Tag: russia
-
RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals
The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has been targeting UK companies in the retail, hospitality, and critical national infrastructure (CNI) sectors in a recently discovered cyber espionage and profit-driven operation called >>Operation Deceptive Prospect.
-
Azerbaijan blames Russian state hackers for cyberattacks on local media
The Kremlin-backed hacking group known as APT29 was responsible for a February cyberattack on local media, said Azerbaijan’s government, which has moved to reduce Russian influence recently. First seen on therecord.media Jump to article: therecord.media/azerbaijan-blames-media-cyberattacks-russia-apt29
-
California Man Will Plead Guilty to Last Year’s Disney Hack
A 25-year-old California man will plead guilty to hacking into a Disney’s personal computer and using stolen credentials to break into thousands of Disney Slack channels. Ryan Mitchell Kramer, who claimed to be a member of the Russian group NullBulge, then leaked the data when the victim didn’t respond to his emails. First seen on…
-
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm. First seen on wired.com Jump to article: www.wired.com/story/easyjson-open-source-vk-ties/
-
Hacking Spree Hits UK Retail Giants
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death. First seen on wired.com Jump to article: www.wired.com/story/hacking-spree-hits-uk-retail-giants/
-
State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape
Tags: attack, cyber, cybersecurity, government, group, india, infrastructure, military, russia, threat, ukraineGlobal cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts: BlackJack, Handala Group, Indian Cyber Force, and NoName057(16). Critical infrastructure, including government, military, transportation, logistics,…
-
Pro-Russian hacktivists intensify DDoS attacks on Dutch orgs
First seen on scworld.com Jump to article: www.scworld.com/brief/pro-russian-hacktivists-intensify-ddos-attacks-on-dutch-orgs
-
Updated DarkWatchman malware sets sights on Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/updated-darkwatchman-malware-sets-sights-on-russia
-
Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure, government agencies, political leaders, and organizations related to NATO. Their operations are characterized by the…
-
Disney Slack Channel Hacker Pleads Guilty
Hacker Who Feigned Russian Hacktivist Persona Faces Up to a Decade in Prison. A California man whose theft of a terabyte of company data from Disney led the media and entertainment conglomerate to eschew Slack pleaded guilty in Los Angeles federal court to two felony charges. Santa Clarita resident Ryan Mitchell Kramer, 25, gained access…
-
Disney Slack attack wasn’t Russian protesters, just a Cali dude with malware
A 25-year-old California man pleaded guilty to stealing and dumping 1.1TB of data from the House of Mouse First seen on theregister.com Jump to article: www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/
-
Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists
Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks. These attacks, which have also targeted other European organizations, are believed to be the work of a pro-Russian hacktivist group NoName057(16), according to official statements and ongoing investigations by the National Cyber Security Centre (NCSC).…
-
Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations
Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations with large-scale DDoS attacks, the country’s National Cyber Security Center (NCSC) warns. This week, several Dutch and European organizations faced large-scale DDoS attacks launched by Pro-Russia hacktivists, including the NoName057(16) group. Threat actors target organizations across public and private sectors. Russian hacktivist group NoName057(16) claimed some of…
-
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pro-russia-hacktivists-bombard-dutch-public-orgs-with-ddos-attacks/
-
The organizational structure of ransomware threat actor groups is evolving before our eyes
The Ransomware-as-a-service (RaaS) model has not recovered from law enforcement disruption, and the entrance of novice actors along with non-Russian state-linked cybercriminals has led to uncertain outcomes for victims. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/the-organizational-structure-of-ransomware-threat-actor-groups-is-evolving-before-our-eyes/
-
Large-Scale Phishing Campaigns Target Russia and Ukraine
A large-scale phishing campaign using DarkWatchman and Sheriff malware has been observed targeting companies in Russia and Ukraine First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-campaigns-targets-russia/
-
Putin’s Cyberattacks on Ukraine Rise 70%, With Little Effect
Russia’s cyberattacks on Ukraine have increased dramatically, targeting the country’s government and defense infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/putin-cyberattacks-ukraine-rise-little-effect
-
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Russian companies have been targeted as part of a large-scale phishing campaign that’s designed to deliver a known malware called DarkWatchman.Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said.The activity is assessed to be the work of a…
-
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The financially-motivated group targeted organizations in the media,…
-
How ‘native English’ Scattered Spider group linked to M&S attack operate
Cybersecurity expert says group are ‘unusual but potently threatening’ coalition of ransomware hackersIf there is one noticeable difference between some members of the Scattered Spider hacking community and their ransomware peers, it will be the accent.Scattered Spider has been linked to a <a href=”https://www.theguardian.com/business/2025/apr/29/m-and-s-cyber-attack-linked-to-hacking-group-scattered-spider”>cyber-attack on UK retailer Marks & Spencer. But unlike other <a href=”https://www.theguardian.com/business/2023/jan/13/what-is-lockbit-ransomware-and-how-does-it-operate-malware-royal-mail”>ransomware…
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
Tags: apt, cyber, data, defense, espionage, government, group, infrastructure, phishing, rat, russia, spear-phishingPRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities. Since mid-2022, they’ve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.…
-
France blames Russia for series of cyberattacks
First seen on scworld.com Jump to article: www.scworld.com/brief/france-blames-russia-for-series-of-cyber-attacks
-
From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks
France accuses Russia’s APT28 hacking group (Fancy Bear) of targeting French government entities in a cyber espionage campaign…. First seen on hackread.com Jump to article: hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/
-
DarkWatchman cybercrime malware returns on Russian networks
A financially motivated group tracked as Hive0117 recently attacked multiple Russian industries with a retooled version of DarkWatchman malware, researchers said. First seen on therecord.media Jump to article: therecord.media/darkwatchman-malware-russia-cybercrime-hive0117
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Grinex exchange suspected rebrand of sanctioned Garantex crypto firm
A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/cryptocurrency/grinex-exchange-suspected-rebrand-of-sanctioned-garantex-crypto-firm/
-
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-ties-russian-apt28-hackers-to-12-cyberattacks-on-french-orgs/
-
France blames Russian military intelligence for years of cyberattacks on local entities
In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities. First seen on therecord.media Jump to article: therecord.media/france-blames-russian-military-intelligence-for-hacks-against-local-orgs
-
France says Russian hackers behind attack on Macron’s 2017 presidential campaign
Foreign ministry says Russian military intelligence has attacked a dozen French entities since 2021 including a TV stationFrance has accused Russian military intelligence of carrying out a massive <a href=”https://www.theguardian.com/world/2017/may/06/emmanuel-macron-targeted-by-hackers-on-eve-of-french-election”>cyber-attack on Emmanuel Macron’s first presidential campaign in 2017 as well as several other recent major hacks, including on a TV station and an organisation involved…