Tag: russia
-
Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers
Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers.…
-
Is Russia Reining-In Ransomware-Wielding Criminals?
Flurry of Arrests a Potential Prelude to Russia-Ukraine Peace Negotiations Even before Donald Trump took office on Jan. 20, there were signs that Russian President Vladimir Putin ordered cybercriminals operating inside his country’s borders to be reined in, potentially as a bargaining chip in negotiations over Russia’s stalemated war of conquest against Ukraine. First seen…
-
New Golang-based backdoor relies on Telegram for C2 communication
Netskope Threat Labs researchers discovered a Golang-based backdoor using Telegram for C2 communication, possibly of Russian origin. Netskope Threat Labs found a Golang-based backdoor using Telegram for C2. The malware, still in development but functional, exploits cloud apps to evade detection. The experts believe the new Go backdoor could have a Russian origin. Upon executing…
-
Pro-Russia Hackers NoName057(16) Hit Italian Banks and Airports
Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/noname05716-hit-italian-banks/
-
Russian State Hackers Target Organizations With Device Code Phishing
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign. The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/
-
Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites
Pro-Russia collective NoName057(16) launched DDoS attacks on Italian sites, targeting airports, the Transport Authority, major ports, and banks. The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the websites of Linate and Malpensa airports, the Transport Authority, the bank Intesa San Paolo, and…
-
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications.Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.”The malware is compiled in Golang and once executed it acts like a backdoor,” security researcher Leandro Fróes said in…
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
CVE-2024-1709 and CVE-2023-48788: Exploits Fueling Russia’s BadPilot Campaign
Microsoft Threat Intelligence has exposed a multiyear cyber espionage campaign conducted by a subgroup of the Russian state-sponsored First seen on securityonline.info Jump to article: securityonline.info/cve-2024-1709-and-cve-2023-48788-exploits-fueling-russias-badpilot-campaign/
-
Storm-2372 used the device code phishing technique since August 2024
Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Microsoft Threat Intelligence researchers warn that threat actor Storm-2372, likely linked to Russia, has been targeting governments, NGOs, and various industries across multiple regions since August 2024. The attackers employ a phishing technique called…
-
Emulating the Financially Motivated Criminal Adversary FIN7 Part 2
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated Russian criminal adversary known as FIN7 based on activities observed between 2022 and 2023. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/emulating-the-financially-motivated-criminal-adversary-fin7-part-2/
-
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/
-
Zelensky calls to build ‘army of Europe’ to counter future Russian threats
Ukraine’s president said the European Union needs to be self-reliant to counter threats from Russia amid ongoing tensions with the Trump administration. First seen on therecord.media Jump to article: therecord.media/zelensky-calls-for-army-of-europe-to-counter-russia
-
What is device code phishing, and why are Russian spies so successful at it?
Overlooked attack method has been used since last August in a rash of account takeovers. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/
-
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-threat-groups-device-code-phishing-microsoft-accounts/
-
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Roses aren’t cheap, violets are dear, now all your access token are belong to Vladimir First seen on theregister.com Jump to article: www.theregister.com/2025/02/15/russia_spies_spoofing_teams/
-
Threat actors are using legitimate Microsoft feature to compromise M365 accounts
Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/14/microsoft-device-code-authentication-phishing-m365-account-compromise/
-
Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing
Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-microsoft-device-code/
-
Ukraine warns of growing AI use in Russian cyber-espionage operations
Russia is using artificial intelligence to boost its cyber-espionage operations, Ihor Malchenyuk of Ukraine’s State Service of Special Communications and Information Protection (SSCIP), said at the Munich Cyber Security Conference. First seen on therecord.media Jump to article: therecord.media/russia-ukraine-cyber-espionage-artificial-intelligence
-
Ukraine struggles to counter Russian disinfo without US support, local cyber official says
“This is a very serious issue for Ukraine,” Ukrainian security official Natalia Tkachuk said about the Trump administration’s freeze on U.S. foreign aid, including cyber and counter-disinformation programs started after the Russian invasion. First seen on therecord.media Jump to article: therecord.media/ukraine-russia-disinformation-us-foreign-aid
-
Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas First…
-
US charges two Russian men in connection with Phobos ransomware operation
Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/us-charges-russian-men-phobos-ransomware-operation
-
Russian Influence Operations Target German Elections
A new report from Insikt Group reveals that Russia-linked influence operations are actively targeting the February 23, 2025, First seen on securityonline.info Jump to article: securityonline.info/russian-influence-operations-target-german-elections/
-
APT Groups Using Ransomware ‘Smokescreen’ for Espionage
Russian, Iranian and Chinese APTs Among Most Active Ransomware Collaborators. Security researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities. First seen on govinfosecurity.com Jump to article:…
-
Microsoft Uncovers ‘BadPilot’ Campaign as Seashell Blizzard Targets US and UK
Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the… First seen on hackread.com Jump to article: hackread.com/microsoft-badpilot-campaign-seashell-blizzard-usa-uk/
-
Cryptohack Roundup: Sentencing in a $37M Theft Case
Also: Complaint Against Trump, Melania Memecoins. This week’s stories include sentencing in a $37 million theft, $9 million zkLend theft, Tornado Cash developer’s pretrial detention release, guilty plea in SEC hack, an update on a crypto-using murderer, case against Trump memecoin, and a prisoner exchange involving a Russian Bitcoin fraud suspect. First seen on govinfosecurity.com…
-
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including the escalation of the Russia-Ukraine war and the Israel-Hamas confrontation. The trend of malicious targeting…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
UK government sanctions target Russian cyber crime network Zservers
The UK government has imposed sanctions on a Russian cyber crime syndicate responsible for aiding ransomware attacks, targeting the group and individual members First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619219/UK-government-sanctions-target-Russian-cyber-crime-network-ZSERVERS