Tag: russia
-
Russian bulletproof hosting service Zservers sanctioned by US for LockBit coordination
The U.S., the U.K. and Australia sanctioned Russia-based Zservers, connecting the Russian company’s internet hosting services to the LockBit ransomware operation. First seen on therecord.media Jump to article: therecord.media/zservers-russia-bulletproof-hosting-us-uk-sanctions
-
Thai Police Bust 4 Suspected 8Base Ransomware Group Members
Detained Russians Accused of Phobos Ransomware Attacks Against 1,000 Organizations. Thai police have arrested four suspected members of the 8Base ransomware-wielding gang, which authorities say has extorted $16 million in ransom payments through attacks against mostly smaller players. The four men were taken into custody in a coordinated, international law enforcement operation. First seen on…
-
Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia
Russia-based bulletproof hosting services provider Zservers was sanctioned for providing services to support LockBit ransomware operations. The post Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-cybercrime-network-targeted-for-sanctions-across-us-uk-and-australia/
-
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-military-hackers-deploy-malicious-windows-activators-in-ukraine/
-
Two Russian nationals arrested in takedown of Phobos ransomware infrastructure
The U.S. Department of Justice said two Russian nationals were in custody as part of an operation against the Phobos ransomware gang, which has attacked hundreds of organizations and earned millions of dollars in extortion payments. First seen on therecord.media Jump to article: therecord.media/phobos-ransomware-takedown-arrests-russian-nationals
-
U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
Zservers, a Russia-based company, along with two employees, allegedly ran specialized servers tied to ransomware attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/zservers-bulletproof-hosting-sanctions-lockbit-ransomware/
-
Authorities Disrupt 8Base Ransomware, Arrest Four Russian Operators
Law enforcement agencies take down the 8Base ransomware group’s infrastructure, arrest four Russian operators. The post Authorities Disrupt 8Base Ransomware, Arrest Four Russian Operators appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/authorities-disrupt-8base-ransomware-arrest-four-russian-operators/
-
US sanctions LockBit ransomware’s bulletproof hosting provider
The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-lockbit-ransomwares-bulletproof-hosting-provider/
-
Authorities arrest four suspected 8base ransomware operators in global takedown
The Russian nationals are accused of launching more than 1,000 ransomware attacks worldwide to steal $16 million First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/11/authorities-arrest-four-suspected-8base-ransomware-operators-in-global-takedown/
-
HPE is notifying individuals affected by a December 2023 attack
Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January 2024, Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyber espionage group Midnight Blizzard gained access to…
-
HPE issues breach notifications for 2023 Midnight Blizzard attack
Russian state-sponsored hackers compromised the tech giant’s Office 365 email environment. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hpe-issues-breach-notifications-for-2023-midnight-blizzard-attack/739674/
-
HPE Says Personal Information Stolen in 2023 Russian Hack
HPE is notifying an unknown number of individuals that Russian hackers accessed their personal information in a December 2023 attack. The post HPE Says Personal Information Stolen in 2023 Russian Hack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hpe-says-personal-information-stolen-in-2023-russian-hack/
-
Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/09/week-in-review-exploited-7-zip-0-day-flaw-crypto-stealing-malware-found-on-app-store-google-play/
-
Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps
Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps and forums, offering quick pay, Ukraine’s law enforcement warns. According to Ukraine’s law enforcement, Russian intelligence is using messaging apps and forums to recruit Ukrainians for terrorist attacks, offering quick pay. Ukrainian authorities have recently seen a rise in terrorist attacks on police, military centers,…
-
UK Secret Order Demands That Apple Give Access to Users’ Encrypted Data
Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more. First seen on wired.com Jump to article: www.wired.com/story/uk-secret-order-apple-users-encrypted-data/
-
SolarWinds to Go Private for $4.4B
Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/solarwinds-private-billions
-
HPE notifies employees of data breach after Russian Office 365 hack
Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/
-
Private equity firm to acquire SolarWinds for $4.4B
SolarWinds, which now will go private, was embroiled in a massive supply chain attack in 2020 linked to Russia-backed threat actors. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/private-equity-firm-to-acquire-solarwinds-for-44b/739573/
-
HPE begins notifying data breach victims after Russian government hack
Hackers with Russian foreign intelligence were blamed for the breach, which also targeted Microsoft. First seen on techcrunch.com Jump to article: techcrunch.com/2025/02/07/hpe-begins-notifying-data-breach-victims-after-russian-government-hack/
-
Russia uses messaging apps to recruit terrorists, Ukraine’s police says
Russian intelligence services are using messaging apps and online forums to recruit Ukrainian citizens for terrorist attacks, promising quick payoffs, according to Ukraine’s law enforcement. First seen on therecord.media Jump to article: therecord.media/russia-uses-messaging-apps-to-recruit-terrorists
-
Democrats demand to know WTF is up with that DOGE server on OPM’s network
Are you trying to make this easy for China and Russia? First seen on theregister.com Jump to article: www.theregister.com/2025/02/06/democrats_opm_server/
-
7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine
Vulnerability stripped MotW tag Windows uses to flag Internet-downloaded files. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine/
-
Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine
Russian threat groups have been observed exploiting a zero-day vulnerability in 7-Zip against Ukrainian entities. The post Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-hackers-exploited-7-zip-zero-day-against-ukraine/
-
Russian SmokeLoader Campaign in Ukraine Uses 7-Zip Zero-Day
Tags: credentials, cybercrime, espionage, government, hacker, open-source, russia, ukraine, vulnerability, zero-dayEspionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass Hits. Russian hackers targeting Ukrainian government agencies and businesses – including a major automotive manufacturer – have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware. First seen on govinfosecurity.com Jump to article:…
-
Russian cyber research companies post alerts about infostealer, industrial threats
Moscow-based cybersecurity company BI.ZONE posted an analysis of the Nova infostealer as other Russian firms warned about cyber-espionage and threats against industrial facilities. First seen on therecord.media Jump to article: therecord.media/russia-cybersecurity-research-bizone-nova-infostealer
-
7-Zip MotW bypass exploited in zero-day attacks against Ukraine
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine/
-
Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/04/russian-cybercrooks-exploited-7-zip-zero-day-vulnerability-cve-2025-0411/
-
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.”The…
-
Hackers Exploiting 7-Zip Zero-Day Vulnerability to Deploy SmokeLoader Malware
A newly identified zero-day vulnerability in the widely used 7-Zip archiving software, designated as CVE-2025-0411. This critical flaw, which was exploited in the wild, is enabling threat actors to bypass vital Windows security protections and deploy SmokeLoader malware. The campaign has predominantly targeted Ukrainian organizations, with experts suspecting links to Russian cybercrime groups amid the…
-
Kazakhstan to audit foreign ministry after suspected Russia-linked cyberattack
Kazakh officials said they have been aware since 2023 of a cyberattack targeting the foreign ministry. First seen on therecord.media Jump to article: therecord.media/kazakhstan-foreign-ministry-cyberattack-russia