Tag: russia
-
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine
Sandworm and other Russian-state hackers unleash data-destroying payloads on their neighbors. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/wipers-from-russias-most-cut-throat-hackers-rain-destruction-on-ukraine/
-
Wipers from Russia’s most cut-throat hackers rain destruction on Ukraine
Sandworm and other Russian-state hackers unleash data-destroying payloads on their neighbors. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/wipers-from-russias-most-cut-throat-hackers-rain-destruction-on-ukraine/
-
Russia’s Destructive Wiper Attacks on Ukraine Rise Again
Nation-State Teams Tied to Grain Sector Targeting, Plus More Joined-Up Operations. Russia’s nation-state hacking groups have returned to pummeling Ukrainian targets with destructive, wiper malware, including in apparent attempts to disrupt its economically valuable grain sector, alongside the repeat targeting of allied European nations, researchers report. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-destructive-wiper-attacks-on-ukraine-rise-again-a-29945
-
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities.The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned.”InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link First seen on thehackernews.com…
-
Cavalry Werewolf Hit Russian Government with New ShellNET Backdoor
Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control. First seen on hackread.com Jump to article: hackread.com/cavalry-werewolf-russia-government-shellnet-backdoor/
-
Cavalry Werewolf Hit Russian Government with New ShellNET Backdoor
Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control. First seen on hackread.com Jump to article: hackread.com/cavalry-werewolf-russia-government-shellnet-backdoor/
-
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry
The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
-
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry
The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
-
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry
The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
-
Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs
Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom…
-
Sandworm hackers use data wipers to disrupt Ukraine’s grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
-
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
-
Sandworm hackers use data wipers to disrupt Ukraine’s grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
-
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
-
Russia-linked ‘Curly COMrades’ turn to malicious virtual machines for digital spy campaigns
A cyber-espionage operation installed lightweight virtual machines to evade detection, researchers said, in the latest sign of Russia-linked hackers adapting their tactics. First seen on therecord.media Jump to article: therecord.media/virtual-machines-cyber-espionage-russia-linked-curly-comrades
-
Curly COMrades Hacker Group Deploys New Tools for Stealthy Remote Access on Compromised Windows 10 Systems
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolitical interests, the group has deployed innovative tools and techniques that successfully bypass traditional endpoint detection and response (EDR) solutions. This investigation, conducted in…
-
Curly COMrades Hacker Group Deploys New Tools for Stealthy Remote Access on Compromised Windows 10 Systems
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolitical interests, the group has deployed innovative tools and techniques that successfully bypass traditional endpoint detection and response (EDR) solutions. This investigation, conducted in…
-
Pro-Russian Hackers Use Linux VMs to Hide in Windows
A threat actor known as Curly COMrades is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows
-
Russian spies pack custom malware into hidden VMs on Windows machines
Curly COMrades strike again First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/russian_spies_pack_custom_malware/
-
Ex-L3Harris Exec Sold U.S. Cyber Secrets to Russia, Pleads Guilty
Former L3Harris executive Peter Williams admitted selling U.S. cyber tools to a Russian broker, endangering national security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ex-l3harris-exec-sold-u-s-cyber-secrets-to-russia-pleads-guilty/
-
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades has been abusing Microsoft’s Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
-
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…
-
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…
-
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and interviews with former Trenchant staff, explains how Williams pulled off the heist of hacking tools. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/
-
How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and interviews with former Trenchant staff, explains how Williams pulled off the heist of hacking tools. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/
-
Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group
The company said the breach exposed contact information and inquiry details from users of its online stores, Askul, Lohaco and Soloel Arena, as well as supplier data stored on its internal servers. First seen on therecord.media Jump to article: therecord.media/askul-confirms-data-breach-ransomware-incident
-
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military
A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/
-
Chinese hackers target Western diplomats using hardpatch Windows shortcut flaw
Tags: access, attack, china, control, cyber, endpoint, exploit, flaw, group, hacker, intelligence, mitigation, monitoring, rat, russia, threat, ukraine, update, vulnerability, windowsMitigation: In the absence of a patch, organizations worried about .LNK attacks should consider blocking .LNK files or disabling their execution in Windows Explorer, Arctic Wolf advised.”This should be put in place across all Windows systems, prioritizing endpoints used by personnel with access to sensitive diplomatic or policy information. While this vulnerability was disclosed in…