Ukraine
Ryuk ransomware’s initial access expert extradited to the U.S.
A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. The suspect is a 33-year-old foreign man who was arrested in April 2025 in his home in Kyiv at the request of the FBI. He was extradited to the United States […]
New PathWiper data wiper malware hits critical infrastructure in Ukraine
A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. The payload was deployed through a legitimate endpoint administration tool, indicating that attackers had achieved administrative access to the system through a prior compromise. Cisco Talos researchers who discovered the attack attributed […]
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. “The suspect illegally gained access to over 5,000 accounts belonging to clients of an international hosting company that provides server rental services for the operation of various websites […]
Ukraine claims it hacked Tupolev, Russia’s strategic warplane maker
The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia’s supersonic strategic bombers. According to Ukrainian news outlets, a source within GUR said the military intelligence hackers breached Tupolev’s systems and stole 4.4 gigabytes of classified information. This stolen data includes personal […]
Russian Laundry Bear cyberspies linked to Dutch Police hack
A previously unknown Russian-backed cyberespionage group tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. As the Dutch national police (Politie) revealed last year, the attackers stole work-related contact information of multiple officers, including names, email addresses, phone numbers, and, in some cases, private details. The Netherlands General Intelligence and […]
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States. Additionally, the hackers have been […]
North Korea ramps up cyberspying in Ukraine to assess war risk
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. The attackers use phishing emails that impersonate think tanks, referencing important political events or military developments to lure their targets. Proofpoint researchers who discovered the activity in February 2025 suggest that it’s likely an effort […]
Ukrainian extradited to US for Nefilim ransomware attacks
A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. The suspect, Artem Aleksandrovych Stryzhak, 35, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025. According to the U.S. Department of Justice, Stryzhak allegedly participated […]
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that […]
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. According to […]