Tag: russia
-
Void Blizzard: New Russian Cyberespionage Group Targets NATO and Ukraine
Microsoft Threat Intelligence has identified a cyberespionage campaign by a newly recognized Russia-affiliated actor named Void Blizzard, also First seen on securityonline.info Jump to article: securityonline.info/void-blizzard-new-russian-cyberespionage-group-targets-nato-and-ukraine/
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
-
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers said. First seen on cyberscoop.com Jump to article: cyberscoop.com/laundry-bear-void-blizzard-russia-apt/
-
Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
A Russian court sentenced a former hospital programmer to 14 years in a high-security penal colony for allegedly leaking personal data of Russian soldiers to Ukraine, authorities said. First seen on therecord.media Jump to article: therecord.media/russian-programmer-gets-14-years-for-leaking-info-to-ukraine
-
NATO Countries Targeted By New Russian Espionage Group
‘Laundry Bear’ Has Been Active Since 2024. Dutch intelligence agencies and Microsoft say a novel Russian state intelligence hacking group is likely buying stolen credentials from criminal marketplaces to gain entry to North American and European networks. It has a specific interest in European Union and NATO member states. First seen on govinfosecurity.com Jump to…
-
Danabot Takedown Deals Blow to Russian Cybercrime
A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet’s US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/danabot-takedown-russian-cybercrime
-
US authorities charge 16 in operation to disrupt DanaBot malware
Authorities said malware linked to Russia-based cybercrime group infected more than 300,000 computers around the world with the malicious code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/us-authorities-disrupt-danabot-malware/748991/
-
Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack
A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch police security breach in September 2024. Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Defence Intelligence and Security Service (MIVD) have linked a previously undetected Russia-linked group, tracked Laundry Bear (aka Void Blizzard), to a 2024 police breach.…
-
Microsoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT Sectors
Microsoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of global cloud abuse activities orchestrated by a threat actor tracked as Void Blizzard, also known as LAUNDRY BEAR. Assessed with high confidence to be Russia-affiliated, Void Blizzard has been active since at least April 2024, focusing its cyberespionage operations on NATO…
-
Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/27/microsoft-dutch-security-agencies-lift-veil-on-laundry-bear-void-blizzard-cyber-espionage-group/
-
Dutch intelligence unmasks previously unknown Russian hacking group ‘Laundry Bear’
Recent attacks on institutions in the Netherlands were the work of a previously unknown Russian hacking group that Dutch intelligence agencies are labeling Laundry Bear. Microsoft also reported on the group, naming it Void Blizzard. First seen on therecord.media Jump to article: therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands
-
Russian Laundry Bear cyberspies linked to Dutch Police hack
Tags: russiaA previously unknown Russian-backed cyberespionage group now tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/
-
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government…
-
Russian Void Blizzard cyberspies linked to Dutch police breach
A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/
-
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload.The attack chain is a departure from the threat actor’s previously documented use of an HTML Application (.HTA) loader dubbed HATVIBE, Recorded Future’s Insikt Group said in an analysis.”Given TAG-110’s historical First…
-
Russian-Aligned TAG-110 Targets Tajikistan Governments with Stealthy Cyber-Espionage
Recorded Future’s Insikt Group has uncovered a new cyber-espionage campaign by Russia-aligned threat actor TAG-110 targeting public sector First seen on securityonline.info Jump to article: securityonline.info/russian-aligned-tag-110-targets-tajikistan-governments-with-stealthy-cyber-espionage/
-
Leader of Qakbot cybercrime network indicted in U.S. crackdown
The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. The U.S. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000 computers and facilitated ransomware attacks. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an…
-
The US Is Building a One-Stop Shop for Buying Your Data
Plus: A mysterious hacking group’s secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more. First seen on wired.com Jump to article: www.wired.com/story/us-spies-one-stop-shop-private-data/
-
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying
An example of how a single malware operation can enable both criminal and state-sponsored hacking. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/05/feds-charge-16-russians-allegedly-tied-to-botnets-used-in-cyberattacks-and-spying/
-
Russian Hackers Target Western Firms Aiding Ukraine, Spy on Shipments
Russian military hackers are targeting Western firms aiding Ukraine, using cyberespionage to infiltrate logistics networks and spy on arms shipments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/russian-hackers-target-western-firms/
-
Russian-led cybercrime network dismantled in global operation
Arrest warrants issued for ringleaders after investigation by police in Europe and North AmericaEuropean and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.International arrest warrants have been issued for 20 suspects,…
-
EU Targets Stark Industries in Cyberattack Sanctions Crackdown
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing new restrictive measures against 21 individuals and 6 entities. This latest move, part of the EU’s 17th sanctions package, reflects a significant broadening of both the scope and technical complexity of sanctions as the bloc seeks to counter destabilising activities…
-
TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks
The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium confidence by CERT-UA, has shifted tactics to target government, educational, and research entities in Tajikistan. According to analysis by Insikt Group from Recorded Future Report, TAG-110 has moved away from its traditional use of HTA-based payloads like HATVIBE, which it has…
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation
The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, alleging he led the development and deployment of the notorious Qakbot malware. This action, announced on May 22, 2025, marks a significant milestone in a years-long multinational effort to disrupt cybercriminal networks that have inflicted hundreds of…
-
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.The malware, the DoJ said, infected more than…
-
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerabilityCredential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
-
US Takes Down DanaBot Malware, Indicts Developers
DanaBot Used to Steal and to Spy. A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware’s infrastructure. First seen on govinfosecurity.com Jump…