Tag: russia
-
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
The phishing campaign is highly sophisticated! First seen on hackread.com Jump to article: hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/
-
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/firefox-affected-by-flaw-similar-to-chrome-zero-day-exploited-in-russia/
-
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
In a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be orchestrated by Russian Intelligence Services or aligned actors, utilizes a network of fraudulent websites to…
-
Leaked Black Basta chat logs indicate ties to Russian officials
First seen on scworld.com Jump to article: www.scworld.com/brief/leaked-black-basta-chat-logs-indicate-ties-to-russian-officials
-
Russian internet provider purportedly breached by Ukrainian hacktivists
First seen on scworld.com Jump to article: www.scworld.com/brief/russian-internet-provider-purportedly-breached-by-ukrainian-hacktivists
-
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
Russian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users. First seen on therecord.media Jump to article: therecord.media/mamont-banking-malware-arrests-russia
-
Russian Espionage Group Using Ransomware in Attacks
Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Cyberangriff auf ein Mineralöl-Unternehmen in Russland
Russian Lukoil hit by large-scale cyberattack First seen on newsukraine.rbc.ua Jump to article: newsukraine.rbc.ua/news/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html
-
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Raspberry Robin, also known as Roshtyak or Storm-0856, has evolved from a simple worm targeting copy shops to First seen on securityonline.info Jump to article: securityonline.info/raspberry-robin-from-copy-shop-worm-to-russian-gru-cyber-tool/
-
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating First…
-
Russian threat actor weaponized Microsoft Management Console flaw
A threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russian-threat-actor-weaponizing-microsoft-management-console-zero-day/743558/
-
CVE-2025-2783: Chrome Zero-Day Targets Russian Organizations
Google Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-2783-chrome-zero-day/
-
Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine
The campaign was identified during an investigation into a Bulgarian woman accused of spying for Russia earlier this year. First seen on therecord.media Jump to article: therecord.media/austria-uncovers-russian-disinfo-campaign
-
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-ransomware-gang-exploited-windows-zero-day-before-patch/
-
Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines. The attack manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and…
-
Google fixes Chrome zero-day exploited in espionage campaign
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
-
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on…
-
Lengthy disruption of Russian internet provider claimed by Ukrainian hacker group
A multi-day outage of internet services by Lovit, a widely used provider in cities such as Moscow and St. Petersburg, was claimed by the IT Army, a pro-Ukraine hacking group. First seen on therecord.media Jump to article: therecord.media/russia-isp-lovit-outages-claimed-ukraine-it-army
-
CVE-2025-26633: Water Gamayun Exploits Windows MMC in Active Zero-Day Campaign
A zero-day vulnerability tracked as CVE-2025-26633 is being actively exploited in the wild by a sophisticated Russian-linked threat First seen on securityonline.info Jump to article: securityonline.info/cve-2025-26633-water-gamayun-exploits-windows-mmc-in-active-zero-day-campaign/
-
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin.”Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia,” Silent Push said in a…
-
Meet the Low-Key Access Broker Supercharging Russian State Cybercrime
Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/access-broker-russian-state-cybercrime
-
VanHelsing ransomware emerges to put a stake through your Windows heart
There’s only one rule don’t attack Russia, duh First seen on theregister.com Jump to article: www.theregister.com/2025/03/25/vanhelsing_ransomware_russia/
-
Russia subjected to suspected joint Head Mare, Twelve attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/russia-subjected-to-suspected-joint-head-mare-twelve-attacks
-
Medusa Ransomware Brings Its Own Vulnerable Driver
Tags: breach, crowdstrike, detection, endpoint, group, hacker, malicious, ransomware, russia, software, vulnerability, windowsHackers Use Stolen Certificates to Bypass Endpoint Detection and Response. A Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/medusa-ransomware-brings-its-own-vulnerable-driver-a-27813
-
US Weakens Disinformation Defenses, as Russia & China Ramp Up
Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/us-weakens-disinformation-defenses-russia-china-ramp-up
-
Russian Firm Offers $4 Million for Telegram Exploits
A Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations. On March 20, the exploit broker announced on X that it was offering up…