Tag: russia
-
Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists
Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks. These attacks, which have also targeted other European organizations, are believed to be the work of a pro-Russian hacktivist group NoName057(16), according to official statements and ongoing investigations by the National Cyber Security Centre (NCSC).…
-
Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations
Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations with large-scale DDoS attacks, the country’s National Cyber Security Center (NCSC) warns. This week, several Dutch and European organizations faced large-scale DDoS attacks launched by Pro-Russia hacktivists, including the NoName057(16) group. Threat actors target organizations across public and private sectors. Russian hacktivist group NoName057(16) claimed some of…
-
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pro-russia-hacktivists-bombard-dutch-public-orgs-with-ddos-attacks/
-
The organizational structure of ransomware threat actor groups is evolving before our eyes
The Ransomware-as-a-service (RaaS) model has not recovered from law enforcement disruption, and the entrance of novice actors along with non-Russian state-linked cybercriminals has led to uncertain outcomes for victims. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-organizational-structure-of-ransomware-threat-actor-groups-is-evolving-before-our-eyes/
-
Large-Scale Phishing Campaigns Target Russia and Ukraine
A large-scale phishing campaign using DarkWatchman and Sheriff malware has been observed targeting companies in Russia and Ukraine First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-campaigns-targets-russia/
-
Putin’s Cyberattacks on Ukraine Rise 70%, With Little Effect
Russia’s cyberattacks on Ukraine have increased dramatically, targeting the country’s government and defense infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/putin-cyberattacks-ukraine-rise-little-effect
-
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Russian companies have been targeted as part of a large-scale phishing campaign that’s designed to deliver a known malware called DarkWatchman.Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said.The activity is assessed to be the work of a…
-
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The financially-motivated group targeted organizations in the media,…
-
How ‘native English’ Scattered Spider group linked to M&S attack operate
Cybersecurity expert says group are ‘unusual but potently threatening’ coalition of ransomware hackersIf there is one noticeable difference between some members of the Scattered Spider hacking community and their ransomware peers, it will be the accent.Scattered Spider has been linked to a <a href=”https://www.theguardian.com/business/2025/apr/29/m-and-s-cyber-attack-linked-to-hacking-group-scattered-spider”>cyber-attack on UK retailer Marks & Spencer. But unlike other <a href=”https://www.theguardian.com/business/2023/jan/13/what-is-lockbit-ransomware-and-how-does-it-operate-malware-royal-mail”>ransomware…
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
Tags: apt, cyber, data, defense, espionage, government, group, infrastructure, phishing, rat, russia, spear-phishingPRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities. Since mid-2022, they’ve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.…
-
France blames Russia for series of cyberattacks
First seen on scworld.com Jump to article: www.scworld.com/brief/france-blames-russia-for-series-of-cyber-attacks
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks
France accuses Russia’s APT28 hacking group (Fancy Bear) of targeting French government entities in a cyber espionage campaign…. First seen on hackread.com Jump to article: hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/
-
DarkWatchman cybercrime malware returns on Russian networks
A financially motivated group tracked as Hive0117 recently attacked multiple Russian industries with a retooled version of DarkWatchman malware, researchers said. First seen on therecord.media Jump to article: therecord.media/darkwatchman-malware-russia-cybercrime-hive0117
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Grinex exchange suspected rebrand of sanctioned Garantex crypto firm
A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/cryptocurrency/grinex-exchange-suspected-rebrand-of-sanctioned-garantex-crypto-firm/
-
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-ties-russian-apt28-hackers-to-12-cyberattacks-on-french-orgs/
-
France blames Russian military intelligence for years of cyberattacks on local entities
In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities. First seen on therecord.media Jump to article: therecord.media/france-blames-russian-military-intelligence-for-hacks-against-local-orgs
-
France says Russian hackers behind attack on Macron’s 2017 presidential campaign
Foreign ministry says Russian military intelligence has attacked a dozen French entities since 2021 including a TV stationFrance has accused Russian military intelligence of carrying out a massive <a href=”https://www.theguardian.com/world/2017/may/06/emmanuel-macron-targeted-by-hackers-on-eve-of-french-election”>cyber-attack on Emmanuel Macron’s first presidential campaign in 2017 as well as several other recent major hacks, including on a TV station and an organisation involved…
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
UK bans game controller exports to Russia in bid to ground drone attacks
Moscow likely to respawn elsewhere First seen on theregister.com Jump to article: www.theregister.com/2025/04/26/uk_russia_controller_drone_attack/
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
New Android spyware is targeting Russian military personnel on the front lines
Trojanized mapping app steals users’ locations, contacts, and more. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/russian-military-personnel-on-the-front-lines-targeted-with-new-android-spyware/
-
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/
-
UK bans export of video game controllers to Russia to hinder attack drone pilots
In a sanctions package including more than 150 new measures, the British government said it was closing loopholes being exploited by the Kremlin. First seen on therecord.media Jump to article: therecord.media/uk-bans-video-game-controllers
-
Booby-trapped Alpine Quest Android app geolocates Russian soldiers
Back of the nyet! First seen on theregister.com Jump to article: www.theregister.com/2025/04/24/hacked_alpine_quest_android_app/
-
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/