Tag: russia
-
Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services
Law enforcement dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects. Authorities dismantled a 20-year-old botnet tied to Anyproxy and 5socks as part of an international operation codenamed >>Operation Moonlander
-
Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets
U.S. prosecutors charged four foreign nationals and said a law enforcement operation seized internet domains associated with two powerful botnets. First seen on therecord.media Jump to article: therecord.media/5socks-anyproxy-botnets-takedown-russians-kazakhstani-charged
-
Feds Seize Domains in Global Proxy Botnet Crackdown
Russian, Kazakh Hackers Charged in $46M Proxy Botnet Scheme. Federal prosecutors charged four hackers for running a proxy botnet that exploited infected routers, using domains like Anyproxy.net to resell U.S. network access globally – and generating over $46M before a coordinated international takedown, according to a Friday indictment. First seen on govinfosecurity.com Jump to article:…
-
FBI and Dutch police seize and shut down botnet of hacked routers
U.S. authorities indicted three Russians and one Kazakhstan national for hacking and selling access to a botnet made of vulnerable internet-connected devices. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/
-
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors.In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich…
-
Russia-linked ColdRiver used LostKeys malware in recent attacks
Tags: apt, attack, cyberespionage, espionage, google, government, group, intelligence, malware, russia, threatSince early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. TheColdRiverAPT (aka “Seaborgium”, “Callisto”, “Star Blizzard”,”TA446″) is a Russian cyberespionage group…
-
Nomad Bridge Hacker Apprehended in Connection with $190 Million Heist
Alexander Gurevich, a 47-year-old dual Russian-Israeli citizen, was arrested last Thursday at Ben-Gurion Airport while attempting to flee to Russia under a new identity. Gurevich is the primary suspect in the 2022 Nomad Bridge hack that resulted in approximately $190 million in stolen cryptocurrency, marking one of the largest blockchain security breaches that year. Israeli…
-
Russian Group Launches LOSTKEYS Malware in Attacks
New LOSTKEYS malware has been identified and linked to COLDRIVER by GTIG, stealing files and system data in targeted attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-group-lostkeys-malware/
-
Google links new LostKeys data theft malware to Russian cyberspies
Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-new-lostkeys-data-theft-malware-to-russian-cyberspies/
-
Russian COLDRIVER Hackers Deploy LOSTKEYS Malware to Steal Sensitive Information
The Google Threat Intelligence Group (GTIG) has uncovered a sophisticated new malware dubbed LOSTKEYS, attributed to the Russian government-backed threat actor COLDRIVER, also known as UNC4057, Star Blizzard, and Callisto. Active since at least December 2023, with significant campaigns observed in January, March, and April 2025, LOSTKEYS represents a notable evolution in COLDRIVER’s toolkit, which…
-
Russian state-linked Coldriver spies add new malware to operation
A Russian cyber-espionage group tracked as Coldriver by Google researchers has updated its malware toolset. First seen on therecord.media Jump to article: therecord.media/coldriver-russia-cyber-espionage-lostkeys-malware
-
India-Pakistan conflict underscores your C-suite’s need to prepare for war
Tags: business, ciso, communications, conference, cyber, cyberattack, data-breach, disinformation, government, india, infrastructure, military, network, russia, service, supply-chain, ukraine, update, usa, vulnerabilityHow the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in…
-
Google Uncovers LOSTKEYS Malware Used by Russian COLDRIVER for Cyber Espionage
In a concerning escalation of cyber-espionage activity, Google’s Threat Intelligence Group (GTIG) has revealed the emergence of a First seen on securityonline.info Jump to article: securityonline.info/google-uncovers-lostkeys-malware-used-by-russian-coldriver-for-cyber-espionage/
-
Cyberwarfare Funding Accelerates and Everyone is at Risk
Tags: attack, china, cyber, cyberattack, cybersecurity, data, defense, exploit, finance, government, healthcare, infrastructure, risk, russia, service, tool, vulnerability, warfareNations are investing heavily in offensive cyber capabilities. The proposed 2026 US defense budget earmarks an additional $1 billion in funding for offensive cyber operations, specifically to the US Indo-Pacific Command (USINDOPACOM). In 2025, the Department of Defense spent over $14 billion on cyber, with $6.4 billion allocated to offensive operations. An extra billion dollars…
-
Critical Open Source Library ‘easyjson’ Linked to Russian VK Group
Hunted Labs has uncovered that a widely used open source library”, easyjson”, is maintained and controlled by developers associated with First seen on securityonline.info Jump to article: securityonline.info/critical-open-source-library-easyjson-linked-to-russian-vk-group/
-
Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials
A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers hijacked her account to orchestrate a fake $125,000 cash giveaway. The attackers employed advanced techniques, including AI-generated deepfake videos and meticulously crafted phishing campaigns, to deceive followers into surrendering sensitive banking information. This incident highlights the growing threat of cyber fraud…
-
Phony Hacktivist Pleads Guilty to Disney Data Leak
After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists’ rights and ensuring they receive fair compensation for their work. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/phony-hacktivist-pleads-guilty-disney-leak
-
Russian hackers target Romanian state websites on election day
A Russian-linked hacktivist group launched DDoS attacks on several Romanian websites over the weekend, as voters headed to the polls to elect a new president. First seen on therecord.media Jump to article: therecord.media/hackers-target-romanian-websites-election
-
RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals
The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has been targeting UK companies in the retail, hospitality, and critical national infrastructure (CNI) sectors in a recently discovered cyber espionage and profit-driven operation called >>Operation Deceptive Prospect.
-
Azerbaijan blames Russian state hackers for cyberattacks on local media
The Kremlin-backed hacking group known as APT29 was responsible for a February cyberattack on local media, said Azerbaijan’s government, which has moved to reduce Russian influence recently. First seen on therecord.media Jump to article: therecord.media/azerbaijan-blames-media-cyberattacks-russia-apt29
-
California Man Will Plead Guilty to Last Year’s Disney Hack
A 25-year-old California man will plead guilty to hacking into a Disney’s personal computer and using stolen credentials to break into thousands of Disney Slack channels. Ryan Mitchell Kramer, who claimed to be a member of the Russian group NullBulge, then leaked the data when the victim didn’t respond to his emails. First seen on…
-
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm. First seen on wired.com Jump to article: www.wired.com/story/easyjson-open-source-vk-ties/
-
Hacking Spree Hits UK Retail Giants
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death. First seen on wired.com Jump to article: www.wired.com/story/hacking-spree-hits-uk-retail-giants/
-
State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape
Tags: attack, cyber, cybersecurity, government, group, india, infrastructure, military, russia, threat, ukraineGlobal cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts: BlackJack, Handala Group, Indian Cyber Force, and NoName057(16). Critical infrastructure, including government, military, transportation, logistics,…
-
Pro-Russian hacktivists intensify DDoS attacks on Dutch orgs
First seen on scworld.com Jump to article: www.scworld.com/brief/pro-russian-hacktivists-intensify-ddos-attacks-on-dutch-orgs
-
Updated DarkWatchman malware sets sights on Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/updated-darkwatchman-malware-sets-sights-on-russia
-
Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure, government agencies, political leaders, and organizations related to NATO. Their operations are characterized by the…
-
Disney Slack Channel Hacker Pleads Guilty
Hacker Who Feigned Russian Hacktivist Persona Faces Up to a Decade in Prison. A California man whose theft of a terabyte of company data from Disney led the media and entertainment conglomerate to eschew Slack pleaded guilty in Los Angeles federal court to two felony charges. Santa Clarita resident Ryan Mitchell Kramer, 25, gained access…
-
Disney Slack attack wasn’t Russian protesters, just a Cali dude with malware
A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse First seen on theregister.com Jump to article: www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/