Tag: russia
-
German authorities identify REvil and GangCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
-
German police unmask two suspects linked to REvil ransomware gang
The suspects were named as Daniil Shchukin, a 31-year-old Russian national believed to have used the alias UNKN (UNKNOWN), and Anatoly Kravchuk, a 43-year-old Ukraine-born Russian citizen who investigators say worked as a developer for the group. First seen on therecord.media Jump to article: therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
-
BKA unmasks two REvil Ransomware operators behind 130+ German attacks
German police BKA identified two key REvil ransomware members, linking them to over 130 attacks in Germany. Germany’s Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group, linking them to more than 130 attacks in the country. The first suspect is Daniil Maksimovich Shchukin (31), a Russian national known online…
-
Major outage hits Russian banking apps, metro payments across regions
The disruption on Friday affected apps from some of the country’s largest banks, including Sberbank, VTB, Alfa-Bank, T-Bank and Gazprombank. First seen on therecord.media Jump to article: therecord.media/outage-hits-russian-banking-apps
-
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort
German authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias >>UNKN.<< According to the BKA, Shchukin led the infamous GandCrab and REvil ransomware operations. Working alongside 43-year-old Anatoly…
-
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across…
-
AI Future: The Leading International AI and Web3 Forum to Take Place in April
Moscow, Russia, 3rd April 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/ai-future-the-leading-international-ai-and-web3-forum-to-take-place-in-april/
-
Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks
Tags: access, attack, breach, credentials, exploit, hacker, infrastructure, russia, ukraine, vulnerabilityIn a new report, CERT-UA said attackers are revisiting previously breached infrastructure to check whether access is still available, whether exploited vulnerabilities have been patched and whether previously obtained credentials remain valid. First seen on therecord.media Jump to article: therecord.media/ukraine-warns-russian-hackers-revisiting-old-attacks
-
Breach Roundup: Feds Confirm ‘Major’ Hack of FBI System
Also, Lloyds Data Leak, Dutch Treasury Breach, Citrix Bug Exploit, Pay2Key Activity. This week, Lloyds data leak hits 450K, Dutch treasury breach, Citrix flaw exploited, Iran-linked ransomware ops, TrueConf zero-day, Russian fraud ring sentenced, Romania targeted, patch gaps persist, and U.S. hospital breach affects 257K. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-feds-confirm-major-hack-fbi-system-a-31329
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Pro-Russian hackers pose as Ukraine’s cyber agency to target government, businesses
Tags: cyber, cybersecurity, government, group, hacker, incident, incident response, phishing, russia, ukraineA pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and other institutions, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
-
Russian court sentences notorious card fraud ringleader ‘Flint’ and 25 associates
A Russian military court sentenced 26 members of the cybercrime group Flint24, including ringleader Alexei Stroganov, a notorious hacker also wanted in the U.S. for large-scale payment card fraud. First seen on therecord.media Jump to article: therecord.media/russia-flint-conviction-payment-fraud
-
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are using a new remote access toolkit called “CTRL” to silently hijack Remote Desktop Protocol (RDP) sessions via FRP-based reverse tunnels, enabling stealthy, hands-on access to compromised Windows systems. The toolkit blends credential theft, keylogging, and RDP abuse into a cohesive post-exploitation framework that currently flies under the radar of public malware scanners…
-
Exposed Server Leaks TheGentlemen Ransomware Toolkit, Credentials, and Ngrok Tokens
A fully operational TheGentlemen ransomware toolkit on an exposed server, revealing victim credentials, ngrok tokens, and a complete pre-encryption playbook. This led them to an unauthenticated HTTP server at 176.120.22[.]127:80, hosted by Russian bulletproof provider Proton66 OOO, exposing 126 files across 18 subdirectories and about 140 MB of data. Proton66 has previously been tied to…
-
TA446 Uses DarkSword Exploit Kit to Target iPhone Users
TA446, a Russia-linked espionage group, has started using the DarkSword exploit kit to compromise iOS devices in a new phishing wave that abuses Atlantic Council”‘themed lures. The campaign underscores how quickly leaked iOS exploit chains can be weaponized against high”‘value policy and government targets. Unlike earlier TA446 operations that relied on password”‘protected ZIP attachments delivering…
-
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders.The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling First seen on thehackernews.com…
-
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
-
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
-
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices.The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under…
-
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices.The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under…
-
Latvia accuses Russia of of disinformation campaign targeting Baltic states
Russian media outlets and Telegram channels have circulated allegations that the Baltic states opened their airspace to Ukrainian drones targeting Russian territory, a claim Riga strongly denied. First seen on therecord.media Jump to article: therecord.media/latvia-accuses-russia-of-disinformation-campaign-ukraine-war
-
Iranian Hackers Breached Kash Patel’s Email”, but Not the FBI’s
Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more. First seen on wired.com Jump to article: www.wired.com/story/iranian-hackers-breached-the-fbi-directors-personal-email-but-not-the-fbi/
-
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker.”Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon Russian…
-
Breach Roundup: Tycoon2FA Phishing Platform Rebounds
Tags: 2fa, attack, breach, data, data-breach, healthcare, iran, malware, north-korea, oracle, phishing, ransomware, russiaAlso, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France. This week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim…
-
Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware
A pro-Ukrainian hacker group known as Bearlyfy has carried out more than 70 cyberattacks against Russian companies over the past year and is now escalating its campaign with newly developed ransomware tools, researchers have found. First seen on therecord.media Jump to article: therecord.media/ransomware-ukraine-russia-bearlyfy
-
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
A new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to monetizing stolen corporate data, focusing on processing and refining information rather than simply publishing it.…