Tag: russia
-
Attacks with novel PowerModul implant target Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-with-novel-powermodul-implant-target-russia
-
Advanced device code phishing leveraged by Russian APT
First seen on scworld.com Jump to article: www.scworld.com/brief/advanced-device-code-phishing-leveraged-by-russian-apt
-
Possible Russian Hackers Targeted UK Ministry of Defense
Spear-Phishing Campaign Used RomCom Malware Variant. A phishing campaign wielding malware previously associated with Russian-speaking hackers targeted the U.K. Ministry of Defense in late 2024. It is unclear if the campaign is tied to a data leak of 600 armed personnel, civil servants, and defense contractors reported late last year. First seen on govinfosecurity.com Jump…
-
Goffee Deploys PowerShell Implant to Target Russian Entities
Goffee Targets Russian Entities With USB-Based PowerShell Malware. A threat actor that focuses on Russian targets is spreading a new PowerShell implant that includes modules for stealing files from thumb drives and propagating itself through a USB worm. Its targets include critical infrastructure sectors such as energy, telecommunications and government. First seen on govinfosecurity.com Jump…
-
UK appoints security and intelligence specialist as ambassador to France
Sir Thomas Drew, previously a top official in the Foreign Office and a key figure in Britain’s response to Russia’s invasion of Ukraine, will be the U.K.’s ambassador to France as the two countries prepare to work more closely on security issues. First seen on therecord.media Jump to article: therecord.media/thomas-drew-security-intelligence-specalist-uk-ambassador-france
-
US Blocks Foreign Governments from Acquiring Citizen Data
The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-foreign-governments-acquiring/
-
DoJ Launches Critical National Security Program to Protect Americans’ Sensitive Data
The U.S. Department of Justice has launched a landmark initiative to block foreign adversaries”, including China, Russia, and Iran”, from exploiting commercial channels to access sensitive American data. The Data Security Program (DSP), enacted under Executive Order 14117, establishes stringent controls over transactions involving U.S. government-related data and bulk personal information such as genomic, financial,…
-
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations
The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack organizations in Russia Atomic…
-
Russian Shuckworm APT is back with updated GammaSteel malware
files.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…
-
Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks
The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has been observed targeting a Western country’s military mission located within Ukraine, employing an updated, PowerShell-based version of its GammaSteel infostealer malware. This campaign, which began in late February 2025 and continued into March, signifies Shuckworm’s persistent focus on Ukrainian entities and…
-
GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks
The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate their intrusion capabilities and carry out coordinated strikes effectively. PowerModul and Initial Infection Vectors PowerModul…
-
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
-
Tainted drive appears to be source of malware attack on Western military mission in Ukraine
Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine. First seen on therecord.media Jump to article: therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine
-
Romanian man arrested in UK on suspicion of aiding Russian sabotage campaign
Tags: russiaBritish police arrested a 38-year-old Romanian man suspected of connections to a fire at a DHL warehouse that appeared to be part of a larger sabotage campaign attributed to Russian intelligence. First seen on therecord.media Jump to article: therecord.media/romanian-man-arrested-uk-suspicion-dhl-sabotage-campaign
-
Shuckworm’s Sophisticated Cyber Campaign Targets Ukraine Military Mission
Russia-linked espionage group Shuckworm (also known as Gamaredon or Armageddon) has launched a renewed and more sophisticated cyber campaign targeting a foreign military mission based in Ukraine, according to a detailed report by the Symantec Threat Hunter Team. This latest wave of activity, which began in February 2025 and continued through March, underscores Shuckworm’s relentless…
-
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first…
-
New Russia-linked cyberespionage campaign abuses Windows RDP
First seen on scworld.com Jump to article: www.scworld.com/brief/new-russia-linked-cyberespionage-campaign-abuses-windows-rdp
-
Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime ecosystem. The report highlights the sophistication and resilience of this community, which has been a pioneer in cybercriminal innovation. Sophisticated Tools and Techniques The Russian-speaking…
-
Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
Tags: apt, authentication, cyber, exploit, government, group, hacker, intelligence, mfa, microsoft, phishing, russia, threatRussian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow”, a legitimate authentication mechanism”, to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence…
-
Rogue RDP: Abusing RDP for File Theft and Espionage
A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
-
Germany links cyberattack on research group to Russian state-backed hackers
The German Association for Eastern European Studies (DGO) said the attack at the end of March targeted email systems, bypassing security measures put in place after another recent breach with suspected Russian links. First seen on therecord.media Jump to article: therecord.media/germany-links-cyberattack-russian-hackers
-
Attackers Exploit SourceForge Platform to Distribute Malware
Tags: attack, cyber, cybercrime, cybersecurity, exploit, infection, malicious, malware, russia, softwareA recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This attack, primarily targeting Russian-speaking users, has raised alarms within the cybersecurity community for its level…
-
Russian bots hard at work spreading political unrest on Romania’s internet
Internet users in Romania are finding their social media posts and online news articles bombarded with comments promoting blatant propaganda, inciting hatred towards the EU and NATO, and support for Vladimir Putin’s Russia. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/russian-bots-hard-at-work-spreading-political-unrest-on-romanias-internet
-
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
Two other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure. First seen on therecord.media Jump to article: therecord.media/doppelganger-ceo-arrests-russia-tech
-
Russia jails hacker for two years over cyberattack on local tech company
A Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company. First seen on therecord.media Jump to article: therecord.media/russia-jails-hacker-over-cyberattack-on-tech-firm
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB
A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused of smuggling sensitive trade secrets to Russia over a span of nearly nine years. The engineer, originally from Russia, reportedly transferred confidential information using USB drives while traveling regularly to Moscow, where authorities allege he received cash payments for his…