
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot
Two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/dutch-teens-recruited-telegram-russia