russia
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. In a new report from Russian mobile security firm Dr. Web, researchers track the new spyware as ‘Android.Backdoor.916.origin,’ finding no links to known malware families. Among its various […]
FBI warns of Russian hackers exploiting 7-year-old Cisco flaw
The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia’s Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices. The FBI’s public service announcement states that the state-backed hacking group, linked to the FSB’s Center 16 unit and tracked as Berserk Bear (also known as […]
Pro-Russian hackers blamed for water dam sabotage in Norway
The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves. The attack occurred in April and is thought to have been a demonstration of Russia’s ability to remotely hack critical infrastructure in the country. At the Arendalsuka annual national forum in the city […]
Curly COMrades cyberspies hit govt orgs with custom malware
A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. The threat actor’s operations appear to support Russian interests by targeting government and judicial bodies in Georgia, and energy firms in Moldova. The attacker is currently tracked as Curly COMrades and has been active since […]
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian ‘RomCom’ hacking group to drop different malware payloads. RomCom (aka Storm-0978 and Tropical Scorpius) is a Russian cyberespionage threat group with a history in zero-day exploitation, including in Firefox (CVE-2024-9680, CVE-2024-49039) and Microsoft Office (CVE-2023-36884). ESET […]
Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. The hacking group tracked by Microsoft as Secret Blizzard (also known as Turla, Waterbug, and Venomous Bear) has been observed exploiting its adversary-in-the-middle (AiTM) position at the internet service provider (ISP) […]
Russian airline Aeroflot grounds dozens of flights after cyberattack
Aeroflot, Russia’s flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. Although official sources from Russia, like the General Prosecutor’s Office, did not attribute the attack to specific threat groups or even origin, responsibility was taken by Ukrainian and Belarusian hacktivist collectives ‘Silent Crow’ […]
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]
Russian alcohol retailer WineLab closes stores after ransomware attack
WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. Its parent company, Novabev Group, informed earlier this week that hackers had breached its IT systems. “On July 14, the group was subjected to an […]
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
An international law enforcement operation dubbed “Operation Eastwood” has targeted the infrastructure and members of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe, Israel, and Ukraine. Operation Eastwood was led by Europol and Eurojust with support from 12 countries. It took place on July 15, 2025, and targeted the systems and […]