Tag: russia
-
Russia upgrades rules for its digital spy system to better track citizens online
New regulations published by Russia’s Ministry of Digital Development at the end of May updated the technical standards governing SORM, formally known as the System for Operative Investigative Activities. First seen on therecord.media Jump to article: therecord.media/russia-upgrades-rules-for-digital-spy-system-sorm
-
Pro-Russian hacker group launches ‘Patriotic Online Games’ campaign targeting European organizations
First seen on scworld.com Jump to article: www.scworld.com/brief/pro-russian-hacker-group-launches-patriotic-online-games-campaign-targeting-european-organizations
-
Apple removes Russia’s state-backed messaging app Max from its store
Russian authorities have promoted Max as a domestic alternative to foreign messaging platforms such as Telegram and WhatsApp. First seen on therecord.media Jump to article: therecord.media/apple-removes-russian-app-max-from-app-store
-
Breach Roundup: Microsoft Tries to Mend Researcher Bridges
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested. This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Russia cried cyberespionage, Spanish police arrested a teenaged doxer, a Oracle Weblogic flaw was actively exploited.…
-
Breach Roundup: Microsoft Tried to Mend Researcher Bridges
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested. This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Russia cried cyberespionage, Spanish police arrested a teenaged doxer, a Oracle Weblogic flaw was actively exploited.…
-
Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’
The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus. First seen on therecord.media Jump to article: therecord.media/russia-seeks-extremist-label-for-hacker-groups
-
Kali365 PhaaS Expands to Okta, MAX Messenger Attacks
Tags: attack, cyber, infrastructure, intelligence, microsoft, monitoring, okta, phishing, russia, service, theft, threatThe Kali365 phishing-as-a-service (PhaaS) platform has significantly expanded its operational scope, moving beyond Microsoft 365 token theft to target Okta single sign-on (SSO) environments and Russia’s rapidly growing MAX Messenger platform. New threat intelligence reveals a more mature, multi-brand phishing ecosystem with centralized infrastructure, real-time token monitoring, and geographically targeted campaigns. Previously documented for abusing…
-
Russia FSB claims foreign intelligence used malware on officials’ phones
First seen on scworld.com Jump to article: www.scworld.com/brief/fsb-claims-foreign-intelligence-used-malware-on-officials-phones
-
Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The…
-
Russian hackers exploit WinRAR vulnerability for data theft
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-hackers-exploit-winrar-vulnerability-for-data-theft
-
Russian hacker used AI to run fraud scheme on MAGA Telegram channel
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-hacker-used-ai-to-run-fraud-scheme-on-maga-telegram-channel
-
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/fbi-flagged-phishing-kit-kali365-expands-its-reach
-
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation.Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used…
-
Russia claims foreign spy agencies hacked officials’ phones
In a statement, Russia’s Federal Security Service (FSB) said it had uncovered what it described as a “large-scale operation” involving malicious software installed on the mobile devices of senior Russian officials. First seen on therecord.media Jump to article: therecord.media/russia-claims-foreign-spy-agencies-hacked-gov-officials
-
Stolen Gemini API Keys Fuel Automated Telegram Influence Campaign
A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content generation, credential theft, and infrastructure operations at scale. Tracked as “bandcampro,” the Russian-speaking operator maintained a MAGA themed Telegram channel, @americanpatriotus, for nearly five years, amassing around 17,000 subscribers. The actor…
-
Foreign Spyware Found on Phones of Top Russian Officials
Russian authorities have disclosed a suspected large-scale cyber espionage operation targeting the mobile devices of senior government officials, raising fresh concerns over advanced spyware campaigns and mobile surveillance threats. The Federal Security Service (FSB) announced on Tuesday that it had identified and disrupted an alleged effort by foreign intelligence agencies to deploy malicious software on…
-
Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years
More than half of the attacks observed over the past year targeted educational institutions, particularly maritime universities and schools that train personnel for Russia’s shipping, inland waterway and fishing industries. First seen on therecord.media Jump to article: therecord.media/unknown-hacking-group-targeting-russia-for-nearly-two-years
-
Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations
Investigators seized more than 800 servers as they arrested two men suspected of violating European sanctions and assisting pro-Russian cyberattacks and disinformation campaigns. First seen on therecord.media Jump to article: therecord.media/dutch-authorities-arrest-suspects-over-russian-cyber-operations
-
Chinese phishing gangs grow into a force to be reckoned with
Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/chinese-language-phishing-services/
-
Kremlin appoints cyber executive with alleged GRU ties to Security Council role
Andrei Kozlov, the former head of a cybersecurity center within Russia’s state-owned defense conglomerate Rostec, was named an aide to Security Council Secretary Sergei Shoigu on Friday. First seen on therecord.media Jump to article: therecord.media/andrei-kozlov-appointed-russia-security-council
-
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, all operated by a single threat actor using a fake “patriot” persona. Trend Micro researchers recently documented how a solo Russian-speaking criminal, tracked as “bandcampro,” abused a compromised Gemini setup to automate content, hacking…
-
Authorities seize 800 servers used for cyberattacks and disinformation
Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/25/dutch-seize-800-servers-russian-linked-infrastructure/
-
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on compromised systems. Observed throughout 2025 and continuing into 2026, the activity primarily targets government and commercial entities in Russia and…
-
Netherlands Busts Bulletproof Hosting Network Linked to Disinformation and Cybercrime
Dutch authorities arrested two suspects after dismantling a bulletproof hosting network linked to cybercrime, disinfo, and Russian sanctions evasion. First seen on hackread.com Jump to article: hackread.com/netherlands-busts-bulletproof-hosting-disinfo-cybercrime/
-
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
Dutch authorities arrested two suspects and seized 800 servers tied to Stark Industries, a hosting firm linked to cyberattacks and disinformation. Dutch financial crime investigators arrested two men and seized 800 servers connected to Stark Industries, a hosting provider accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities said the suspects supported Russian and…
-
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
-
Europe dismantles VPN service used by cybercriminals to hide ransomware attacks
The international operation targeted a service known as First VPN, which had been marketed for years on Russian-speaking cybercrime forums as a secure way for criminals to evade law enforcement. First seen on therecord.media Jump to article: therecord.media/europe-dismantles-first-vpn

