Tag: ukraine
-
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.”The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,” Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with…
-
Fake Ukraine Police Notices Spread New Amatera Stealer and PureMiner
FortiGuard Labs exposes a high-severity phishing campaign impersonating the National Police of Ukraine to deliver Amatera Stealer (data theft) and PureMiner (cryptojacking) to Windows PCs. First seen on hackread.com Jump to article: hackread.com/fake-ukraine-police-notices-amatera-stealer-pureminer/
-
Russia Leveraging Cyber-Attacks as a Strategic Weapon Against Key Industries in Major Nations
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has become a central battleground for international conflict. Russia is leveraging cyber-attacks to alleviate economic pressure from international sanctions and to enhance its war-fighting capabilities, targeting key industries in major countries around the globe. In November…
-
Fake Ukrainian Police Emails Spread New CountLoader Malware Loader
A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker. First seen on hackread.com Jump to article: hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/
-
Fake Ukrainian Police Emails Spread New CountLoader Malware Loader
A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker. First seen on hackread.com Jump to article: hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/
-
Russian Hackers Join Forces: Gamaredon + Turla Target Ukraine
ESET reports FSB-linked Gamaredon and Turla collaborating in cyberattacks on Ukraine. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/russian-hackers-join-forces-gamaredon-turla-target-ukraine/
-
Russische Top-Hacker Gamaredon und Turla greifen ukrainische Spitzenziele an
Die Sicherheitsforscher von ESET haben erstmals technische Belege dafür veröffentlicht, dass die beiden bekannten Hackergruppen Gamaredon und Turla koordiniert in der Ukraine agieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/russische-hacker-gamaredon-turla-ukrainische-spitzenziele
-
Russische Top-Hacker Gamaredon und Turla greifen ukrainische Spitzenziele an
Die Sicherheitsforscher von ESET haben erstmals technische Belege dafür veröffentlicht, dass die beiden bekannten Hackergruppen Gamaredon und Turla koordiniert in der Ukraine agieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/russische-hacker-gamaredon-turla-ukrainische-spitzenziele
-
ESET uncovers GamaredonTurla collaboration in Ukraine cyberattacks
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous…
-
Russian Nation-State Hackers Join Forces to Target Ukraine
First-Ever Malware Tie-Up Spotted Between FSB’s Turla and Gamaredon Hacking Groups. Two long-running advanced persistent threat groups tied to Russia’s Federal Security Service, the FSB, called Turla and Gamaredon, appear for the first time to be running a joint cyberespionage operation using their separate malware arsenals, designed to hit high-value targets in Ukraine. First seen…
-
Russian spy groups Turla, Gamaredon join forces to hack Ukraine, researchers say
Slovak cybersecurity firm ESET said it had detected four cases in which both groups compromised the same Ukrainian machines. First seen on therecord.media Jump to article: therecord.media/russian-spy-groups-turla-gamaredon-target-ukraine
-
Russian State Hackers Collaborate in Attacks Against Ukraine
ESET found that the FSB-affiliated groups, Gamaredon and Turla, are sharing tools to help conduct espionage attacks against Ukrainian organizations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-state-hackers-collaborate/
-
Russian Hacking Groups Gamaredon and Turla Target Organizations to Deliver Kazuar Backdoor
Silhouetted hooded figures represent Russian hackers operating under the auspices of the FSB against targeted organizations. Two prominent Russian state-sponsored hacking groups, Gamaredon and Turla, have been observed collaborating in sophisticated cyberattacks targeting Ukrainian organizations to deploy the advanced Kazuar backdoor. New evidence reveals an unprecedented level of coordination between these Federal Security Service (FSB)…
-
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities.Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group’s Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely…
-
New Loader “CountLoader” Uses PDFs to Launch Ransomware Attacks
Security researchers have uncovered a sophisticated new malware loader called >>CountLoader
-
Russian regional airline disrupted by suspected cyberattack
Siberia-based airline KrasAvia experienced some outages to digital services in an incident that bears similarities to one that Ukraine-aligned hackers claimed in late July. First seen on therecord.media Jump to article: therecord.media/russia-krasavia-airline-disrupted-suspected-cyberattack
-
The Hidden War Above: How GPS Jamming Exposes Our Digital Vulnerabilities
Every day, thousands of flights cross the skies above the Baltic Sea. Pilots expect their GPS systems to guide them safely through busy air corridors, just as they have for decades. But since Russia’s invasion of Ukraine in 2022, something has changed. Navigation screens flicker with false readings. Aircraft suddenly lose their bearings. Pilots find..…
-
Ukrainian Fugitive Added to EU Most Wanted List for LockerGoga Ransomware
Ukrainian fugitive Volodymyr Tymoshchuk, linked to LockerGoga ransomware, has been added to the EU Most Wanted list as global authorities pursue him. First seen on hackread.com Jump to article: hackread.com/lockergoga-ransomware-eu-most-wanted-list-doj-reward/
-
Ukraine claims cyberattacks on Russian election systems; Moscow confirms disruptions
Ukraine said it was responsible for disrupting websites related to Russian election infrastructure as voters went to the polls in occupied territories. First seen on therecord.media Jump to article: therecord.media/ukraine-claims-ddos-attack-russian-election-system
-
New Zealand sanctions Russian military hackers over cyberattacks on Ukraine
New Zealand has imposed sanctions on Russian military intelligence hackers accused of cyberattacks on Ukraine, including members of a notorious hacking unit previously tied to destructive malware campaigns. First seen on therecord.media Jump to article: therecord.media/new-zealand-russia-gru-ukraine
-
Pro-Russian Hackers Target Critical Industries Across the Globe
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has emerged as a central battleground for international conflict. Russia is increasingly using cyber-attacks as a strategic tool to alleviate economic pressure from international sanctions and to bolster its war capabilities. This shift has led to…
-
Ukrainian Ransomware Fugitive Added to Europe’s Most Wanted
US offers $11m as LockerGoga ransomware suspect becomes one of Europe’s most wanted men First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ukrainian-ransomware-fugitive/
-
Key Operators of LockerGoga, MegaCortex, and Nefilim Ransomware Gangs Arrested
The U.S. District Court for the Eastern District of New York has charged Volodymyr Viktorovich Tymoshchuk, a Ukrainian national known as deadforz, Boba, msfv, and farnetwork, for his role in administering LockerGoga, MegaCortex, and Nefilim ransomware operations. The indictment alleges that Tymoshchuk managed attacks against more than 250 companies in the U.S. and hundreds of…
-
US charges suspected ransomware kingpin, and offers $10 million bounty for his capture
A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. First seen on fortra.com Jump to article: www.fortra.com/blog/us-charges-suspected-ransomware-kingpin-offers-10-million-bounty
-
Ukraine’s ousted cyber chief posts bail in corruption case
Under the bail conditions, Illia Vitiuk must appear when summoned, report any change of residence, avoid contact with certain individuals and surrender his foreign passports to investigators. First seen on therecord.media Jump to article: therecord.media/vitiuk-bail-anti-corruption-case
-
Uncle Sam indicts alleged ransomware kingpin tied to $18B in damages
Prosecutors claim Ukrainian ran LockerGoga, MegaCortex, and Nefilim ops $11M bounty on his head First seen on theregister.com Jump to article: www.theregister.com/2025/09/10/us_nefilim_ransomware_indictment/
-
U.S. indicts Ukrainian national for hundreds of ransomware attacks using multiple variants
The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide. Volodymyr Viktorovych Tymoshchuk, known online as “deadforz,” “Boba,” “msfv,” and “farnetwork,” is accused of developing and deploying ransomware variants Nefilim, LockerGoga, and MegaCortex, all of which have been used in attacks…
-
US Feds Indict Lockergoga and Megacortex Ransomware Hacker
State Department Offers Up to $10M for Tips on Volodymyr Tymoshchuk. A hacker who federal prosecutors say was behind the LockerGoga and MegaCortex ransomware strains faces a seven count criminal indictment in U.S. federal court, prosecutors said Tuesday. Ukrainian national Volodymyr Tymoshchuk, 28, was administrator of the two ransomware operations, prosecutors say. First seen on…
-
Ukrainian national charged with helping run LockerGoga, MegaCortex and Nefilim ransomware
Volodymyr Tymoshchuk, currently a fugitive, was an administrator for multiple ransomware strains, including LockerGoga, said U.S. prosecutors in unsealing an indictment against the Ukrainian national. First seen on therecord.media Jump to article: therecord.media/lockergoga-megacortex-nefilim-ransomware-ukrainian-indictment-unsealed