Tag: russia
-
Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing
Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-microsoft-device-code/
-
Ukraine warns of growing AI use in Russian cyber-espionage operations
Russia is using artificial intelligence to boost its cyber-espionage operations, Ihor Malchenyuk of Ukraine’s State Service of Special Communications and Information Protection (SSCIP), said at the Munich Cyber Security Conference. First seen on therecord.media Jump to article: therecord.media/russia-ukraine-cyber-espionage-artificial-intelligence
-
Ukraine struggles to counter Russian disinfo without US support, local cyber official says
“This is a very serious issue for Ukraine,” Ukrainian security official Natalia Tkachuk said about the Trump administration’s freeze on U.S. foreign aid, including cyber and counter-disinformation programs started after the Russian invasion. First seen on therecord.media Jump to article: therecord.media/ukraine-russia-disinformation-us-foreign-aid
-
Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas First…
-
US charges two Russian men in connection with Phobos ransomware operation
Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/us-charges-russian-men-phobos-ransomware-operation
-
Russian Influence Operations Target German Elections
A new report from Insikt Group reveals that Russia-linked influence operations are actively targeting the February 23, 2025, First seen on securityonline.info Jump to article: securityonline.info/russian-influence-operations-target-german-elections/
-
APT Groups Using Ransomware ‘Smokescreen’ for Espionage
Russian, Iranian and Chinese APTs Among Most Active Ransomware Collaborators. Security researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities. First seen on govinfosecurity.com Jump to article:…
-
Microsoft Uncovers ‘BadPilot’ Campaign as Seashell Blizzard Targets US and UK
Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the… First seen on hackread.com Jump to article: hackread.com/microsoft-badpilot-campaign-seashell-blizzard-usa-uk/
-
Cryptohack Roundup: Sentencing in a $37M Theft Case
Also: Complaint Against Trump, Melania Memecoins. This week’s stories include sentencing in a $37 million theft, $9 million zkLend theft, Tornado Cash developer’s pretrial detention release, guilty plea in SEC hack, an update on a crypto-using murderer, case against Trump memecoin, and a prisoner exchange involving a Russian Bitcoin fraud suspect. First seen on govinfosecurity.com…
-
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including the escalation of the Russia-Ukraine war and the Israel-Hamas confrontation. The trend of malicious targeting…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
UK government sanctions target Russian cyber crime network Zservers
The UK government has imposed sanctions on a Russian cyber crime syndicate responsible for aiding ransomware attacks, targeting the group and individual members First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619219/UK-government-sanctions-target-Russian-cyber-crime-network-ZSERVERS
-
Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website
A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm, has intensified its cyber operations through a campaign dubbed BadPilot. This multi-year initiative has targeted critical infrastructure worldwide, expanding the group’s reach beyond its traditional focus on Ukraine and Eastern Europe to include North America, Europe, and Asia-Pacific regions. Exploiting Vulnerabilities…
-
BadPilot Attacking Network Devices to Expand Russian Seashell Blizzard’s Attacks
A newly uncovered cyber campaign, dubbed >>BadPilot,
-
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
Tags: access, attack, blizzard, computer, control, cyber, cyberattack, cybersecurity, data, espionage, exploit, fortinet, group, hacker, hacking, infrastructure, intelligence, international, microsoft, military, network, ransomware, russia, software, strategy, supply-chain, threat, tool, ukraine, update, vulnerability, zero-trustWeaponizing IT software against global enterprises: Since early 2024, the hackers have exploited vulnerabilities in widely used IT management tools, including ConnectWise ScreenConnect (CVE-2024-1709) and Fortinet FortiClient EMS (CVE-2023-48788). By compromising these critical enterprise systems, the group has gained undetected access to networks, Microsoft warned.”Seashell Blizzard’s specialized operations have ranged from espionage to information operations…
-
Sandworm APT’s initial access subgroup hits organizations accross the globe
A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/13/sandworm-apts-initial-access-subgroup-hits-organizations-accross-the-globe/
-
Threat Actors in Russia, China, and Iran Targeting Local communities in the U.S
Foreign adversaries, including Russia, China, and Iran, are intensifying their efforts to manipulate public opinion and destabilize local communities across the United States. These campaigns, once primarily focused on national-level politics, have increasingly targeted state and local governments, community groups, and individuals. Leveraging advanced technologies such as generative artificial intelligence (AI), these actors aim to…
-
Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign, which compromises infrastructure to support Russian cyber operations. Seashell Blizzard (aka Sandworm, BlackEnergy and TeleBots) has been…
-
Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft
A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence. The post Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-seashell-blizzard-hackers-gain-maintain-access-to-high-value-targets-microsoft/
-
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a Trump administration source told CNN. The New York Times first reported that Alexander Vinnik, a Russian money laundering suspect, is being released from U.S. custody in exchange for Marc Fogel, according to a Trump administration source. Alexander Vinnik, a…
-
Feds Sanction Russian Cybercrime Bulletproof Hosting Service
US, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime Groups. A Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns. First seen on govinfosecurity.com…
-
Lines Between Nation-State and Cybercrime Groups Disappearing: Google
Threat researchers with Google are saying that the lines between nation-state actors and cybercrime groups are blurring, noting that gangs backed by China, Russia, and others are using financially motivated hackers and their tools while attacks by cybercriminals should be seen as national security threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/lines-between-nation-state-and-cybercrime-groups-disappearing-google/
-
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) to Hack Windows Systems
In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows systems. This operation, active since late 2023, employs trojanized KMS activators and fake Windows updates to deploy malware, including the…
-
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/feds-sanction-russian-hosting-provider-lockbit-attacks
-
Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops
Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-seashell-blizzard-initial/
-
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap
Alexander Vinnik, who ran the defunct cryptocurrency exchange BTC-e and pleaded guilty last year to participating in a money laundering scheme, is heading back to Russia as part of a prisoner swap that freed an American teacher, reports said. First seen on therecord.media Jump to article: therecord.media/alexander-vinnik-reported-released-prisoner-swap-russia-us
-
Russia’s Sandworm APT Exploits Edge Bugs Globally
Sandworm (aka Seashell Blizzard) has an initial access wing called BadPilot that uses standard intrusion tactics to spread Russia’s tendrils around the world. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally
-
Subgroup of Russia’s Sandworm compromising US and European organizations, Microsoft says
The BadPilot hackers have expanded their focus beyond Ukraine and Eastern Europe, gaining initial access to dozens of strategically important organizations across the U.S. and U.K. First seen on therecord.media Jump to article: therecord.media/sandworm-subgroup-russia-europe
-
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-state-threat-group-shifts-focus/
-
Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs
‘Near-global’ initial access campaign active since 2021 First seen on theregister.com Jump to article: www.theregister.com/2025/02/12/russias_sandworm_caught_stealing_credentials/