Tag: russia
-
Dutch intelligence unmasks previously unknown Russian hacking group ‘Laundry Bear’
Recent attacks on institutions in the Netherlands were the work of a previously unknown Russian hacking group that Dutch intelligence agencies are labeling Laundry Bear. Microsoft also reported on the group, naming it Void Blizzard. First seen on therecord.media Jump to article: therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands
-
Russian Laundry Bear cyberspies linked to Dutch Police hack
Tags: russiaA previously unknown Russian-backed cyberespionage group now tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/
-
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government…
-
Russian Void Blizzard cyberspies linked to Dutch police breach
A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/
-
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload.The attack chain is a departure from the threat actor’s previously documented use of an HTML Application (.HTA) loader dubbed HATVIBE, Recorded Future’s Insikt Group said in an analysis.”Given TAG-110’s historical First…
-
Russian-Aligned TAG-110 Targets Tajikistan Governments with Stealthy Cyber-Espionage
Recorded Future’s Insikt Group has uncovered a new cyber-espionage campaign by Russia-aligned threat actor TAG-110 targeting public sector First seen on securityonline.info Jump to article: securityonline.info/russian-aligned-tag-110-targets-tajikistan-governments-with-stealthy-cyber-espionage/
-
Leader of Qakbot cybercrime network indicted in U.S. crackdown
The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. The U.S. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000 computers and facilitated ransomware attacks. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an…
-
The US Is Building a One-Stop Shop for Buying Your Data
Plus: A mysterious hacking group’s secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more. First seen on wired.com Jump to article: www.wired.com/story/us-spies-one-stop-shop-private-data/
-
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying
An example of how a single malware operation can enable both criminal and state-sponsored hacking. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/feds-charge-16-russians-allegedly-tied-to-botnets-used-in-cyberattacks-and-spying/
-
Russian Hackers Target Western Firms Aiding Ukraine, Spy on Shipments
Russian military hackers are targeting Western firms aiding Ukraine, using cyberespionage to infiltrate logistics networks and spy on arms shipments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/russian-hackers-target-western-firms/
-
Russian-led cybercrime network dismantled in global operation
Arrest warrants issued for ringleaders after investigation by police in Europe and North AmericaEuropean and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.International arrest warrants have been issued for 20 suspects,…
-
EU Targets Stark Industries in Cyberattack Sanctions Crackdown
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing new restrictive measures against 21 individuals and 6 entities. This latest move, part of the EU’s 17th sanctions package, reflects a significant broadening of both the scope and technical complexity of sanctions as the bloc seeks to counter destabilising activities…
-
TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks
The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium confidence by CERT-UA, has shifted tactics to target government, educational, and research entities in Tajikistan. According to analysis by Insikt Group from Recorded Future Report, TAG-110 has moved away from its traditional use of HTA-based payloads like HATVIBE, which it has…
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation
The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, alleging he led the development and deployment of the notorious Qakbot malware. This action, announced on May 22, 2025, marks a significant milestone in a years-long multinational effort to disrupt cybercriminal networks that have inflicted hundreds of…
-
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.The malware, the DoJ said, infected more than…
-
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerabilityCredential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
-
US Takes Down DanaBot Malware, Indicts Developers
DanaBot Used to Steal and to Spy. A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware’s infrastructure. First seen on govinfosecurity.com Jump…
-
Feds finger Russian ‘behind Qakbot malware’ that hit 700K computers
Agents thought they shut this all down in 2023, but the duck quacked again First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/qakbot_criminal_mastermind_charged/
-
Feds finger Russian behind Qakbot malware that hit 700,000 computers
The FBI thought they shut this all down in 2023, but the duck quacked again First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/qakbot_criminal_mastermind_charged/
-
Breach Roundup: US Indicts Qakbot Malware Leader
Also: Signal Blocks Recall, Europe Sanctions Stark Industries. This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer’s hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia. First seen…
-
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan
While Ukraine remains Russia’s major target for cyberattacks, TAG-110 is part of a strategy to preserve a post-Soviet sphere of influence by embedding itself in other countries’ infrastructures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russian-threat-actor-tag-110-phishing-tajikistan
-
Russia facing spike in PureRAT malware attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/russia-facing-spike-in-purerat-malware-attacks
-
Russian hackers targeting Western logistics, tech support of Ukraine
First seen on scworld.com Jump to article: www.scworld.com/news/russian-hackers-targeting-western-logistics-tech-support-of-ukraine
-
Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking. First seen on wired.com Jump to article: www.wired.com/story/us-charges-16-russians-danabot-malware/
-
US indicts leader of Qakbot botnet linked to ransomware attacks
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/
-
Blurring Lines Between Scattered Spider & Russian Cybercrime
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/blurring-lines-scattered-spider-russian-cybercrime
-
Blurring Lines Between Scattered Spider and Russian Cybercrime
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/blurring-lines-scattered-spider-russian-cybercrime
-
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware. This malware-as-a-service (MaaS) infostealer, also known as LummaC2 Stealer, targets Windows systems to siphon credentials, system data, and cryptocurrency wallets. Investigations conducted in 2025 reveal…