Tag: russia

Enterprise-specific zero-day exploits on the rise, Google warns

Apr 29, 2025 5:52 PM

Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-day

Surge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
The state of intrusions: Stolen credentials and perimeter exploits on the rise, as phishing wanes

Apr 29, 2025 11:52 AM

Tags: access, apt, attack, authentication, awareness, backdoor, breach, business, china, cloud, control, corporate, credentials, crypto, cyber, cyberespionage, cybersecurity, data, email, espionage, exploit, extortion, finance, fraud, group, Hardware, incident response, infection, ivanti, jobs, law, lockbit, malicious, malware, mandiant, mfa, middle-east, mobile, network, north-korea, oracle, password, phishing, ransom, ransomware, RedTeam, russia, social-engineering, software, theft, threat, tool, training

Financial gains, data theft, dwell time: Of the intrusions Mandiant investigated in 2024, 35% were financially motivated, with ransomware alone representing 21% of all intrusions, according to the company’s data.Financial gains were realized via data theft for the purpose of extortion, cryptomining, cryptocurrency theft, business email compromise, and cases in which attackers monetized their access…
UK bans game controller exports to Russia in bid to ground drone attacks

Apr 28, 2025 9:51 AM

Tags: attack, russia

Moscow likely to respawn elsewhere First seen on theregister.com Jump to article: www.theregister.com/2025/04/26/uk_russia_controller_drone_attack/
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations

Apr 25, 2025 9:50 AM

Tags: cyber, cybercrime, Internet, korea, network, north-korea, russia

Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
New Android spyware is targeting Russian military personnel on the front lines

Apr 24, 2025 10:50 PM

Tags: android, military, russia, spyware

Trojanized mapping app steals users’ locations, contacts, and more. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/russian-military-personnel-on-the-front-lines-targeted-with-new-android-spyware/
North Korean Hackers Use Russian IP Infrastructure

Apr 24, 2025 10:50 PM

Tags: breach, crypto, hacker, infrastructure, Internet, jobs, north-korea, russia, scam, social-engineering

Void Dokkaebi Campaigns Using Russia for Cryptocurrency Theft. North Korean hackers look north toward Russia for the internet infrastructure behind the many online scams that Pyongyang has built to funnel stolen cash into the rouge nation. Void Dokkaebi hackers participate in the North Korean scam of social engineering IT job seekers. First seen on govinfosecurity.com…
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Apr 24, 2025 10:50 PM

Tags: authentication, hacker, microsoft, russia, threat, ukraine

Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/
UK bans export of video game controllers to Russia to hinder attack drone pilots

Apr 24, 2025 3:50 PM

Tags: attack, exploit, government, russia

In a sanctions package including more than 150 new measures, the British government said it was closing loopholes being exploited by the Kremlin. First seen on therecord.media Jump to article: therecord.media/uk-bans-video-game-controllers
Booby-trapped Alpine Quest Android app geolocates Russian soldiers

Apr 24, 2025 9:50 AM

Tags: android, russia

Back of the nyet! First seen on theregister.com Jump to article: www.theregister.com/2025/04/24/hacked_alpine_quest_android_app/
U.S DOGE Allegedly Breached Whistleblower Leaked Most Sensitive Documents

Apr 18, 2025 5:28 PM

Tags: breach, cyber, cybersecurity, data, data-breach, government, login, russia, unauthorized

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a major cybersecurity breach at the National Labor Relations Board (NLRB), involving unauthorized data extraction, disabled security protocols, and attempted logins from a Russian IP address. The whistleblower, a senior DevSecOps architect at the NLRB, has submitted a detailed affidavit to Congress…
Chinese hackers target Russian govt with upgraded RAT malware

Apr 18, 2025 4:28 PM

Tags: access, china, government, hacker, malware, rat, russia

Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/
State Sponsored Hackers now Widely Using ClickFix Attack Technique in Espionage Campaigns

Apr 18, 2025 3:28 PM

Tags: attack, cyber, cybercrime, espionage, hacker, iran, korea, north-korea, russia, social-engineering

The state-sponsored hackers from North Korea, Iran, and Russia have begunp deploying the ClickFix social engineering technique, traditionally associated with cybercriminal activities, into their espionage operations. This shift was first documented by Proofpoint researchers over a three-month period from late 2024 into early 2025 where these actors employed ClickFix in routine activities. The Emergence of…
Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

Apr 18, 2025 11:28 AM

Tags: blizzard, espionage, malware, phishing, russia

Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/midnight-european-diplomats-wine/
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File

Apr 17, 2025 9:28 PM

Tags: cyber, detection, exploit, malicious, malware, russia, service, tactics, windows

The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
China Plans Expanded Cybersecurity Cooperation with Russia

Apr 17, 2025 3:28 PM

Tags: china, cyber, cybersecurity, russia

China has announced a significant step forward in its partnership with Russia, with plans to expand their cooperation in the field of cybersecurity. In an article published by Sputnik News, Chinese Ambassador to Russia Zhang Hanhui outlined Beijing’s intention to deepen its collaboration, emphasizing the shared importance both countries place on digital security and the…
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers

Apr 17, 2025 3:28 PM

Tags: cyber, government, group, infrastructure, malware, military, russia, service, tactics, threat, ukraine

Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Apr 17, 2025 3:28 PM

Tags: group, hacker, hacking, iran, korea, malware, north-korea, phishing, russia, social-engineering, strategy

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025.The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater, First…
Russia-linked APT29 targets European diplomats with new malware

Apr 17, 2025 5:28 AM

Tags: attack, backdoor, detection, email, india, malware, phishing, russia, service, tactics, threat, tool, vmware

WINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts

Apr 17, 2025 5:28 AM

Tags: access, breach, cybersecurity, government, regulation, russia

Legal battle: As it stands, the allegations are being made by one individual, and the evidence behind them has yet to be examined independently.In a statement to NPR, an NLRB representative said that while Berulis had raised concerns within the agency, an investigation had “determined that no breach of agency systems occurred.”That said, it won’t…
Anonymous Releases 10TB of Leaked Data Targeting Russia

Apr 17, 2025 5:28 AM

Tags: cyberattack, data, data-breach, russia

Recently, the hacktivist collective Anonymous has claimed responsibility for a sweeping cyberattack against Russia, releasing a staggering 10 First seen on securityonline.info Jump to article: securityonline.info/anonymous-releases-10tb-of-leaked-data-targeting-russia/
Whistleblower describes DOGE IT dept rampage at America’s labor watchdog

Apr 17, 2025 5:28 AM

Tags: data, infosec, login, russia, usa

Ignored infosec rules, exfiltrated data “¦ then the mysterious login attempts from a Russian IP address began claim First seen on theregister.com Jump to article: www.theregister.com/2025/04/17/whistleblower_nlrb_doge/
CVE program averts swift end after CISA executes 11-month contract extension

Apr 16, 2025 6:28 PM

Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-management

Important update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
BidenCash Market Dumps 1 Million Stolen Credit Cards on Russian Forum

Apr 16, 2025 5:28 PM

Tags: breach, credit-card, russia

BidenCash dumps almost a million stolen credit card records on Russian forum, exposing card numbers, CVVs, and expiry dates in plain text with no cardholder names. First seen on hackread.com Jump to article: hackread.com/bidencash-market-leak-credit-cards-russian-forum/
Russians lure European diplomats into malware trap with wine-tasting invite

Apr 16, 2025 3:28 PM

Tags: malware, phishing, russia

Vintage phishing varietal has improved with age First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/cozy_bear_grapeloader/
APT29 Hackers Use GRAPELOADER in New Attack Against European Diplomats

Apr 16, 2025 12:28 PM

Tags: attack, blizzard, cyber, government, group, hacker, hacking, phishing, russia

Check Point Research (CPR) has uncovered a new targeted phishing campaign employing GRAPELOADER, a sophisticated initial-stage downloader, launched by the notorious Russian-linked hacking group APT29, known alternatively as Midnight Blizzard or Cozy Bear. This campaign, identified since January 2025, primarily focuses on European governments and diplomatic entities. Campaign Overview APT29, recognized for its sophisticated cyber…
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Apr 16, 2025 10:28 AM

Tags: android, antivirus, china, crypto, finance, malware, phone, russia

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to…
CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo

Apr 16, 2025 5:28 AM

Tags: china, cisa, cve, cyber, cybersecurity, data, detection, endpoint, flaw, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, technology, threat, vulnerability, vulnerability-management

MITRE’s CVE program foundational to cybersecurity: MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.Although…
Whistleblower Accuses DOGE of Data-Harvesting Cover Up

Apr 16, 2025 1:28 AM

Tags: access, computer, data, government, russia

Complaint Says Russia-Based IP Address Attempted to Gain Access as DOGE Took Data. A whistleblower has accused staffers from the Department of Government Efficiency of attempting to cover their tracks while collecting troves of sensitive data from the independent labor agency’s computer systems, raising significant security concerns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whistleblower-accuses-doge-data-harvesting-cover-up-a-28013
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing

Apr 15, 2025 11:28 PM

Tags: blizzard, espionage, group, malware, phishing, russia, spear-phishing

Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/
Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats

Apr 15, 2025 6:28 PM

Tags: attack, backdoor, malicious, phishing, russia

Russia-backed APT29’s latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages, errr, victims, and delivers a novel backdoor, GrapeLoader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/wine-inspired-phishing-eu-diplomats