russia
Ukrainian hacker charged with helping Russian hacktivist groups
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. On Tuesday, 33-year-old Victoria Eduardovna Dubranova (also known as Vika, Tory, and SovaSonya) was arraigned on charges related to her alleged role in […]
Russia blocks FaceTime and Snapchat for alleged use by terrorists
Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. Roskomnadzor said that the two platforms are also being used to recruit criminals and to commit fraud and various other crimes targeting Russian citizens. “According to law enforcement […]
Russia blocks Roblox over distribution of LGBT “propaganda”
Roskomnadzor, Russia’s telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. “Roskomnadzor has restricted access to the American Internet service Roblox in connection with the revealed facts of mass and repeated dissemination of materials with propaganda and […]
Russian bulletproof hosting provider sanctioned over ransomware ties
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. BPH providers that lease servers to cybercriminals to help them hinder disruption efforts targeting their malicious activities, including phishing attacks, malware delivery, command and control operations, and illicit content […]
Yanluowang initial access broker pleaded guilty to ransomware attacks
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. According to a plea agreement signed by the defendant on October 29, first spotted by Court Watch editor Seamus Hughes, Aleksey Olegovich Volkov (who used the “chubaka.kor” and “nets” aliases) […]
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. Inside the virtual environment, the threat actor hosted its custom tools, the CurlyShell reverse shell and the CurlCat reverse proxy, which enabled operational stealth and communication. […]
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. The action was announced on Telegram by Irina Volk, a police general and official from the Russian Ministry of Internal Affairs. “A group of hackers who created the infamous ‘Meduza’ virus have been […]
Italian spyware vendor linked to Chrome zero-day attacks
A zero-day vulnerability in Google Chrome, exploited in Operation ForumTroll earlier this year, delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. Operation ForumTroll was uncovered by Kaspersky in March. The campaign targeted Russian organizations – media outlets, universities, research centers, government organizations, and financial institutions, with well-crafted invitations […]
Russian hackers evolve malware pushed in “I am not a robot” captchas
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. Also known as ColdRiver, UNC4057, and Callisto, the Star Blizzard threat group abandoned the LostKeys malware less than a week after researchers published their analysis and leveraged the […]
New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. The malware is targeting Russian users through Telegram channels and malicious websites that appear legitimate. It can steal SMS meessages call logs, notifications, take pictures, and even make phone calls. Malware researchers […]