Tag: russia
-
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website
A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through a campaign dubbed BadPilot. This multi-year initiative has targeted critical infrastructure worldwide, expanding the group’s reach beyond its traditional focus on Ukraine and Eastern Europe to include North America, Europe, and Asia-Pacific regions. Exploiting Vulnerabilities…
-
BadPilot Attacking Network Devices to Expand Russian Seashell Blizzard’s Attacks
A newly uncovered cyber campaign, dubbed >>BadPilot,
-
Threat Actors in Russia, China, and Iran Targeting Local communities in the U.S
Foreign adversaries, including Russia, China, and Iran, are intensifying their efforts to manipulate public opinion and destabilize local communities across the United States. These campaigns, once primarily focused on national-level politics, have increasingly targeted state and local governments, community groups, and individuals. Leveraging advanced technologies such as generative artificial intelligence (AI), these actors aim to…
-
Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign, which compromises infrastructure to support Russian cyber operations. Seashell Blizzard (aka Sandworm, BlackEnergy and TeleBots) has been…
-
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
Tags: access, attack, blizzard, computer, control, cyber, cyberattack, cybersecurity, data, espionage, exploit, fortinet, group, hacker, hacking, infrastructure, intelligence, international, microsoft, military, network, ransomware, russia, software, strategy, supply-chain, threat, tool, ukraine, update, vulnerability, zero-trustWeaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations…
-
Sandworm APT’s initial access subgroup hits organizations accross the globe
A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/13/sandworm-apts-initial-access-subgroup-hits-organizations-accross-the-globe/
-
Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft
A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence. The post Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-seashell-blizzard-hackers-gain-maintain-access-to-high-value-targets-microsoft/
-
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a Trump administration source told CNN. The New York Times first reported that Alexander Vinnik, a Russian money laundering suspect, is being released from U.S. custody in exchange for Marc Fogel, according to a Trump administration source. Alexander Vinnik, a…
-
Feds Sanction Russian Cybercrime Bulletproof Hosting Service
US, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime Groups. A Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns. First seen on govinfosecurity.com…
-
Lines Between Nation-State and Cybercrime Groups Disappearing: Google
Threat researchers with Google are saying that the lines between nation-state actors and cybercrime groups are blurring, noting that gangs backed by China, Russia, and others are using financially motivated hackers and their tools while attacks by cybercriminals should be seen as national security threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/lines-between-nation-state-and-cybercrime-groups-disappearing-google/
-
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) to Hack Windows Systems
In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows systems. This operation, active since late 2023, employs trojanized KMS activators and fake Windows updates to deploy malware, including the…
-
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/feds-sanction-russian-hosting-provider-lockbit-attacks
-
Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops
Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-seashell-blizzard-initial/
-
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap
Alexander Vinnik, who ran the defunct cryptocurrency exchange BTC-e and pleaded guilty last year to participating in a money laundering scheme, is heading back to Russia as part of a prisoner swap that freed an American teacher, reports said. First seen on therecord.media Jump to article: therecord.media/alexander-vinnik-reported-released-prisoner-swap-russia-us
-
Russia’s Sandworm APT Exploits Edge Bugs Globally
Sandworm (aka Seashell Blizzard) has an initial access wing called BadPilot that uses standard intrusion tactics to spread Russia’s tendrils around the world. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally
-
Subgroup of Russia’s Sandworm compromising US and European organizations, Microsoft says
The BadPilot hackers have expanded their focus beyond Ukraine and Eastern Europe, gaining initial access to dozens of strategically important organizations across the U.S. and U.K. First seen on therecord.media Jump to article: therecord.media/sandworm-subgroup-russia-europe
-
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-state-threat-group-shifts-focus/
-
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks
A team Microsoft calls BadPilot is acting as Sandworm’s “initial access operation,” the company says. And over the last year it’s trained its sights on the US, the UK, Canada, and Australia. First seen on wired.com Jump to article: www.wired.com/story/russia-sandworm-badpilot-cyberattacks-western-countries/
-
BadPilot network hacking campaign fuels Russian SandWorm attacks
A subgroup of the Russian state-sponsored hacking group APT44, also known as ‘Seashell Blizzard’ and ‘Sandworm’, has been targeting critical organizations and governments in a multi-year campaign dubbed ‘BadPilot.’ First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/badpilot-network-hacking-campaign-fuels-russian-sandworm-attacks/
-
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe.”This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations,” the First seen on…
-
Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs
‘Near-global’ initial access campaign active since 2021 First seen on theregister.com Jump to article: www.theregister.com/2025/02/12/russias_sandworm_caught_stealing_credentials/
-
Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft
A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence. The post Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-seashell-blizzard-hackers-gain-maintain-access-to-high-value-targets-microsoft/
-
Warning: Cybercrime Services Underpin National Security Risk
Tags: china, cybercrime, cybersecurity, google, hacking, iran, korea, north-korea, ransomware, risk, russia, serviceRussia, China, Iran and North Korea Tapping Cybercrime Services, Google Says. The cybercrime-as-a-service economy continues to power ransomware and other criminal enterprises, as well as serve as an accelerant for state-sponsored hacking, collectively posing an increasing risk to Western national security, cybersecurity researchers warn. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/warning-cybercrime-services-underpin-national-security-risk-a-27502
-
Cyber crime meshes with cyber warfare as states enlist gangs
A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619194/Google-Cyber-crime-meshes-with-cyber-warfare-as-states-enlist-gangs
-
US, UK and Australia Sanction Russian Bulletproof Hoster Zservers
The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-uk-australia-sanction-russia/
-
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began in late 2023, leverages trojanized KMS activators and fake Windows updates to deploy malware, including…
-
Sandworm APT Exploits Trojanized KMS Tools to Target Ukrainian Users in Cyber Espionage Campaign
The notorious Sandworm APT (APT44), a Russian-state-sponsored threat actor affiliated with the GRU (Russia’s Main Intelligence Directorate), has First seen on securityonline.info Jump to article: securityonline.info/sandworm-apt-exploits-trojanized-kms-tools-to-target-ukrainian-users-in-cyber-espionage-campaign/
-
US Treasury Sanctions Russian Bulletproof Hosting Provider Zservers for Supporting LockBit Ransomware Attacks
The U.S. Department of the Treasury, in a coordinated effort with Australia and the United Kingdom, has announced First seen on securityonline.info Jump to article: securityonline.info/us-treasury-sanctions-russian-bulletproof-hosting-provider-zservers-for-supporting-lockbit-ransomware-attacks/
-
U.S. adversaries increasingly turning to cybercriminals and their malware for help
A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began. First seen on cyberscoop.com Jump to article: cyberscoop.com/u-s-adversaries-increasingly-turning-to-cybercriminals-and-their-malware-for-help/
-
Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians
With “Operation Phobos Aetor,” international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific Phobos RaaS operation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/authorities-seize-8base-ransomware-infrastructure-arrest-four-russians/