Tag: russia
-
Feds finger Russian ‘behind Qakbot malware’ that hit 700K computers
Agents thought they shut this all down in 2023, but the duck quacked again First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/qakbot_criminal_mastermind_charged/
-
Breach Roundup: US Indicts Qakbot Malware Leader
Also: Signal Blocks Recall, Europe Sanctions Stark Industries. This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer’s hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia. First seen…
-
Russian Threat Actor TAG-110 Goes Phishing in Tajikistan
While Ukraine remains Russia’s major target for cyberattacks, TAG-110 is part of a strategy to preserve a post-Soviet sphere of influence by embedding itself in other countries’ infrastructures. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russian-threat-actor-tag-110-phishing-tajikistan
-
Feds finger Russian behind Qakbot malware that hit 700,000 computers
The FBI thought they shut this all down in 2023, but the duck quacked again First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/qakbot_criminal_mastermind_charged/
-
Russia facing spike in PureRAT malware attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/russia-facing-spike-in-purerat-malware-attacks
-
Russian hackers targeting Western logistics, tech support of Ukraine
First seen on scworld.com Jump to article: www.scworld.com/news/russian-hackers-targeting-western-logistics-tech-support-of-ukraine
-
Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking. First seen on wired.com Jump to article: www.wired.com/story/us-charges-16-russians-danabot-malware/
-
US indicts leader of Qakbot botnet linked to ransomware attacks
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/
-
Blurring Lines Between Scattered Spider & Russian Cybercrime
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/blurring-lines-scattered-spider-russian-cybercrime
-
Blurring Lines Between Scattered Spider and Russian Cybercrime
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/blurring-lines-scattered-spider-russian-cybercrime
-
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware. This malware-as-a-service (MaaS) infostealer, also known as LummaC2 Stealer, targets Windows systems to siphon credentials, system data, and cryptocurrency wallets. Investigations conducted in 2025 reveal…
-
Russia-aligned hackers target Tajikistan in new espionage campaign
The hackers used phishing emails containing government-themed lure documents to gain access to targeted systems. First seen on therecord.media Jump to article: therecord.media/russia-hackers-target-tajikistan-espionage
-
Cryptohack Roundup: 12 Charged in $263M Theft Case
Also: Charges in Unicoin Case, Jury Convicts SafeMoon Ex-CEO. This week, charges in $263 million theft and Unicoin cases, a jury convicted ex-CEO of SafeMoon, U.S. SEC X account hacker sentenced, Hong Kong police arrested dozens for money laundering, Russian police arrested the Blum co-founder. Israeli police arrested an alleged Nomad Bridge money launderer. First…
-
Russia’s Fancy Bear Targeting Logistics, IT Firms
The mission is to gather information that could help Russia in its war against Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-russia-fancy-bear-targeting-logistics-it-firms
-
Russian hacker group Killnet returns with new identity
Earlier this month, Killnet claimed it had hacked Ukraine’s drone-tracking system after disappearing from public view in 2023. First seen on therecord.media Jump to article: therecord.media/russian-hacker-group-killnet-returns-with-new-identity
-
Russia expected to pass experimental law that tracks foreigners in Moscow via smartphones
4-year trial is second major initiative this year that clamps down on ‘illegal immigrants’ First seen on theregister.com Jump to article: www.theregister.com/2025/05/22/russia_expected_to_pass_experimental/
-
Feds and Microsoft crush Lumma Stealer that stole millions of passwords
Tags: access, breach, control, cyber, cybercrime, cybersecurity, infrastructure, malware, microsoft, password, russia, service, software, threat, tool2,300 domains neutralized, command infrastructure seized: As part of the legal action filed in the US District Court for the Northern District of Georgia, Microsoft secured authorization to seize and disrupt a core component of Lumma’s ecosystem: its domain infrastructure. These domains acted as communication nodes between infected devices and the malware’s operators.According to the…
-
Western Logistics and Tech Firms Targeted by Russia’s APT28
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/western-logistics-tech-firms/
-
Russia-linked APT28 targets western logistics entities and technology firms
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations against Western logistics and technology companies moving supplies into Ukraine, US CISA warns. TheAPT28group (akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM)has been active since at least 2007 and it…
-
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/
-
Police Operation and Microsoft Take Down Lumma Infostealer
User Panels and Command and Control Domains Seized. Law enforcement and Microsoft struck a blow against malware used to steal login credentials and financial data, seizing the central command structure and thousands of online domains used to control the Lumma Stealer. Lumma first appeared on Russian-language speaking cybercriminal forums in 2022. First seen on govinfosecurity.com…
-
Russia’s Fancy Bear swipes a paw at logistics, transport orgs’ email servers
Their connection? Aiding Ukraine, duh First seen on theregister.com Jump to article: www.theregister.com/2025/05/21/russias_fancy_bear_alert/
-
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
Tags: cyber, email, exploit, hacker, intelligence, military, russia, service, spy, technology, threat, ukraine, vpn, vulnerabilityRussian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit…
-
Multi-national warning issued over Russia’s targeting of logistics, tech firms
Tags: russiaThe campaign traces back at least to early 2022, coinciding with the start of Russia’s full-scale invasion of Ukraine. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-apt28-cyberattacks-target-western-logistics-ukraine/
-
Russian Intelligence Hackers Stalk Western Logistics Firms
Tags: cctv, cybersecurity, government, hacker, hacking, intelligence, Internet, military, russia, technologyWestern Governments Publish Warning Over Unit 26165 Activities. A slew of Western cybersecurity agencies warned Wednesday that Russian intelligence is targeting logistics and technology companies in a prolonged hacking campaign that includes an emphasis on internet-connected cameras situated along border crossings and military installations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russian-intelligence-hackers-stalk-western-logistics-firms-a-28449
-
NCSC: Russia’s Fancy Bear targeting logistics, tech organisations
The NCSC and its partner agencies have blown the whistle on an extensive campaign of malicious cyber attacks orchestrated by the Russian state Fancy Bear operation. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366624164/NCSC-Russias-Fancy-Bear-targeting-logistics-tech-orgs
-
Russia to enforce location tracking app on all foreigners in Moscow
The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/government/russia-to-enforce-location-tracking-app-on-all-foreigners-in-moscow/
-
PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram
A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports), has surfaced as a significant cyber threat, targeting sensitive data such as web browser passwords and application session tokens. First observed in the wild around April 2025, this malware is believed to have roots in Russian-speaking cybercrime communities, with indicators…
-
Russia stepping up attacks on firms aiding Ukraine, Western nations warn
One of Moscow’s most infamous hacker teams is targeting logistics and technology companies supporting Kyiv’s war effort. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russia-hacking-ukraine-aid-logistics-tech-companies-advisory/748723/
-
Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
Twenty-one intelligence agencies from 11 allied nations pointed to the Russian hacking operation known as Fancy Bear or APT28 as the source of a widespread campaign to hack into Western logistics and technology companies. First seen on therecord.media Jump to article: therecord.media/western-intelligence-alert-russia-hackers-logistics-fancy-bear-apt28