Tag: russia
-
US Sanctions Russian Exploit Broker Over Stolen US Cyber Tools
The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams. First seen on hackread.com Jump to article: hackread.com/us-sanctions-russian-exploit-broker-us-cyber-tools/
-
Treasury Sanctions Russian Exploit Brokerage
The U.S. sanctioned Russia-linked Operation Zero for trafficking stolen zero-day exploits tied to national security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/treasury-sanctions-russian-exploit-brokerage/
-
Ex-L3Harris exec jailed 7 years for selling exploits to Russia
Former Trenchant manager profited millions from cyber tools reserved for the US First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/former_l3harris_exec_jailed/
-
Moscow man accused of posing as FSB officer to extort Conti ransomware gang
A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service, according to local media reports. First seen on therecord.media Jump to article: therecord.media/moscow-man-accused-of-extorting-conti-gang
-
Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero
A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty…
-
US sanctions Russian broker for buying stolen zero-day exploits
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-russian-exploit-broker-for-buying-stolen-zero-days/
-
Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/defense-contractor-boss-7-years/
-
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ex-l3harris-exec-jailed-for-selling-zero-days-to-russian-exploit-broker/
-
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars.Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025.…
-
Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
The U.S. Treasury announced it was imposing sanctions against a Russian broker of zero-day exploits, its founder and two affiliates, citing a threat to U.S. national security. Another affiliated zero-day broker in the United Arab Emirates was also sanctioned. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/treasury-sanctions-russian-zero-day-broker-accused-of-buying-exploits-stolen-from-u-s-defense-contractor/
-
Amazon: Low-Skill Hacker Used AI Tools to Breach FortiGate Devices Globally
Amazon says a Russian speaking low-skill hacker used AI tools to breach hundreds of FortiGate devices worldwide, showing how AI can scale cyberattacks with basic methods. First seen on hackread.com Jump to article: hackread.com/amazon-hacker-ai-tools-breach-fortigate-devices/
-
Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals
Protecting Ukrainian national security will probably require restrictions on Telegram and other anonymous online platforms as Russia continues to use them to organize sabotage and terrorism, officials said. First seen on therecord.media Jump to article: therecord.media/ukraine-telegram-regulation-russia-sabotage-recruitment
-
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
600+ FortiGate Devices Hacked by AI-Armed Amateur
A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/600-fortigate-devices-hacked-ai-amateur
-
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of…
-
Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says
A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 FortiGate firewall devices across more than 55 countries earlier this year, researchers have found. First seen on therecord.media Jump to article: therecord.media/gen-ai-fortigate-hackers-russia
-
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-threat-actor-genai/
-
Ukraine says cyberattacks on energy grid now used to guide missile strikes
Russian cyberattacks targeting Ukraine’s energy infrastructure are increasingly focused on collecting intelligence to guide missile strikes rather than immediately disrupting operations, Ukrainian cybersecurity officials said. First seen on therecord.media Jump to article: therecord.media/ukraine-cyberattacks-guiding-russian-missile-strikes
-
Ransomware gangs advancing Moscow’s geopolitical aims, Romanian cyber chief warns
Recent ransomware attacks targeting Romania’s critical infrastructure were likely part of a broader Russian hybrid operation aimed at undermining the country’s stability, Romania’s top cybersecurity official said. First seen on therecord.media Jump to article: therecord.media/ransomware-gangs-advancing-moscow-geopolitical-interests-warns-romania
-
AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign
Off-the-shelf tools helped Russian-speaking cybercrime group run riot First seen on theregister.com Jump to article: www.theregister.com/2026/02/23/aws_fortigate_firewalls/
-
AI-powered campaign compromises 600 FortiGate systems worldwide
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how…
-
Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
-
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries.That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026.”No exploitation of FortiGate First seen on…
-
Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
-
Russia stepping up hybrid attacks, preparing for long standoff with West, Dutch intelligence warns
Russia’s intensifying cyberattacks, sabotage and covert influence operations across Europe show the Kremlin is preparing for a prolonged confrontation with the West, Dutch intelligence agencies said. First seen on therecord.media Jump to article: therecord.media/russia-cyberattacks-europe-warfare
-
Public mobile networks are being weaponized for combat drone operations
On June 1, 2025, Ukraine launched a coordinated drone strike on five airfields inside Russia, disabling or destroying aircrafts. The attack involved more than 100 drones … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/enea-mobile-connected-drones-report/
-
Public mobile networks are being weaponized for combat drone operations
On June 1, 2025, Ukraine launched a coordinated drone strike on five airfields inside Russia, disabling or destroying aircrafts. The attack involved more than 100 drones … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/enea-mobile-connected-drones-report/