Tag: ukraine

Public mobile networks are being weaponized for combat drone operations

Feb 19, 2026 8:00 AM

Tags: attack, mobile, network, russia, ukraine

On June 1, 2025, Ukraine launched a coordinated drone strike on five airfields inside Russia, disabling or destroying aircrafts. The attack involved more than 100 drones … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/enea-mobile-connected-drones-report/
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

Feb 19, 2026 1:01 AM

Tags: access, attack, backdoor, china, control, credentials, dns, espionage, exploit, group, infrastructure, intelligence, malicious, monitoring, network, risk, risk-management, service, software, supply-chain, threat, ukraine, update, vulnerability

CSOonline, Ho said that no system can ever be declared absolutely unbreakable, “but the new design dramatically raises the bar.”An attacker must now compromise both the hosting infrastructure and the signing keys, he explained, adding that the updater now validates both the manifest and the installer, each with independent cryptographic signatures. And any mismatch, missing…
Newly identified hacking groups provide access to OT environments

Feb 17, 2026 5:58 PM

Tags: access, attack, group, hacking, ukraine

A state-linked adversary has begun to pivot from the Ukraine war with new attacks targeting Europe and the U.S. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/new-hacking-groups-access-ot-environments/812323/
Starlink restrictions hit Russian forces as Moscow seeks workarounds

Feb 16, 2026 7:58 PM

Tags: access, Internet, russia, service, ukraine

Ukraine’s security service said Russia was trying to recruit locals to help restore access to blocked Starlink satellite internet terminals. First seen on therecord.media Jump to article: therecord.media/starlink-restrictions-hit-russian-forces
Welche Länder sabotieren die Russen bevorzugt?

Feb 15, 2026 11:58 AM

Tags: cyberattack, germany, infrastructure, international, ukraine

In Deutschland fanden seit Beginn des Ukraine-Kriegs bis Ende 2024 die meisten Angriffe auf kritische Infrastruktur statt. Das ist ein Ergebnis einer Erhebung des Londoner Thinktanks International Institute for Strategic Studies (IISS [1]). Demzufolge gab es in Deutschland 12 physischen Angriffe auf Objekte, Dienste oder Personen. Es folgen Frankreich (11 Angriffe) und Polen (8 Angriffe)….…
Suspected Russian hackers deploy CANFAIL malware against Ukraine

Feb 14, 2026 12:58 PM

Tags: apt, attack, defense, google, government, group, hacker, intelligence, malware, military, russia, service, threat, ukraine

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Feb 13, 2026 6:58 PM

Tags: attack, defense, google, government, group, intelligence, malware, military, russia, threat, ukraine

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL.Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and First seen on…
Europe must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns

Feb 13, 2026 2:58 PM

Tags: cyber, defense, russia, threat, ukraine

Cyber and hybrid threats are now a permanent feature of Europe’s security environment, a senior Swedish defense official said, citing Russia’s full-scale invasion of Ukraine as a turning point. First seen on therecord.media Jump to article: therecord.media/sweden-cyber-threats-europe-permanent
Breach Roundup: Italy Thwarts Russian Olympic Hacks

Feb 6, 2026 12:16 AM

Tags: attack, breach, cyberattack, exploit, flaw, ivanti, microsoft, russia, supply-chain, ukraine

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, Ukraine. This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia’s APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace. First seen…
Ukraine tightens controls on Starlink terminals to counter Russian drones

Feb 4, 2026 6:14 PM

Tags: attack, control, Internet, military, russia, technology, ukraine

Ukraine has rolled out a verification system for Starlink satellite internet terminals used by civilians and the military after confirming that Russian forces have begun installing the technology on attack drones. First seen on therecord.media Jump to article: therecord.media/ukraine-tightens-starlink-controls-counter-russian-drones
Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks

Feb 3, 2026 8:13 PM

Tags: attack, control, email, exploit, flaw, group, malware, microsoft, office, russia, ukraine

A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania. First seen on hackread.com Jump to article: hackread.com/op-neusploit-russia-apt28-microsoft-office-malware/
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU

Feb 3, 2026 6:14 PM

Tags: attack, computer, cve, exploit, flaw, hacker, microsoft, office, russia, ukraine

Ukraine’s computer emergency response team, CERT-UA, said attackers began abusing the flaw, tracked as CVE-2026-21509, shortly after Microsoft disclosed it in early January. First seen on therecord.media Jump to article: therecord.media/russian-state-hackers-exploit-new-microsoft-flaw
APT28 Exploits Active Microsoft Office Zero-Day to Deliver Malware

Feb 3, 2026 11:13 AM

Tags: attack, cyber, exploit, group, malware, microsoft, office, russia, threat, ukraine, vulnerability, zero-day

The Russia-linked advanced persistent threat group APT28 has been observed actively exploiting a zero-day vulnerability in Microsoft Office to deliver malware through a sophisticated multi-stage attack campaign. Security researchers from Zscaler ThreatLabz identified this new operation, dubbed Operation Neusploit, targeting users across Central and Eastern Europe with weaponized RTF documents. The campaign specifically targeted Ukraine,…
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Feb 3, 2026 11:13 AM

Tags: attack, cve, espionage, exploit, flaw, group, hacking, malware, microsoft, office, russia, threat, ukraine

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania,…
APT28 Leverages CVE-2026-21509 in Operation Neusploit

Feb 3, 2026 8:13 AM

Tags: access, api, attack, backdoor, cloud, communications, control, cve, data, detection, email, encryption, endpoint, exploit, github, group, infection, malicious, malware, microsoft, office, open-source, phishing, russia, service, startup, threat, tool, ukraine, update, vulnerability, windows

IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
Russian hackers exploit recently patched Microsoft Office bug in attacks

Feb 2, 2026 11:14 PM

Tags: attack, computer, cve, exploit, hacker, microsoft, office, russia, ukraine, vulnerability

Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/
DynoWiper Malware Targets Energy Firms in Destructive Data-Wiping Attacks

Feb 2, 2026 11:14 PM

Tags: attack, cyber, data, malware, tactics, ukraine

A new data-wiping malware dubbed DynoWiper, deployed against an energy company in Poland in late December 2025. The malware’s tactics, techniques, and procedures closely mirror those observed in earlier ZOV wiper incidents in Ukraine, prompting ESET to attribute DynoWiper to Sandworm with medium confidence. Unlike ZOV, which carries a high-confidence Sandworm attribution, the lower confidence…
Russia-linked APT28 attackers already abusing new Microsoft Office zero-day

Feb 2, 2026 8:14 PM

Tags: exploit, microsoft, office, russia, ukraine, zero-day

Ukraine’s CERT says the bug went from disclosure to active exploitation in days First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/russialinked_apt28_microsoft_office_bug/
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks

Feb 2, 2026 2:13 PM

Tags: attack, cyber, exploit, flaw, group, hacking, microsoft, office, russia, ukraine, vulnerability

Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-exploits-office-flaw/
Latvia says Russia remains its top cyber threat as attacks hit record high

Jan 29, 2026 4:26 PM

Tags: attack, country, cyber, russia, service, threat, ukraine

In its annual report released this week, Latvia’s national security service, SAB, said 2025 marked an all-time high in registered cyber threats targeting the country, with activity surging significantly past levels seen before Russia’s invasion of Ukraine in 2022. First seen on therecord.media Jump to article: therecord.media/latvia-says-russia-remains-top-cyber-threat-record-attacks
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

Jan 26, 2026 11:21 AM

Tags: ai, backdoor, blockchain, hacker, india, intelligence, korea, malware, north-korea, phishing, powershell, russia, threat, tool, ukraine

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector.The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary’s expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check…
Poland’s energy grid was targeted by never-before-seen wiper malware

Jan 24, 2026 9:30 PM

Tags: attack, malware, russia, ukraine

Destructive payload unleashed on 10-year anniversary of Russia’s attack on Ukraine’s grid. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/wiper-malware-targeted-poland-energy-grid-but-failed-to-knock-out-electricity/
Germany expels Russian diplomat accused of spying on Ukraine war effort

Jan 23, 2026 2:30 PM

Tags: germany, russia, ukraine

“Russia’s aggressive actions have consequences,” Foreign Minister Johann Wadephul said after Germany announced a Russian diplomat had been expelled on suspicions of espionage. First seen on therecord.media Jump to article: therecord.media/germany-expels-russian-diplomat-accused-spying-ukraine-war
Ransomware ‘Most Wanted’: Cops Seek Head of Black Basta

Jan 19, 2026 10:13 PM

Tags: cybercrime, group, international, ransom, ransomware, russia, ukraine

Crackdown Targets Multiple Members of Cybercrime Group, Including ‘Hash Crackers’. Police raided two suspected members of the notorious Black Basta ransomware group – tied to over 600 victims worldwide and many millions in ransom payments – in Ukraine and issued an international arrest warrant for the Russian national suspected of being the operation’s founder and…
Law enforcement tracks ransomware group blamed for massive financial losses

Jan 19, 2026 1:13 PM

Tags: finance, germany, group, law, ransomware, russia, ukraine

Law enforcement agencies in Ukraine and Germany have identified two members of a Russian-affiliated ransomware group and carried out searches in western Ukraine. Search … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/19/international-ransomware-group-investigation-ukraine/
Suspects Linked to Black Basta Ransomware Group Raided in Ukraine

Jan 19, 2026 1:13 PM

Tags: group, interpol, ransomware, ukraine

Oleg Evgenievich Nefedov, allegedly one of the founders of Black Basta, was also placed on Europol’s and Interpol’s Most Wanted lists First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/suspects-black-basta-ransomware/
Fahndung nach Kopf von Black Basta

Jan 19, 2026 12:13 PM

Tags: cyberattack, extortion, germany, ransomware, ukraine

Das BKA und die ZIT fahnden nach dem mutmaßlichen Anführer der Ransomware-Gruppe Black Basta. Die Erpresserbande ist für zahlreiche Angriffe in Deutschland verantwortlich. Die Behörden gehen gegen Akteure der Ransomware-Gruppierung Black Basta vor. Dabei wurden Wohnräume in der Ukraine durchsucht und Beweismittel gesichert. Gegen den mutmaßlichen Kopf der Gruppierung wird mit Haftbefehl gefahndet, wie das Bundeskriminalamt…
EU and INTERPOL Hunt Black Basta Ransomware Kingpin, Suspects Identified in Ukraine

Jan 19, 2026 9:13 AM

Tags: group, international, interpol, law, ransomware, russia, service, ukraine

European and international law enforcement agencies have intensified their pursuit of individuals connected to the Black Basta ransomware operation. Authorities confirmed that the alleged leader of the Russia-linked ransomware-as-a-service (RaaS) group has been placed on both the European Union’s Most Wanted list and INTERPOL’s Red Notice, while Ukrainian and German investigators have identified two additional…
UkraineGermany operation targets Black Basta, Russian leader wanted

Jan 17, 2026 9:14 PM

Tags: germany, group, international, law, office, ransomware, russia, ukraine

Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader. >>The Office of…
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Jan 17, 2026 8:13 PM

Tags: group, interpol, law, ransomware, russia, service, ukraine

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (ÐÐµÑ„ÐµÐ´Ð¾Ð² ÐžÐ»ÐµÐ³ Ð•Ð²Ð³ÐµÐ½ÑŒÐµÐ²Ð¸Ñ‡), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities First seen on…