russia
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]
Russian alcohol retailer WineLab closes stores after ransomware attack
WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. Its parent company, Novabev Group, informed earlier this week that hackers had breached its IT systems. “On July 14, the group was subjected to an […]
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
An international law enforcement operation dubbed “Operation Eastwood” has targeted the infrastructure and members of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe, Israel, and Ukraine. Operation Eastwood was led by Europol and Eurojust with support from 12 countries. It took place on July 15, 2025, and targeted the systems and […]
‘Batavia’ Windows spyware campaign targets dozens of Russian orgs
A previously undocumented spyware called ‘Batavia’ has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. The researchers believe the operation has been active since at least last year in July and is ongoing. Based on telemetry data, the phishing emails delivering Batavia have reached employees at several […]
Aeza Group sanctioned for hosting ransomware, infostealer servers
The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. The Treasury’s Office of Foreign Assets Control (OFAC) claims that Aeza’s services were utilized by the BianLian ransomware gang, […]
Russia’s throttling of Cloudflare makes sites inaccessible
Starting June 9, 2025, Russian internet service providers (ISPs) began throttling access to websites and services protected by Cloudflare, making sites inaccessible from the country. The throttling is so aggressive, reportedly only allowing users to download the first 16 KB of any web asset, that it effectively breaks most Cloudflare-backed sites for Russian netizens. Cloudflare […]
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its […]
Revil ransomware members released after time served on carding charges
Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. As they confirmed, Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev were involved in the Revil gang’s carding activities between October 2015 and January 2022, according to the Russian […]
Russian hackers bypass Gmail MFA using stolen app passwords
Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. The threat actor targeted well-known academics and critics of Russia in what is described as a “sophisticated and personalized novel social engineering attack” that did not rush the persons of […]
New PathWiper data wiper malware hits critical infrastructure in Ukraine
A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. The payload was deployed through a legitimate endpoint administration tool, indicating that attackers had achieved administrative access to the system through a prior compromise. Cisco Talos researchers who discovered the attack attributed […]