russia
Denmark blames Russia for destructive cyberattack on water utility
Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark’s critical infrastructure, as part of Moscow’s hybrid attacks against Western nations. In a Thursday statement, the Danish Defence Intelligence Service (DDIS) identified two groups operating on behalf of the Russian state: Z-Pentest, linked to the destructive water-utility attack, and NoName057(16), flagged as responsible for the […]
Amazon disrupts Russian GRU hackers attacking edge network devices
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers’ cloud infrastructure. The cloud services provider observed a focus on Western critical infrastructure, especially the energy sector, in activity that started in 2021. Over time, the threat actor pivoted from exploiting […]
Ukrainian hacker charged with helping Russian hacktivist groups
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. On Tuesday, 33-year-old Victoria Eduardovna Dubranova (also known as Vika, Tory, and SovaSonya) was arraigned on charges related to her alleged role in […]
Russia blocks FaceTime and Snapchat for alleged use by terrorists
Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. Roskomnadzor said that the two platforms are also being used to recruit criminals and to commit fraud and various other crimes targeting Russian citizens. “According to law enforcement […]
Russia blocks Roblox over distribution of LGBT “propaganda”
Roskomnadzor, Russia’s telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. “Roskomnadzor has restricted access to the American Internet service Roblox in connection with the revealed facts of mass and repeated dissemination of materials with propaganda and […]
Russian bulletproof hosting provider sanctioned over ransomware ties
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. BPH providers that lease servers to cybercriminals to help them hinder disruption efforts targeting their malicious activities, including phishing attacks, malware delivery, command and control operations, and illicit content […]
Yanluowang initial access broker pleaded guilty to ransomware attacks
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. According to a plea agreement signed by the defendant on October 29, first spotted by Court Watch editor Seamus Hughes, Aleksey Olegovich Volkov (who used the “chubaka.kor” and “nets” aliases) […]
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. Inside the virtual environment, the threat actor hosted its custom tools, the CurlyShell reverse shell and the CurlCat reverse proxy, which enabled operational stealth and communication. […]
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. The action was announced on Telegram by Irina Volk, a police general and official from the Russian Ministry of Internal Affairs. “A group of hackers who created the infamous ‘Meduza’ virus have been […]
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome, exploited in Operation ForumTroll earlier this year, delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. Operation ForumTroll was uncovered by Kaspersky in March. The campaign targeted Russian organizations – media outlets, universities, research centers, government organizations, and financial institutions, with well-crafted invitations […]