Tag: russia
-
New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages
FBI warns Russian spies now target Signal Backup Recovery Keys, enabling access to message history and long-term account takeover. The FBI and CISA updated their March 2026 warning about Russian intelligence phishing campaigns, and the new advisory adds a detail that wasn’t in the original: the operators have shifted their primary objective from stealing verification…
-
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S.The systematic cyber attacks aimed at stealing sensitive First seen…
-
FBI: Russian hackers now target Signal backup recovery keys
The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims’ historical messages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-russian-hackers-now-target-signal-backup-recovery-keys/
-
Russian hackers were behind $2.5B hack of Jaguar Land Rover: Report
The hack on car giant Jaguar Land Rover last year was one of the most disrupting, damaging, and costly hacks of the last few years. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/26/russian-hackers-were-behind-2-5-billion-hack-of-jaguar-land-rover-report/
-
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key.Hand it over once, and the attacker can restore the account’s backup, read the private and group message history, and take over…
-
A Hack Too Far? Report Ties Russia to Jaguar Land Rover Hit
How Should the British Government Respond to the $2.5B Economic Disruption? Suggestions that the Kremlin orchestrated the disruptive hack attack against British automotive giant Jaguar Land Rover raise the question of how the British government might respond. For businesses, Moscow’s advancing use of gray zone tactics is a reminder that they’re in the line of…
-
Russian hackers were behind $2.5 billion hack of Jaguar Land Rover: Report
The hack on car giant Jaguar Land Rover last year was one the most disrupting, damaging, and costly hacks of the last few years. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/26/russian-hackers-were-behind-2-5-billion-hack-of-jaguar-land-rover-report/
-
Russia accuses Apple of ‘political censorship’ after VK apps removed from App Store
Apple removed VK’s flagship social network VKontakte, often described as Russia’s equivalent of Facebook, along with VK Music, VK Messenger, VK Video, Odnoklassniki and Mail.ru services, including its email application. First seen on therecord.media Jump to article: therecord.media/russia-accuses-apple-of-political-censorship-after-vk-removal
-
Turla group adds more malware to Russia’s espionage efforts against Ukraine
Threat intelligence researchers at Google described StockStay, the latest malware developed by the Russian cyber-espionage group known as Turla. First seen on therecord.media Jump to article: therecord.media/russia-turla-espionage-ukraine-stockstay-malware
-
Water and Wastewater Systems Become Strategic Targets for Russia, China, and Iran
Water and wastewater systems have become strategic gray”‘zone targets for Russia, China, and Iran, driven by chronic underinvestment and weak operational”‘technology (OT) defenses that make these utilities easy to probe and exploit. Internet”‘facing human”‘machine interfaces (HMIs), exposed programmable logic controllers (PLCs), default credentials, and poor IT/OT segmentation create low”‘cost access paths whose impact is disproportionately…
-
Activist Phone Hacked With Cellebrite After Russia Contract Cancellation
Russian authorities used Cellebrite tools to unlock an activist’s iPhone and analyze private data despite canceled support, raising abuse concerns. On May 31, 2021, Russian security services pulled opposition activist Andrey Pivovarov off a flight at St. Petersburg airport and confiscated his iPhone 12 and MacBook. He never consented to a search and never gave…
-
Russian Authorities Used Cellebrite UFED to Break Into Human Rights Activist’s iPhone
Russian authorities leveraged Cellebrite’s Universal Forensic Extraction Device (UFED) to gain access to a detained human rights activist’s iPhone, according to a detailed forensic investigation that raises fresh concerns over the use of commercial digital forensics tools in political repression. The findings as per reported by CitizenLabs, based on technical analysis and corroborated by official…
-
Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff
Russian authorities used Cellebrite’s UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus.The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces…
-
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (…
-
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (…
-
Russian APT ‘Gamaredon’ Upgrades Its Arsenal, Requiring New Defenses
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-apt-gamaredon-arsenal-defense
-
Another Russian dairy company reportedly disrupted by cyberattack
A dairy products manufacturer in Russia’s republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack. First seen on therecord.media Jump to article: therecord.media/russia-dairy-producter-cyberattack-ufa
-
Russia used Cellebrite phone-hacking tool to crack down on dissident after firm cut off country
The continued use of the powerful data extraction product soon after the company in March 2021 said it would stop working with Russia suggests the firm has been unable to pull back its technology from authoritarian government customers, researchers say. First seen on therecord.media Jump to article: therecord.media/russia-used-cellebrite-tool-after-company-pulled-out-of-country
-
Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract
The phone-cracking firm broke off from its deal with Russia, but Citizen Lab said that didn’t stop authorities from surveilling Andrey Pivovarov. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-cellebrite-activist-phone-hacking/
-
Cellebrite said it cut off Russia, but Russia used its tools anyway
Security researchers found evidence that Russian authorities hacked the iPhone of a political opponent using a phone-unlocking device made by Cellebrite, even after the company said it would stop selling to Putin’s government. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/25/cellebrite-said-it-cut-off-russia-but-russia-used-is-tools-anyway/
-
Russia’s Gamaredon Adapts Tactics to Target Ukraine
Tags: cloud, data, espionage, infrastructure, malware, phishing, russia, spear-phishing, tactics, ukraineEset Documents New Malware Families and Infrastructure Tactics. Eset found Russia’s FSB-linked Gamaredon expanded its malware toolkit, launched dozens of spear-phishing campaigns, and increasingly relied on legitimate cloud, tunneling and social platforms to conceal C2 infrastructure, exfiltrate data and sustain espionage operations targeting Ukraine. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-gamaredon-adapts-tactics-to-target-ukraine-a-32068
-
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally.The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespoke First seen on thehackernews.com Jump to…
-
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER.According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the…
-
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER.According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the…
-
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant…
-
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant…
-
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant…
-
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant…

