Tag: russia
-
Kraken Ransomware Targets Windows, Linux, and VMware ESXi in Enterprise Environments
Cisco Talos has identified an emerging threat from Kraken, a sophisticated cross-platform ransomware group that has emerged from the remnants of the HelloKitty ransomware cartel. In August 2025, the security firm observed the Russian-speaking group conducting big-game hunting and double-extortion attacks against enterprise environments worldwide. Kraken represents a significant evolution in ransomware threats due to…
-
Russia’s first autonomous humanoid robot staggers and falls on debut
Tags: russiaGo home, comrade clanker, you look drunk and worryingly angry First seen on theregister.com Jump to article: www.theregister.com/2025/11/13/aidol_russia_robot_fail/
-
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data
A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year.The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may have travel reservations with spam emails. The campaign is said to have…
-
Kazakhstan becomes latest country to ban ‘LGBT propaganda’ online
Joining nations such as Russia, Georgia and Hungary, legislators in Kazakhstan voted to censor what they label as “LGBT propaganda” in the media and online. First seen on therecord.media Jump to article: therecord.media/kazakhstan-legislation-ban-lgbtq-content-online-media
-
Unleashing the Kraken ransomware group
In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/kraken-ransomware-group/
-
Russia imposes 24-hour mobile internet blackout for travelers returning home
Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet “cooling-off period” for anyone returning home to Russia from abroad. First seen on therecord.media Jump to article: therecord.media/russia-24-hour-traveler-mobile-internet-blackouts-ukraine-drones
-
Russia imposes 24-hour mobile internet blackout for travelers returning home
Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet “cooling-off period” for anyone returning home to Russia from abroad. First seen on therecord.media Jump to article: therecord.media/russia-24-hour-traveler-mobile-internet-blackouts-ukraine-drones
-
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call…
-
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,…
-
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,…
-
Russian hacker to plead guilty to aiding Yanluowang ransomware group
Court documents show evidence proving Volkov served as an initial access broker for the ransomware gang, breaking into the network of victims and then offering his access for a percentage of the ransom. First seen on therecord.media Jump to article: therecord.media/russian-hacker-to-plead-guilty-aiding-ransomware-group
-
Russian hacker to plead guilty to aiding Yanluowang ransomware group
Court documents show evidence proving Volkov served as an initial access broker for the ransomware gang, breaking into the network of victims and then offering his access for a percentage of the ransom. First seen on therecord.media Jump to article: therecord.media/russian-hacker-to-plead-guilty-aiding-ransomware-group
-
Yanluowang initial access broker pleaded guilty to ransomware attacks
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/yanluowang-initial-access-broker-pleaded-guilty-to-ransomware-attacks/
-
Yanluowang initial access broker to plead guilty to ransomware attacks
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/yanluowang-initial-access-broker-to-plead-guilty-to-ransomware-attacks/
-
Russian missile barrage disrupts internet, customs databases in Ukraine
Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlocks. First seen on therecord.media Jump to article: therecord.media/russian-missile-barrage-disrupts-internet-ukraine
-
Russian broker pleads guilty to profiting from Yanluowang ransomware attacks
Aleksei Volkov faces years in prison, may have been working with other crews First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/russian_iab_pleads_guilty_to/
-
Russian missile barrage disrupts internet, customs databases in Ukraine
Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlocks. First seen on therecord.media Jump to article: therecord.media/russian-missile-barrage-disrupts-internet-ukraine
-
Russian missile barrage disrupts internet, customs databases in Ukraine
Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlocks. First seen on therecord.media Jump to article: therecord.media/russian-missile-barrage-disrupts-internet-ukraine
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks
Aleksei Olegovich Volkov served as an initial access broker and was involved in attacks on seven U.S. businesses from July 2021 through November 2022. First seen on cyberscoop.com Jump to article: cyberscoop.com/russian-aleksei-volkov-yanluowang-ransomware/
-
Russian APT abuses Windows Hyper-V for persistence and malware execution
Tags: apt, attack, authentication, cctv, defense, group, infrastructure, malware, password, powershell, russia, threat, tool, windowsOther malware tools: The researchers also found additional malware payloads left by the attackers on systems, including a custom PowerShell script used to inject a Kerberos ticket into LSASS to enable authentication and command execution on remote systems.Another PowerShell script was pushed to multiple systems via domain Group Policy to change the password of an…
-
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine
Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-sandworm-new-wiper-ukraine/
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Cavalry Werewolf Launches Cyberattack on Government Agencies to Deploy Network Backdoor
In July 2025, Doctor Web’s anti-virus laboratory received a critical alert from a government-owned organization within the Russian Federation. The institution suspected a network compromise after discovering spam emails originating from one of their corporate email addresses. What began as a routine investigation quickly escalated into the discovery of a sophisticated targeted attack orchestrated by…
-
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware
Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s operations are characterized by their explicitly destructive intent. According to the latest ESET APT Activity…
-
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine
Sandworm and other Russian-state hackers unleash data-destroying payloads on their neighbors. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/wipers-from-russias-most-cut-throat-hackers-rain-destruction-on-ukraine/