Tag: russia
-
Russian threat actor weaponized Microsoft Management Console flaw
A threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russian-threat-actor-weaponizing-microsoft-management-console-zero-day/743558/
-
CVE-2025-2783: Chrome Zero-Day Targets Russian Organizations
Google Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-2783-chrome-zero-day/
-
Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine
The campaign was identified during an investigation into a Bulgarian woman accused of spying for Russia earlier this year. First seen on therecord.media Jump to article: therecord.media/austria-uncovers-russian-disinfo-campaign
-
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-ransomware-gang-exploited-windows-zero-day-before-patch/
-
Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines. The attack manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and…
-
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating First…
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
Lengthy disruption of Russian internet provider claimed by Ukrainian hacker group
A multi-day outage of internet services by Lovit, a widely used provider in cities such as Moscow and St. Petersburg, was claimed by the IT Army, a pro-Ukraine hacking group. First seen on therecord.media Jump to article: therecord.media/russia-isp-lovit-outages-claimed-ukraine-it-army
-
CVE-2025-26633: Water Gamayun Exploits Windows MMC in Active Zero-Day Campaign
A zero-day vulnerability tracked as CVE-2025-26633 is being actively exploited in the wild by a sophisticated Russian-linked threat First seen on securityonline.info Jump to article: securityonline.info/cve-2025-26633-water-gamayun-exploits-windows-mmc-in-active-zero-day-campaign/
-
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin.”Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia,” Silent Push said in a…
-
Meet the Low-Key Access Broker Supercharging Russian State Cybercrime
Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/access-broker-russian-state-cybercrime
-
VanHelsing ransomware emerges to put a stake through your Windows heart
There’s only one rule don’t attack Russia, duh First seen on theregister.com Jump to article: www.theregister.com/2025/03/25/vanhelsing_ransomware_russia/
-
Russia subjected to suspected joint Head Mare, Twelve attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/russia-subjected-to-suspected-joint-head-mare-twelve-attacks
-
Medusa Ransomware Brings Its Own Vulnerable Driver
Tags: breach, crowdstrike, detection, endpoint, group, hacker, malicious, ransomware, russia, software, vulnerability, windowsHackers Use Stolen Certificates to Bypass Endpoint Detection and Response. A Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medusa-ransomware-brings-its-own-vulnerable-driver-a-27813
-
US Weakens Disinformation Defenses, as Russia & China Ramp Up
Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/us-weakens-disinformation-defenses-russia-china-ramp-up
-
Russian Firm Offers $4 Million for Telegram Exploits
A Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations. On March 20, the exploit broker announced on X that it was offering up…
-
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
Tags: advisory, cio, cisa, ciso, communications, cyber, cyberattack, cybersecurity, election, government, group, infrastructure, intelligence, Internet, metric, office, resilience, risk, russia, strategy, technology, threatCreating a national resilience strategy The EO requires the assistant to the President for national security affairs (APNSA), in coordination with the assistant to the President for economic policy and the heads of relevant executive departments and agencies, to publish within 90 days (by June 17) a National Resilience Strategy that articulates the priorities, means,…
-
Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
Russian zero-day broker Operation Zero is looking for exploits for the popular messaging app Telegram, offering up to $4 million for them. Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits, the news was first reported by Tech Crunch. The Russian firm seeks up to $500K for one-click RCE,…
-
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal.”Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents,” the company said. “This suggests First seen…
-
Escalating Ukrainian hacktivist attacks target Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/escalating-ukrainian-hacktivist-attacks-target-russia
-
Major web services go dark in Russia amid reported Cloudflare block
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block the Cloudflare service. First seen on therecord.media Jump to article: therecord.media/russia-websites-dark-reported-cloudflare-block
-
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.”What’s intriguing about this malware is how much it collects,” Kaspersky said in an analysis. “It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla,…
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
China, Russia, North Korea Hackers Exploit Windows Security Flaw
Tags: attack, china, exploit, flaw, government, group, hacker, infrastructure, korea, microsoft, north-korea, russia, threat, update, windowsAmost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro’s VDI unit, Microsoft has no plans to patch the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/china-russia-north-korea-hackers-exploit-windows-security-flaw/
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Low-Cost Drone Add-Ons From China Let Anyone With a Credit Card Turn Toys Into Weapons of War
Chinese ecommerce giants like Temu and AliExpress sell drone accessories like those used by soldiers in the Russia-Ukraine conflict. First seen on wired.com Jump to article: www.wired.com/story/drone-accessories-weapons-of-war/