Tag: russia
-
WinRAR zero-day exploited by RomCom hackers in targeted attacks
ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088/
-
WinRAR zero day exploited by RomCom hackers in targeted attacks
ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088/
-
WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware
Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to… First seen on hackread.com Jump to article: hackread.com/winrar-zero-day-cve-2025-8088-spread-romcom-malware/
-
Breach Roundup: Chinese Duo Held for Illegal AI Chip Exports
Also: Ukrainian Hackers Find Evidence of Russian Child Abduction. This week, a Chinese duo arrested in Los Angeles for illegal artificial intelligence chip exports back to China, France extradited an accused Nigerian hacker, Ukraine hacked Crimean servers, Florida prison email leak, Tea App clone exposed users’ IDs. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-chinese-duo-held-for-illegal-ai-chip-exports-a-29148
-
BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown
The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations. First seen on cyberscoop.com Jump to article: cyberscoop.com/blacksuit-royal-ransomware-450-us-victims/
-
Details emerge on BlackSuit ransomware takedown
The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year. First seen on cyberscoop.com Jump to article: cyberscoop.com/blacksuit-ransomware-takedown/
-
Russia Uses ISPs to Spy on Diplomats, Warns Microsoft
Russian Intelligence Tied to SSL Stripping Attacks Designed for Eavesdropping. Russian intelligence since 2024 has been using their country’s internet service providers to run adversary-in-the-middle attacks designed to infect diplomats inside the country’s borders with intelligence-gathering malware, Microsoft warns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russia-uses-isps-to-spy-on-diplomats-warns-microsoft-a-29113
-
Hacked Crimean servers reveal information about abducted children, Ukraine says
Ukraine’s military intelligence agency said it hacked into government servers in Russian-occupied Crimea that allegedly contained evidence of Russia’s forced deportation of Ukrainian children from occupied territories. First seen on therecord.media Jump to article: therecord.media/hacked-crimean-servers-abducted-children
-
Microsoft briefly turned off Indian company’s cloud, perhaps due to EU sanctions on Russia
Oh, the irony of Europe demonstrating the importance of the sovereign cloud it craves First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/nayara_energy_microsoft_india/
-
ISS is still leaking air after latest repair efforts fail
Tags: russiaRussian boffins searching for root cause in their segment of the outpost, former cosmonaut says First seen on theregister.com Jump to article: www.theregister.com/2025/08/01/iss_is_still_leaking/
-
Hackers leak purported Aeroflot data as Russia denies breach
Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights. First seen on therecord.media Jump to article: therecord.media/hackers-leak-purported-aeroflot-data
-
Russia’s mobile internet shutdowns hit record high amid Ukrainian drone attacks
Russia shut down mobile internet services more than 2,000 times in July as authorities ramped up digital restrictions in the name of security. First seen on therecord.media Jump to article: therecord.media/russia-mobile-internet-shutdowns-record
-
Blizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious Sites
Tags: blizzard, cyber, cyberespionage, data-breach, group, intelligence, Internet, malicious, malware, microsoft, russia, service, threatMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to deploy the custom ApolloShadow malware. This campaign, ongoing since at least 2024, leverages an AiTM position at the Internet Service Provider…
-
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/secret-blizzard-moscow-embassies/
-
Russian State Hackers Spy on Moscow Embassies via ISP-Level AiTM Attacks
The post Russian State Hackers Spy on Moscow Embassies via ISP-Level AiTM Attacks appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-state-hackers-spy-on-moscow-embassies-via-isp-level-aitm-attacks/
-
Microsoft catches Russian hackers targeting foreign embassies
End goal is the installation of a malicious TLS root certificate for use in intel gathering. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/07/microsoft-catches-russian-hackers-targeting-foreign-embassies/
-
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…
-
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow.”ApolloShadow has the capability to install a trusted root certificate to…
-
Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-russian-hackers-use-isp-access-to-hack-embassies-in-aitm-attacks/
-
Kremlin monitors foreign embassies in Moscow through cyber-espionage at ISP level
In a warning to foreign embassies in Moscow, Microsoft said a Russian state-backed hacking group known as Secret Blizzard or Turla has been using internet service providers for adversary-in-the-middle (AiTM) attacks. First seen on therecord.media Jump to article: therecord.media/russia-fsb-turla-espionage-foreign-embassies-isp-level
-
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-secret-blizzard-espionage-embassies-moscow/
-
Kremlin goons caught abusing ISPs to spy on Moscow-based diplomats, Microsoft says
Russia spying on foreign embassies? Say it ain’t so First seen on theregister.com Jump to article: www.theregister.com/2025/07/31/kremlin_goons_caught_abusing_isps/
-
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. First seen on wired.com Jump to article: www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
-
Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-secret-blizzard-apt-embassy-isps
-
LAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts
The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, this campaign targeted Ukraine’s security and defense sectors earlier this month, initiating with spearphishing emails dispatched…
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
Russia blocks popular US-made internet speed test tool over national security concerns
Speedtest, made by Seattle-based Ookla, collects data that could be exploited for cyberattacks, Russia’s telecom regulator said in blocking the service. First seen on therecord.media Jump to article: therecord.media/russia-bans-speedtest-ookla
-
Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services
The Stolichki pharmacy chain, which operates about 1,000 stores across Russia confirmed that a technical failure that halted its operations on Tuesday was caused by a hack. First seen on therecord.media Jump to article: therecord.media/cyberattack-shuts-down-russian-pharmacies
-
Hackers Deploy Cobalt Strike Beacon Using GitHub and Social Media
A sophisticated cyberattack campaign disrupted the Russian IT industry and entities in several other countries, leveraging advanced evasion techniques to deploy the notorious Cobalt Strike Beacon. Attackers ingeniously concealed payload information within user profiles on platforms like GitHub, Microsoft Learn Challenge, Quora, and Russian social networks, blending malicious data into legitimate user-generated content to bypass…
-
Cyberangriff auf zwei Apotheken-Ketten in Russland
Cyberattacks Force Major Russian Pharmacy Chains to Shut Down First seen on themoscowtimes.com Jump to article: www.themoscowtimes.com/2025/07/29/cyberattacks-force-major-russian-pharmacy-chains-to-shut-down-a90014