Tag: ukraine
-
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/
-
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dprk-backed-ta406-targets-ukraine/
-
North Korean hackers target Ukrainian government in new espionage campaign
The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint. First seen on therecord.media Jump to article: therecord.media/north-korea-hackers-target-ukraine-to-understand-russian-war-efforts
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…
-
North Korea’s TA406 Targets Ukraine for Intel
The threat group’s goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-koreas-ta406-targets-ukraine
-
North Korea Targets Ukraine With Cyberespionage Operations
Tags: cyber, cyberespionage, cybersecurity, hacker, intelligence, korea, north-korea, phishing, risk, ukrainePhishing Campaigns Appear to Be Solely Intelligence-Gathering for DPRK Leadership. North Korea nation-state hackers appear to have entered the Ukrainian cyber operations fray, albeit solely for cyberespionage purposes for gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theater, cybersecurity researchers report. First seen on govinfosecurity.com Jump…
-
South African influencershire target Ukraine’s president in influence campaign, researchers say
A new analysis from the Atlantic Council’s Digital Forensic Research Lab (DFRLab) identified over 40 accounts involved in the traffic manipulation campaign, which garnered 290,000 views. First seen on therecord.media Jump to article: therecord.media/south-african-influencers-anti-zelensky-campaign
-
South African influencershire target Ukraine’s president in disinformation campaign, researchers say
A new analysis from the Atlantic Council’s Digital Forensic Research Lab (DFRLab) identified over 40 accounts involved in the traffic manipulation campaign, which garnered 290,000 views. First seen on therecord.media Jump to article: therecord.media/south-african-influencers-anti-zelensky-campaign
-
DDoS-Attacken auf deutsche Städte
Hacker haben die Webseiten von mehreren deutschen Städten mit DDoS-Attacken lahmgelegt.Am 25. April 2025 kämpfte die Stadt Nürnberg mit einem Ausfall ihrer Online-Dienste. Ursache war eine sogenannte DDoS-Attacke (Distributed Denial of Service). Dabei wird eine Website mit Bot-Anfragen überflutet, sodass die Serverkapazitäten überlastet sind. Wie der Bayerische Rundfunk berichtet hatte, verlief der Angriff in Wellenformen.…
-
India-Pakistan conflict underscores your C-suite’s need to prepare for war
Tags: business, ciso, communications, conference, cyber, cyberattack, data-breach, disinformation, government, india, infrastructure, military, network, russia, service, supply-chain, ukraine, update, usa, vulnerabilityHow the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in…
-
Ukraine detains alleged FSB agent recruited via TikTok for spying on military
A 43-year-old woman was reportedly tasked with identifying and photographing the positions of Ukrainian forces near the front-line town of Pokrovsk, currently one of the most active combat zones. First seen on therecord.media Jump to article: therecord.media/ukraine-arrests-fsb-agent-spying-recruited-tiktok
-
Ukrainian Extradited to U.S. Over Global Ransomware Scheme Using Nefilim Strain
Artem Stryzhak, a Ukrainian national, has been extradited from Spain to the United States to face charges related to a global ransomware operation that used the notorious Nefilim ransomware strain. The 2025 extradition is an important step in a years-long investigation into a cyber-extortion campaign that targeted multinational corporations and caused millions of dollars in…
-
State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape
Tags: attack, cyber, cybersecurity, government, group, india, infrastructure, military, russia, threat, ukraineGlobal cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts: BlackJack, Handala Group, Indian Cyber Force, and NoName057(16). Critical infrastructure, including government, military, transportation, logistics,…
-
Raytheon settles with feds for $8.4 million; Ukrainian national extradited over Nefilim cases
Tags: ukraineFirst seen on scworld.com Jump to article: www.scworld.com/news/raytheon-settles-with-feds-for-8-4-million-ukrainian-national-extradited-over-nefilim-cases
-
Ukrainian extradited to US for alleged Nefilim ransomware attack spree
Federal law enforcement officials accuse Artem Stryzhak, who was arrested in Spain last year, of attacking and extorting multiple companies between 2018 and 2021. First seen on cyberscoop.com Jump to article: cyberscoop.com/nefilim-ransomware-artem-stryzhak-extradited/
-
Nefilim ransomware suspect extradited from Spain to US
Ukrainian national Artem Stryzhak is accused of using Nefilim ransomware to target large companies in the U.S. and elsewhere. First seen on therecord.media Jump to article: therecord.media/nefilim-ransomware-extradited-spain
-
Ukrainian extradited to US for Nefilim ransomware attacks
A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukrainian-extradited-to-us-for-nefilim-ransomware-attacks/
-
Large-Scale Phishing Campaigns Target Russia and Ukraine
A large-scale phishing campaign using DarkWatchman and Sheriff malware has been observed targeting companies in Russia and Ukraine First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-campaigns-targets-russia/
-
Putin’s Cyberattacks on Ukraine Rise 70%, With Little Effect
Russia’s cyberattacks on Ukraine have increased dramatically, targeting the country’s government and defense infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/putin-cyberattacks-ukraine-rise-little-effect
-
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Russian companies have been targeted as part of a large-scale phishing campaign that’s designed to deliver a known malware called DarkWatchman.Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said.The activity is assessed to be the work of a…
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
Cyberangriff auf eine Baumarkt-Kette in der Ukraine
Ukraine’s largest home improvement retailer disrupted by cyberattack First seen on therecord.media Jump to article: therecord.media/epicentr-ukraine-home-improvement-cyberattack
-
Ukraine’s largest home improvement retailer disrupted by cyberattack
Epicentr, a home improvement chain that operates more than 70 stores in Ukraine, said it suffered a cyberattack that crippled key IT systems. First seen on therecord.media Jump to article: therecord.media/epicentr-ukraine-home-improvement-cyberattack
-
Ukrainian state and banking services restored after data center outage
A Ukrainian cloud provider said it had restored services after a power outage disrupted operations for customers including government agencies and major companies over the weekend. First seen on therecord.media Jump to article: therecord.media/ukraine-state-and-banking-services-restored
-
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/
-
Wegen Taurus: Prorussische Hacker attackieren Deutschland
Die Pläne von Friedrich Merz, der Ukraine Taurus-Marschflugkörper zu liefern, verärgern prorussische Cyberakteure. Sie schlagen mit Datenpaketen um sich. First seen on golem.de Jump to article: www.golem.de/news/wegen-taurus-prorussische-hacker-attackieren-deutschland-2504-195622.html
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
UK appoints security and intelligence specialist as ambassador to France
Sir Thomas Drew, previously a top official in the Foreign Office and a key figure in Britain’s response to Russia’s invasion of Ukraine, will be the U.K.’s ambassador to France as the two countries prepare to work more closely on security issues. First seen on therecord.media Jump to article: therecord.media/thomas-drew-security-intelligence-specalist-uk-ambassador-france
-
Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine
For the past decade, this group of FSB hackers”, including “traitor” Ukrainian intelligence officers”, has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders. First seen on wired.com Jump to article: www.wired.com/story/gamaredon-turncoat-spies-hacking-ukraine/
-
Russian Shuckworm APT is back with updated GammaSteel malware
files.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…