Tag: russia
-
A Signal Update Fends Off a Phishing Technique Used in Russian Espionage
Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards. First seen on wired.com Jump to article: www.wired.com/story/russia-signal-qr-code-phishing-attack/
-
Russian State Hackers Target Signal to Spy on Ukrainians
Google has warned that Russian state-backed hackers are targeting Signal to eavesdrop on persons of interest in Ukraine First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-hackers-signal-spy/
-
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying
Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations. The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/
-
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts.The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month.Targets of the campaign…
-
Russian Government Proposes Stricter Penalties to Tackle Cybercrime
Tags: cyber, cybercrime, cybersecurity, framework, government, hacker, infrastructure, law, russia, threatThe Russian government has unveiled sweeping legislative reforms aimed at curbing cybercrime, introducing stricter penalties, expansive law enforcement powers, and novel judicial measures. Approved on February 10, 2025, the amendments seek to modernize the nation’s cybersecurity framework amid rising digital threats, targeting hackers, fraudsters, and infrastructure attackers with harsher punishments and strengthened investigative tools. The…
-
‘Hybrid’ description downplays Russian intrusions, Estonian official says
Tags: russiaFirst seen on scworld.com Jump to article: www.scworld.com/brief/hybrid-description-downplays-russian-intrusions-estonian-official-says
-
New pro-Russian DDoS attacks target Italian websites
First seen on scworld.com Jump to article: www.scworld.com/brief/new-pro-russian-ddos-attacks-target-italian-websites
-
Phishing campaign targets Microsoft device-code authentication flows
Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-campaign-targets-microsoft-device-code-authentication-flows/740201/
-
Threat Actors Trojanize Popular Games to Evade Security and Infect Systems
A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games. Exploiting the holiday season’s heightened torrent activity, the attackers distributed compromised game installers via torrent trackers. The campaign, which lasted for a month, primarily delivered the XMRig cryptominer to unsuspecting users in Russia, Brazil, Germany, Belarus, and Kazakhstan. Popular…
-
Is Russia Reining In Ransomware-Wielding Criminals?
Flurry of Arrests a Potential Prelude to Russia-Ukraine Peace Negotiations Even before Donald Trump took office on Jan. 20, there were signs that Russian President Vladimir Putin ordered cybercriminals operating inside his country’s borders to be reined in, potentially as a bargaining chip in negotiations over Russia’s stalemated war of conquest against Ukraine. First seen…
-
Storm-2372: Russian-Linked Hackers Exploit Device Code Phishing in Global Campaign
Microsoft Threat Intelligence has uncovered an active and ongoing phishing campaign conducted by the threat actor Storm-2372, a First seen on securityonline.info Jump to article: securityonline.info/storm-2372-russian-linked-hackers-exploit-device-code-phishing-in-global-campaign/
-
Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers
Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers.…
-
Is Russia Reining-In Ransomware-Wielding Criminals?
Flurry of Arrests a Potential Prelude to Russia-Ukraine Peace Negotiations Even before Donald Trump took office on Jan. 20, there were signs that Russian President Vladimir Putin ordered cybercriminals operating inside his country’s borders to be reined in, potentially as a bargaining chip in negotiations over Russia’s stalemated war of conquest against Ukraine. First seen…
-
New Golang-based backdoor relies on Telegram for C2 communication
Netskope Threat Labs researchers discovered a Golang-based backdoor using Telegram for C2 communication, possibly of Russian origin. Netskope Threat Labs found a Golang-based backdoor using Telegram for C2. The malware, still in development but functional, exploits cloud apps to evade detection. The experts believe the new Go backdoor could have a Russian origin. Upon executing…
-
Pro-Russia Hackers NoName057(16) Hit Italian Banks and Airports
Pro-Russia hackers NoName057(16) has targeted Italian banks, airports and ports in a series of DDoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/noname05716-hit-italian-banks/
-
Russian State Hackers Target Organizations With Device Code Phishing
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign. The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/
-
Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites
Pro-Russia collective NoName057(16) launched DDoS attacks on Italian sites, targeting airports, the Transport Authority, major ports, and banks. The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the websites of Linate and Malpensa airports, the Transport Authority, the bank Intesa San Paolo, and…
-
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications.Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.”The malware is compiled in Golang and once executed it acts like a backdoor,” security researcher Leandro Fróes said in…
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
CVE-2024-1709 and CVE-2023-48788: Exploits Fueling Russia’s BadPilot Campaign
Microsoft Threat Intelligence has exposed a multiyear cyber espionage campaign conducted by a subgroup of the Russian state-sponsored First seen on securityonline.info Jump to article: securityonline.info/cve-2024-1709-and-cve-2023-48788-exploits-fueling-russias-badpilot-campaign/
-
Storm-2372 used the device code phishing technique since August 2024
Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Microsoft Threat Intelligence researchers warn that threat actor Storm-2372, likely linked to Russia, has been targeting governments, NGOs, and various industries across multiple regions since August 2024. The attackers employ a phishing technique called…
-
Emulating the Financially Motivated Criminal Adversary FIN7 Part 2
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the long-standing, financially motivated Russian criminal adversary known as FIN7 based on activities observed between 2022 and 2023. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/emulating-the-financially-motivated-criminal-adversary-fin7-part-2/
-
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/
-
Zelensky calls to build ‘army of Europe’ to counter future Russian threats
Ukraine’s president said the European Union needs to be self-reliant to counter threats from Russia amid ongoing tensions with the Trump administration. First seen on therecord.media Jump to article: therecord.media/zelensky-calls-for-army-of-europe-to-counter-russia
-
Threat actors are using legitimate Microsoft feature to compromise M365 accounts
Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/14/microsoft-device-code-authentication-phishing-m365-account-compromise/
-
Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing
Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-microsoft-device-code/
-
What is device code phishing, and why are Russian spies so successful at it?
Overlooked attack method has been used since last August in a rash of account takeovers. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/
-
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens. First seen on cyberscoop.com Jump to article: cyberscoop.com/russia-threat-groups-device-code-phishing-microsoft-accounts/