Tag: russia
-
Western cyber aid to Ukraine faces strain as Russia’s war drags on
As the war between Russian and Ukraine continues, Western cyber support is waning, raising growing concerns about the long-term effectiveness of these efforts. First seen on therecord.media Jump to article: therecord.media/western-cyber-aid-to-ukraine-faces-strain-war-drags
-
DDoS-Angriff auf die russische Eisenbahn
Digital disruptions continue for Russian transportation, this time at state railway First seen on therecord.media Jump to article: therecord.media/russia-state-railway-rzd-ddos-website-app
-
Russia tightens cybersecurity measures as financial fraud hits record high
Vladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers. First seen on therecord.media Jump to article: therecord.media/russia-tightens-cyber-measures-as-fraud-hits-record-high
-
Ukraine Blames Russia for Railway Hack, Labels It Act of Terrorism
The CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ukraine-russia-railway-hack/
-
Digital disruptions continue for Russian transportation, this time at state railway
A day after an incident affected the Moscow subway system, Russian state railway RZD said a distributed denial-of-service (DDoS) attack disrupted its website and app. First seen on therecord.media Jump to article: therecord.media/russia-state-railway-rzd-ddos-website-app
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign
A recent report by Intrinsec has uncovered the activities of Russia-aligned intrusion sets, UAC-0050 and UAC-0006, which have First seen on securityonline.info Jump to article: securityonline.info/bulletproof-hosting-fuels-russia-linked-intrusion-sets-global-cyber-campaign/
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
Russian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…
-
Operation HollowQuill Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs to deliver Cobalt Strike malware implants. The campaign appears to focus on infiltrating critical institutions such as the Baltic State Technical University (BSTU…
-
News brief: China-linked APTs and Russian access broker
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366621697/News-brief-China-linked-APTs-and-Russian-access-broker
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.”The threat actor deploys payloads primarily by means…
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine
Water Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive data, and maintain persistent control over infected machines. The exploit leverages custom payloads and advanced…
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
A new targeted malware campaign linked to the Russian state-aligned group Gamaredon is exploiting Windows shortcut (.LNK) files First seen on securityonline.info Jump to article: securityonline.info/gamaredon-exploits-troop-movement-lures-to-spread-remcos-via-dll-sideloading/
-
Russian Intelligence Impersonates CIA in Phishing Attacks
Silent Push Threat Analysts uncover a multi-cluster phishing operation leveraging fake CIA and anti-Putin group websites to harvest First seen on securityonline.info Jump to article: securityonline.info/russian-intelligence-impersonates-cia-in-phishing-attacks/
-
Firefox fixes flaw similar to Chrome zero-day used against Russian organizations
Developers of Mozilla’s Firefox say that reports on a Google Chrome zero-day vulnerability led them to find a similar bug for the Windows version of their browser. First seen on therecord.media Jump to article: therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
-
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows First seen on theregister.com Jump to article: www.theregister.com/2025/03/28/google_kaspersky_mozilla/
-
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
The phishing campaign is highly sophisticated! First seen on hackread.com Jump to article: hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/
-
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/firefox-affected-by-flaw-similar-to-chrome-zero-day-exploited-in-russia/
-
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
In a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be orchestrated by Russian Intelligence Services or aligned actors, utilizes a network of fraudulent websites to…
-
Russian internet provider purportedly breached by Ukrainian hacktivists
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-internet-provider-purportedly-breached-by-ukrainian-hacktivists
-
Leaked Black Basta chat logs indicate ties to Russian officials
First seen on scworld.com Jump to article: www.scworld.com/brief/leaked-black-basta-chat-logs-indicate-ties-to-russian-officials
-
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
Russian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users. First seen on therecord.media Jump to article: therecord.media/mamont-banking-malware-arrests-russia
-
Russian Espionage Group Using Ransomware in Attacks
Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Cyberangriff auf ein Mineralöl-Unternehmen in Russland
Russian Lukoil hit by large-scale cyberattack First seen on newsukraine.rbc.ua Jump to article: newsukraine.rbc.ua/news/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html
-
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Raspberry Robin, also known as Roshtyak or Storm-0856, has evolved from a simple worm targeting copy shops to First seen on securityonline.info Jump to article: securityonline.info/raspberry-robin-from-copy-shop-worm-to-russian-gru-cyber-tool/