Tag: russia
-
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure
Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/midnight-european-diplomats-wine/
-
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
-
China Plans Expanded Cybersecurity Cooperation with Russia
China has announced a significant step forward in its partnership with Russia, with plans to expand their cooperation in the field of cybersecurity. In an article published by Sputnik News, Chinese Ambassador to Russia Zhang Hanhui outlined Beijing’s intention to deepen its collaboration, emphasizing the shared importance both countries place on digital security and the…
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
Russia-linked APT29 targets European diplomats with new malware
WINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts
Legal battle: As it stands, the allegations are being made by one individual, and the evidence behind them has yet to be examined independently.In a statement to NPR, an NLRB representative said that while Berulis had raised concerns within the agency, an investigation had “determined that no breach of agency systems occurred.”That said, it won’t…
-
Anonymous Releases 10TB of Leaked Data Targeting Russia
Recently, the hacktivist collective Anonymous has claimed responsibility for a sweeping cyberattack against Russia, releasing a staggering 10 First seen on securityonline.info Jump to article: securityonline.info/anonymous-releases-10tb-of-leaked-data-targeting-russia/
-
Whistleblower describes DOGE IT dept rampage at America’s labor watchdog
Ignored infosec rules, exfiltrated data “¦ then the mysterious login attempts from a Russian IP address began claim First seen on theregister.com Jump to article: www.theregister.com/2025/04/17/whistleblower_nlrb_doge/
-
CVE program averts swift end after CISA executes 11-month contract extension
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
BidenCash Market Dumps 1 Million Stolen Credit Cards on Russian Forum
BidenCash dumps almost a million stolen credit card records on Russian forum, exposing card numbers, CVVs, and expiry dates in plain text with no cardholder names. First seen on hackread.com Jump to article: hackread.com/bidencash-market-leak-credit-cards-russian-forum/
-
Russians lure European diplomats into malware trap with wine-tasting invite
Vintage phishing varietal has improved with age First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/cozy_bear_grapeloader/
-
APT29 Hackers Use GRAPELOADER in New Attack Against European Diplomats
Check Point Research (CPR) has uncovered a new targeted phishing campaign employing GRAPELOADER, a sophisticated initial-stage downloader, launched by the notorious Russian-linked hacking group APT29, known alternatively as Midnight Blizzard or Cozy Bear. This campaign, identified since January 2025, primarily focuses on European governments and diplomatic entities. Campaign Overview APT29, recognized for its sophisticated cyber…
-
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to…
-
CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo
Tags: china, cisa, cve, cyber, cybersecurity, data, detection, endpoint, flaw, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, technology, threat, vulnerability, vulnerability-managementMITRE’s CVE program foundational to cybersecurity: MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.Although…
-
Whistleblower Accuses DOGE of Data-Harvesting Cover Up
Complaint Says Russia-Based IP Address Attempted to Gain Access as DOGE Took Data. A whistleblower has accused staffers from the Department of Government Efficiency of attempting to cover their tracks while collecting troves of sensitive data from the independent labor agency’s computer systems, raising significant security concerns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whistleblower-accuses-doge-data-harvesting-cover-up-a-28013
-
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/
-
Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats
Russia-backed APT29’s latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages, errr, victims, and delivers a novel backdoor, GrapeLoader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/wine-inspired-phishing-eu-diplomats
-
Attacks with novel PowerModul implant target Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-with-novel-powermodul-implant-target-russia
-
Advanced device code phishing leveraged by Russian APT
First seen on scworld.com Jump to article: www.scworld.com/brief/advanced-device-code-phishing-leveraged-by-russian-apt
-
Possible Russian Hackers Targeted UK Ministry of Defense
Spear-Phishing Campaign Used RomCom Malware Variant. A phishing campaign wielding malware previously associated with Russian-speaking hackers targeted the U.K. Ministry of Defense in late 2024. It is unclear if the campaign is tied to a data leak of 600 armed personnel, civil servants, and defense contractors reported late last year. First seen on govinfosecurity.com Jump…
-
Goffee Deploys PowerShell Implant to Target Russian Entities
Goffee Targets Russian Entities With USB-Based PowerShell Malware. A threat actor that focuses on Russian targets is spreading a new PowerShell implant that includes modules for stealing files from thumb drives and propagating itself through a USB worm. Its targets include critical infrastructure sectors such as energy, telecommunications and government. First seen on govinfosecurity.com Jump…
-
UK appoints security and intelligence specialist as ambassador to France
Sir Thomas Drew, previously a top official in the Foreign Office and a key figure in Britain’s response to Russia’s invasion of Ukraine, will be the U.K.’s ambassador to France as the two countries prepare to work more closely on security issues. First seen on therecord.media Jump to article: therecord.media/thomas-drew-security-intelligence-specalist-uk-ambassador-france
-
US Blocks Foreign Governments from Acquiring Citizen Data
The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-foreign-governments-acquiring/
-
DoJ Launches Critical National Security Program to Protect Americans’ Sensitive Data
The U.S. Department of Justice has launched a landmark initiative to block foreign adversaries”, including China, Russia, and Iran”, from exploiting commercial channels to access sensitive American data. The Data Security Program (DSP), enacted under Executive Order 14117, establishes stringent controls over transactions involving U.S. government-related data and bulk personal information such as genomic, financial,…
-
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations
The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack organizations in Russia Atomic…
-
Russian Shuckworm APT is back with updated GammaSteel malware
files.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…
-
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in late February 2025 and continued into March, signifies Shuckworm’s persistent focus on Ukrainian entities and…