Tag: russia
-
Hackers posing as Kyrgyz officials target Russian agencies in cyber espionage campaign
A hacker group known as Cavalry Werewolf has launched a months-long cyber espionage campaign targeting Russia’s public sector as well as energy, mining and manufacturing companies. First seen on therecord.media Jump to article: therecord.media/hackers-pose-kyrgyz-officials-russia-cyber-espionage
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
Russia, China Will Weaponize UN Cyber Treaty, FDD Warns
Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty. The United Nations’ cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms – despite U.S. opposition and mounting civil society alarm, analysts warned Thursday. First seen on govinfosecurity.com…
-
PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine
SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure. First seen on hackread.com Jump to article: hackread.com/phantomcaptcha-rat-attack-targets-ukraine/
-
Russian Hackers Pivot Fast With New “ROBOT” Malware Chain
Russian hackers launched a new “ROBOT” malware chain after LOSTKEYS was exposed. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/russian-hackers-pivot-fast-with-new-robot-malware-chain/
-
New Python-Based RAT Disguised as Minecraft App Steals Sensitive User Data
Threat researchers at Netskope have uncovered a sophisticated new Remote Access Trojan (RAT) written in Python that masquerades as >>Nursultan Client,
-
Russia’s Coldriver Ramps Up Malware Development After LostKeys Exposure
Google threat researchers in May publicized the Russian-based threat group Coldriver’s LostKeys credential-stealing malware. However, five days later, the bad actors launched three new malware families that they developed rapidly and used aggressively in their campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/russias-coldriver-ramps-up-malware-development-after-lostkeys-exposure/
-
Russia’s Coldriver Ramps Up Malware Development After LostKeys Exposure
Google threat researchers in May publicized the Russian-based threat group Coldriver’s LostKeys credential-stealing malware. However, five days later, the bad actors launched three new malware families that they developed rapidly and used aggressively in their campaigns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/russias-coldriver-ramps-up-malware-development-after-lostkeys-exposure/
-
Russia Pivots, Cracks Down on Resident Hackers
Thanks to improving cybersecurity and law enforcement action from the West, Russia’s government is reevaluating which cybercriminals it wants to give safe haven from the law. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-cracks-down-low-level-hackers
-
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools
Tags: access, attack, authentication, awareness, captcha, ceo, communications, control, credentials, cyber, cybersecurity, data, defense, detection, edr, email, endpoint, espionage, exploit, group, hacker, incident response, least-privilege, login, malicious, malware, mfa, monitoring, network, phishing, powershell, russia, strategy, tactics, theft, threat, tool, training, update, vulnerability, vulnerability-management, zero-trustEvolving tactics and strategies: Analysts said ColdRiver, which for years focused on credential theft and email account compromise, is shifting toward multi-stage intrusions that rely on users to execute malicious code.By using ClickFix pages that mimic CAPTCHA verification screens, the group can bypass email security filters and deliver malware directly to victims’ devices, increasing the…
-
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and…
-
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and…
-
Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure
Russia-linked COLDRIVER rapidly evolved its malware since May 2025, refining tools just days after releasing its LOSTKEYS variant, says Google. The Russia-linked hacking group COLDRIVER has been quickly upgrading its malware since May 2025, when its LOSTKEYS malware was exposed. According to Google’s Threat Intelligence Group, the hackers have been rolling out frequent updates and…
-
Google Exposes Russian Disinformation Blitz Over Poland Airspace Incursion Using Portal Kombat Network
The post Google Exposes Russian Disinformation Blitz Over Poland Airspace Incursion Using Portal Kombat Network appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/google-exposes-russian-disinformation-blitz-over-poland-airspace-incursion-using-portal-kombat-network/
-
Russia’s Coldriver Revamps Malware to Evade Detection
Russian Intel Hackers Flexible in Face of Detection. Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-coldriver-revamps-malware-to-evade-detection-a-29776
-
Google finds Russian state hackers replacing burned malware with new tools
A Russia-linked group tracked as Coldriver or Callisto is using three new pieces of malicious code to replace the LostKeys malware outed by Google earlier this year, the company said. First seen on therecord.media Jump to article: therecord.media/coldriver-callisto-russia-hackers-new-malware-google
-
Russian Disinformation Followed Drone Incursion of Poland
Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers. After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts. First seen on govinfosecurity.com…
-
Russia pressures Apple to make Russian search engines default on locally-sold iPhones
In a letter to Apple cited by the state news agency TASS, the Federal Antimonopoly Service (FAS) said Apple’s current setup gives preference to foreign search engines, putting local providers at a “competitive disadvantage” and infringing on consumers’ rights. First seen on therecord.media Jump to article: therecord.media/russia-apple-search-engine-default
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf”, also tracked as YoroTrooper and Silent Lynx”, executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, and manufacturing. The coordinated offensive leveraged trusted relationships for highly targeted spear-phishing and deployed a custom multi-language malware…
-
New LOSTKEYS Malware Tied to Russian State-Sponsored Hacker Group COLDRIVER
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. After details of LOSTKEYS surfaced, COLDRIVER (also tracked as UNC4057, Star Blizzard, and Callisto) pivoted away from the compromised malware.…
-
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor.The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following…
-
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor.The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following…
-
Russian Coldriver Hackers Deploy New ‘NoRobot’ Malware
The Coldriver hacking group reportedly shifted its operation quickly after the May 2025 public disclosure of its LostKeys malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-coldriver-hackers-new/
-
Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases
Russian hackers stole and leaked MoD files on eight RAF and Navy bases, exposing staff data in a “catastrophic” cyberattack via Dodd Group breach. Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident…
-
ColdRiver Drops Fresh Malware on Targets
The Russia-backed threat actor’s latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/coldriver-drops-fresh-malware-targets

