11 Jul, 2026

Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks

Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. The hacking group tracked by Microsoft as Secret Blizzard (also known as Turla, Waterbug, and Venomous Bear) has been observed exploiting its adversary-in-the-middle (AiTM) position at the internet service provider (ISP) […]

3 mins read

Russian airline Aeroflot grounds dozens of flights after cyberattack

Aeroflot, Russia’s flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. Although official sources from Russia, like the General Prosecutor’s Office, did not attribute the attack to specific threat groups or even origin, responsibility was taken by Ukrainian and Belarusian hacktivist collectives ‘Silent Crow’ […]

2 mins read

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]

3 mins read

Russian alcohol retailer WineLab closes stores after ransomware attack

WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. Its parent company, Novabev Group, informed earlier this week that hackers had breached its IT systems. “On July 14, the group was subjected to an […]

2 mins read

Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group

An international law enforcement operation dubbed “Operation Eastwood” has targeted the infrastructure and members of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe, Israel, and Ukraine. Operation Eastwood was led by Europol and Eurojust with support from 12 countries. It took place on July 15, 2025, and targeted the systems and […]

3 mins read

‘Batavia’ Windows spyware campaign targets dozens of Russian orgs

A previously undocumented spyware called ‘Batavia’ has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. The researchers believe the operation has been active since at least last year in July and is ongoing. Based on telemetry data, the phishing emails delivering Batavia have reached employees at several […]

2 mins read

Aeza Group sanctioned for hosting ransomware, infostealer servers

The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. The Treasury’s Office of Foreign Assets Control (OFAC) claims that Aeza’s services were utilized by the BianLian ransomware gang, […]

2 mins read

Russia’s throttling of Cloudflare makes sites inaccessible

Starting June 9, 2025, Russian internet service providers (ISPs) began throttling access to websites and services protected by Cloudflare, making sites inaccessible from the country. The throttling is so aggressive, reportedly only allowing users to download the first 16 KB of any web asset, that it effectively breaks most Cloudflare-backed sites for Russian netizens. Cloudflare […]

2 mins read

APT28 hackers use Signal chats to launch new malware attacks on Ukraine

The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its […]

3 mins read

Revil ransomware members released after time served on carding charges

Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. As they confirmed, Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev were involved in the Revil gang’s carding activities between October 2015 and January 2022, according to the Russian […]

3 mins read