russia
Russia warns financial sector of major IT service provider hack
Russia’s National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country’s credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. According to the bulletin, which was also published on the website of GosSOPKA (State System for Detection, Prevention, and Elimination of Consequences of Computer Attacks), the attack […]
Russian phishing campaigns exploit Signal’s device-linking feature
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorized access to accounts of interest. Over the past year, researchers observed phishing operations attributed to Russian state-aligned groups that used multiple methods to trick targets into linking their Signal account to a […]
Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat […]
BadPilot network hacking campaign fuels Russian SandWorm attacks
A subgroup of the Russian state-sponsored hacking group APT44, also known as ‘Seashell Blizzard’ and ‘Sandworm’, has been targeting critical organizations and governments in a multi-year campaign dubbed ‘BadPilot.’ The threat actor has been active since at least 2021 and is also responsible for breaching networks of organizations in energy, oil and gas, telecommunications, shipping, and […]
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. These attacks likely started in late 2023 and have now been linked by EclecticIQ threat analysts with Sandworm hackers based on overlapping infrastructure, consistent Tactics, Techniques and Procedures (TTPs), and frequently […]
US sanctions LockBit ransomware’s bulletproof hosting provider
The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. Two of its key administrators, Russian nationals Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, were also designated for their roles in directing Lockbit virtual currency transactions and […]
HPE notifies employees of data breach after Russian Office 365 hack
Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. According to filings with Attorney General offices in New Hampshire and Massachusets, HPE started sending the breach notification letters last month to at least 16 people who had their driver’s licenses, […]
7-Zip MotW bypass exploited in zero-day attacks against Ukraine
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. According to Trend Micro researchers, the flaw was used in SmokeLoader malware campaigns targeting the Ukrainian government and private organizations in the country. The Mark of the Web […]
EU sanctions Russian GRU hackers for cyberattacks against Estonia
The European Union sanctioned three hackers, part of Unit 29155 of Russia’s military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia’s government agencies in 2020. Today, the Council of the EU says that GRU officers Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov stole thousands of sensitive documents containing classified information after breaching several Estonian ministries. […]
US charges operators of cryptomixers linked to ransomware gangs
The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. Cryptocurrency mixers allow the mixing of deposited crypto assets among many wallet addresses to help obfuscate their source. The services then take a commission from […]