russia
Russia to enforce location tracking app on all foreigners in Moscow
The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. The new proposal was announced by the chairman of the State Duma, Vyacheslav Volodin, who presented it as a measure to tackle migrant crimes. “The adopted mechanism will allow, using modern technologies, […]
Government webmail hacked via XSS bugs in global spy campaign
Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. ESET researchers who uncovered the operation attribute it with medium confidence to the Russian state-sponsored hackers APT28 (aka “Fancy Bear” or “Sednit”). The campaign started in 2023 and continued with the adoption of new exploits […]
Google links new LostKeys data theft malware to Russian cyberspies
Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. In December, the United Kingdom and Five Eyes allies linked ColdRiver to Russia’s Federal Security Service (FSB), the country’s counterintelligence and internal security service. […]
Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. The situation was acknowledged via a statement by the country’s National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice. “This week, several Dutch organizations have been targeted […]
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. “France condemns in the strongest terms the use by the Russian military intelligence service (GRU) of the APT28 attack procedure, which has led to several […]
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that […]
Russian army targeted by new Android malware hidden in mapping app
A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. Attackers promote the trojanized app as a free, cracked version of the premium Alpine Quest Pro, using Telegram channels and Russian app catalogs for distribution. […]
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers at Kaspersky’s Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word document, which downloaded second-stage […]
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. Midnight Blizzard, aka ‘Cozy Bear’ or ‘APT29,’ is a state-sponsored cyberespionage group linked to Russia’s Foreign Intelligence Service (SVR). According to Check Point Research, the new campaign introduces a previously unseen malware loader called ‘GrapeLoader,’ and a […]
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. According to […]