Tag: russia
-
GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks
The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate their intrusion capabilities and carry out coordinated strikes effectively. PowerModul and Initial Infection Vectors PowerModul…
-
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
-
Tainted drive appears to be source of malware attack on Western military mission in Ukraine
Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine. First seen on therecord.media Jump to article: therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine
-
Romanian man arrested in UK on suspicion of aiding Russian sabotage campaign
Tags: russiaBritish police arrested a 38-year-old Romanian man suspected of connections to a fire at a DHL warehouse that appeared to be part of a larger sabotage campaign attributed to Russian intelligence. First seen on therecord.media Jump to article: therecord.media/romanian-man-arrested-uk-suspicion-dhl-sabotage-campaign
-
Shuckworm’s Sophisticated Cyber Campaign Targets Ukraine Military Mission
Russia-linked espionage group Shuckworm (also known as Gamaredon or Armageddon) has launched a renewed and more sophisticated cyber campaign targeting a foreign military mission based in Ukraine, according to a detailed report by the Symantec Threat Hunter Team. This latest wave of activity, which began in February 2025 and continued through March, underscores Shuckworm’s relentless…
-
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first…
-
New Russia-linked cyberespionage campaign abuses Windows RDP
First seen on scworld.com Jump to article: www.scworld.com/brief/new-russia-linked-cyberespionage-campaign-abuses-windows-rdp
-
Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime ecosystem. The report highlights the sophistication and resilience of this community, which has been a pioneer in cybercriminal innovation. Sophisticated Tools and Techniques The Russian-speaking…
-
Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
Tags: apt, authentication, cyber, exploit, government, group, hacker, intelligence, mfa, microsoft, phishing, russia, threatRussian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow”, a legitimate authentication mechanism”, to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence…
-
Rogue RDP: Abusing RDP for File Theft and Espionage
A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
-
Germany links cyberattack on research group to Russian state-backed hackers
The German Association for Eastern European Studies (DGO) said the attack at the end of March targeted email systems, bypassing security measures put in place after another recent breach with suspected Russian links. First seen on therecord.media Jump to article: therecord.media/germany-links-cyberattack-russian-hackers
-
Attackers Exploit SourceForge Platform to Distribute Malware
Tags: attack, cyber, cybercrime, cybersecurity, exploit, infection, malicious, malware, russia, softwareA recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This attack, primarily targeting Russian-speaking users, has raised alarms within the cybersecurity community for its level…
-
Russian bots hard at work spreading political unrest on Romania’s internet
Internet users in Romania are finding their social media posts and online news articles bombarded with comments promoting blatant propaganda, inciting hatred towards the EU and NATO, and support for Vladimir Putin’s Russia. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/russian-bots-hard-at-work-spreading-political-unrest-on-romanias-internet
-
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
Two other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure. First seen on therecord.media Jump to article: therecord.media/doppelganger-ceo-arrests-russia-tech
-
Russia jails hacker for two years over cyberattack on local tech company
A Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company. First seen on therecord.media Jump to article: therecord.media/russia-jails-hacker-over-cyberattack-on-tech-firm
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB
A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused of smuggling sensitive trade secrets to Russia over a span of nearly nine years. The engineer, originally from Russia, reportedly transferred confidential information using USB drives while traveling regularly to Moscow, where authorities allege he received cash payments for his…
-
Surge in threat actors scanning Juniper, Cisco, and Palo Alto Networks devices
Scanning for Palo Alto Networks portals: Meanwhile, researchers at GreyNoise this week reported seeing a recent significant surge in login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect portals. GlobalProtect is an endpoint application that allows employees to access a company’s resources remotely.Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access…
-
Operation HollowQuill Unveiled: Weaponized Documents Infiltrate Russia’s Defense Sector
A recent report by SEQRITE Labs APT-Team has shed light on a sophisticated campaign, dubbed Operation HollowQuill, targeting First seen on securityonline.info Jump to article: securityonline.info/operation-hollowquill-unveiled-weaponized-documents-infiltrate-russias-defense-sector/
-
US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs
Ransomware gangs and Russian government hackers are increasingly turning to an old tactic called “fast flux” to hide the location of infrastructure used in cyberattacks. First seen on therecord.media Jump to article: therecord.media/us-australia-canada-warn-of-fast-flux-ransomware-rusia
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations
EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This partnership has heightened the threat landscape, as both entities leverage advanced tools and techniques to target organizations across the globe. EvilCorp: A History of Cybercrime EvilCorp, led by Maksim Yakubets, has long been notorious…
-
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools
Seashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide. Associated with Russia’s Military Intelligence Unit 74455 (GRU), this group has been active since at least 2009, focusing on sectors such as energy, telecommunications, government, military, manufacturing, and retail. Their operations often involve long-term access…
-
Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware
The cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/coquettte-hacker-malware-bph/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Emulating the Sophisticated Russian Adversary Seashell Blizzard
AttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-sophisticated-russian-adversary-seashell-blizzard/
-
Hackers Exploit Cloudflare for Advanced Phishing Attacks
A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes. Researchers at Hunt.io have identified this new wave of attacks, which employs Cloudflare-branded phishing pages and advanced tactics to evade detection. The campaign utilizes Cloudflare’s Pages.dev and Workers.dev platforms typically used…