Tag: russia
-
US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations
Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators. First seen on cyberscoop.com Jump to article: cyberscoop.com/bulletproof-hosting-provider-aezagroup-sanctions/
-
Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work
Support for ransomware, darknet drug markets and other cybercrime activity landed the Russian company Aeza Group on the U.S. government’s sanctions list, the Treasury Department said. First seen on therecord.media Jump to article: therecord.media/russia-bulletproof-hosting-aeza-group-us-sanctions
-
Cyberattack on Russian independent media had links to US-sanctioned institute, researchers find
A Russian hosting provider allegedly involved in a recent cyberattack against independent media organizations in the country is reportedly connected to a state-affiliated research center sanctioned by the U.S. First seen on therecord.media Jump to article: therecord.media/cyberattack-on-russian-media-linked-to-sanctioned-institute
-
Aeza Group sanctioned for hosting ransomware, infostealer servers
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/aeza-group-sanctioned-for-hosting-ransomware-infostealer-servers/
-
TA829 Hackers Use New TTPs and Enhanced RomCom Backdoor to Evade Detection
The cybercriminal group TA829, also tracked under aliases like RomCom, Void Rabisu, and Tropical Scorpius, has been observed deploying sophisticated tactics, techniques, and procedures (TTPs) alongside an updated version of its infamous RomCom backdoor, now dubbed SingleCamper (aka SnipBot). This group, known for blending financially motivated cybercrime with espionage campaigns often aligned with Russian state…
-
Snake Keyloggers Exploit Java Utilities to Evade Detection by Security Tools
The S2 Group Intelligence team has uncovered a Russian-origin malware known as Snake Keylogger, a stealer coded in .NET, leveraging legitimate Java utilities to bypass security tools. This operation, distributed via a Malware as a Service (MaaS) model, targets diverse victims, including companies, governments, and individuals, with a particular focus on the oil industry during…
-
US Sanctions Aeza Group for Hosting Infostealers, Ransomware
Russian Bulletproof Host Also Designated a Front Company in the UK. The United States cut off from the U.S.-dominated international financial system a Russian provider of digital infrastructure to cybercriminal groups, accusing St. Petersburg-based Aeza Group of hosting infostealers and ransomware operations. The U.S. said Aeza is a bulletproof hosting service. First seen on govinfosecurity.com…
-
New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage
Proofpoint has identified similarities between the tactics of a pro-Russian cyber espionage group and a cybercriminal gang First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/major-overlaps-cybercrime-espionage/
-
North Korean IT Workers Employ New Tactics to Infiltrate Global Organizations
Tags: ai, china, cyber, intelligence, korea, microsoft, north-korea, russia, tactics, technology, threat, toolMicrosoft Threat Intelligence has uncovered a sophisticated operation by North Korean remote IT workers who are leveraging cutting-edge artificial intelligence (AI) tools to infiltrate organizations worldwide. Since at least 2020, these highly skilled individuals, often based in North Korea, China, and Russia, have been targeting technology-related roles across various industries to generate revenue for the…
-
Cloudflare confirms Russia restricting access to services amid free internet crackdown
Russia has been cracking down on Cloudflare for months, with similar restrictions imposed on other foreign cloud and hosting providers. First seen on therecord.media Jump to article: therecord.media/cloudflare-russia-restricting-access-crackdown
-
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks
The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66.Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that leverages…
-
Russian Throttling of Cloudflare ‘Renders Many Websites Barely Usable’
Russian ISPs, under the direction of the government, are choking the access of Russian citizens to websites protected by Cloudflare, limiting them to 16 KB of data, which the U.S.-based company said makes the sites “barely usable.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/russian-throttling-of-cloudflare-renders-many-websites-barely-usable/
-
Russia’s throttling of Cloudflare makes sites inaccessible
Starting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/russias-throttling-of-cloudflare-makes-sites-inaccessible/
-
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks
Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-managementThe current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
-
Breach Roundup: UK NHS Links Patient Death to Ransomware Attack
Also, O Canada, Oh Brother and More Probable Chinese Hacking. This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice. First…
-
Bipartisan bill seeks to ban federal agencies from using DeepSeek, AI tools from ‘foreign adversaries’
A pair of senators introduced a bill that would ban federal agencies from using artificial intelligence tools produced in countries considered “foreign adversaries”, a term that legally covers Russia, China, Iran and North Korea. First seen on therecord.media Jump to article: therecord.media/bipartisan-bill-ban-deepseek-federal
-
REvil ransomware members freed by Russia after conviction
First seen on scworld.com Jump to article: www.scworld.com/brief/revil-ransomware-members-freed-by-russia-after-conviction
-
Russia releases REvil members after convictions for payment card fraud
Four convicted members of the REvil cybercrime gang were released from custody after being sentenced in St. Petersburg for offenses related to payment card fraud. First seen on therecord.media Jump to article: therecord.media/revil-cybercrime-gang-members-released-russia
-
Russia-linked APT28 use Signal chats to target Ukraine official with malware
Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official…
-
Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt
Russian judge lets off accused with time served but others who refused to plead guilty face years in penal colony First seen on theregister.com Jump to article: www.theregister.com/2025/06/24/four_revil_ransomware_suspects_time_served/
-
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT.BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as…
-
Successful Military Attacks are Driving Nation States to Cyber Options
Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfareWith daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…
-
Russian court releases several REvil ransomware gang members
Despite being sentenced to five years in prison, the court released the four men on time served. First seen on cyberscoop.com Jump to article: cyberscoop.com/revil-ransomware-sentence-russia-time-served/
-
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt28-hackers-use-signal-chats-to-launch-new-malware-attacks-on-ukraine/
-
Animal certification system compromise impacts Russian dairy supply chain
First seen on scworld.com Jump to article: www.scworld.com/brief/animal-certification-system-compromise-impacts-russian-dairy-supply-chain
-
Revil ransomware members released after time served on carding charges
Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/revil-hackers-released-after-time-served-on-carding-charges/