Tag: blizzard
-
Russia-linked APT29 group used red team tools in rogue RDP attacks
by
in SecurityNewsRussia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The…
-
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/midnight-blizzard-taps-phishing-email-rogue-rdp-nets
-
Russian APT >>Secret Blizzard<< Leverages Cybercriminal Tools in Ukraine Attacks
by
in SecurityNewsA new report from Microsoft Threat Intelligence reveals that the Russian state-sponsored threat actor known as Secret Blizzard (also tracked as Turla, Waterbug, Venomous Bear, Snake, Turla Team, and Turla... First seen on securityonline.info Jump to article: securityonline.info/russian-apt-secret-blizzard-leverages-cybercriminal-tools-in-ukraine-attacks/
-
Russia Used Borrowed Spyware to Target Ukrainian Troops
by
in SecurityNewsSecret Blizzard Used Third-party Amadey Bots to Hack Ukrainian Military Devices. A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian military units, according to a report from the Microsoft threat intelligence team. First seen on…
-
For Russian spies, existing cybercrime tools become avenues into Ukrainian military devices
by
in SecurityNewsA Kremlin-backed group tracked as Secret Blizzard or Turla recently used existing cybercrime infrastructure for an espionage campaign aimed at Ukrainian military devices.]]> First seen on therecord.media Jump to article: therecord.media/turla-secret-blizzard-russia-espionage-ukraine-cybercrime-tools
-
Russia takes unusual route to hack Starlink-connected devices in Ukraine
by
in SecurityNewsSecret Blizzard has used the resources of at least 6 other groups in the past 7 years. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/12/russia-takes-unusual-route-to-hack-starlink-connected-devices-in-ukraine/
-
Russian cyber spies hide behind other hackers to target Ukraine
by
in SecurityNewsRussian cyber-espionage group Turla, aka “Secret Blizzard,” is utilizing other threat actors’ infrastructure to target Ukrainian military devices connected via Starlink. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-cyber-spies-hide-behind-other-hackers-to-target-ukraine/
-
Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication
by
in SecurityNewsSecret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to the Pakistani group Storm-0156, which allows Secret Blizzard to access networks of Afghan government entities and Pakistani operators. They have deployed their own malware, TwoDash and Statuezy, and leveraged Storm-0156’s malware, Waiscot and CrimsonRAT, to gather intelligence on targeted networks, which…
-
Russian Hacker Secret Blizzard Hijack C2 Infrastructure in New Espionage Campaign
by
in SecurityNewsLumen’s Black Lotus Labs has uncovered an elaborate campaign by the Russian threat actor Secret Blizzard (also known as Turla). This operation demonstrates their signature tradecraft of hijacking other groups’... First seen on securityonline.info Jump to article: securityonline.info/russian-hacker-secret-blizzard-hijack-c2-infrastructure-in-new-espionage-campaign/
-
Russian FSB Hackers Breach Pakistani APT Storm-0156
by
in SecurityNewsParasitic advanced persistent threat (APT) Secret Blizzard accessed another APT’s infrastructure, and stole the same kinds of info it targets in South Asian government and military victims. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156
-
Russian Hackers Exploit Rival Attackers’ Infrastructure for Espionage
by
in SecurityNews
Tags: apt, blizzard, cyber, cybercrime, espionage, exploit, hacker, infrastructure, microsoft, russiaMicrosoft has found that Russian APT Secret Blizzard piggybacks on other cybercriminals’ infr4asytructure to conduct cyber espionage First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russia-hackers-exploit-rival/
-
Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors
by
in SecurityNewsRussia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla,Snake,Uroburos,Waterbug,Venomous BearandKRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the…
-
Russian FSB Hackers Breach Pakistan’s APT Storm-0156
by
in SecurityNewsParasitic advanced persistent threat Secret Blizzard accesses another APT’s infrastructure and steals what it has stolen from South Asian government and military targets. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156
-
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
by
in SecurityNewsFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/
-
Faraway Russian hackers breached US organization via Wi-Fi
by
in SecurityNewsForest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/25/enterprise-wi-fi-compromised/
-
‘Midnight Blizzard’ Targets Networks With Signed RDP Files
by
in SecurityNewsThe Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operatio… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/midnight-blizzard-targets-networks-signed-rdp-files
-
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations
by
in SecurityNewsFirst seen on techrepublic.com Jump to article: www.techrepublic.com/article/midnight-blizzard-spearphishing-us-officials/
-
Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files
by
in SecurityNewsResearchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks inv… First seen on gbhackers.com Jump to article: gbhackers.com/midnight-blizzard-rdp-attack/
-
Microsoft files lawsuit to seize domains used by Russian spooks
by
in SecurityNewsMicrosoft has been given permission to seize multiple domains used by the Russian state threat actor Star Blizzard as part of a coordinated disruption… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366612872/Microsoft-files-lawsuit-to-seize-domains-used-by-Russian-spooks
-
A Deep-Dive into Russian Midnight Blizzard’s Campaign that Targeted Ukrainian Military, Government
by
in SecurityNewsA concerning wave of cyberattacks has been initiated by the Russian threat actor known as Midnight Blizzard. Since October 22, 2024, this group, ident… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/midnight-blizzard-cyberattacks/
-
Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files
by
in SecurityNews
Tags: blizzardFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apt29-spearphishing-thousands-rdp/
-
Midnight Blizzard Targets 100+ Organizations in RDP Phishing Attack
by
in SecurityNewsMicrosoft Threat Intelligence has issued a warning about a new spear-phishing campaign orchestrated by the Russian state-sponsored threat actor Midnig… First seen on securityonline.info Jump to article: securityonline.info/midnight-blizzard-targets-100-organizations-in-rdp-phishing-attack/
-
Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
by
in SecurityNewsMicrosoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scal… First seen on securityaffairs.com Jump to article: securityaffairs.com/170398/apt/midnight-blizzard-apt-targeted-100-organizations.html
-
Global Midnight Blizzard spear-phishing operation underway
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/global-midnight-blizzard-spear-phishing-operation-underway
-
Midnight Blizzard uses RDP to target 100 organizations in US, Europe
by
in SecurityNews
Tags: blizzardFirst seen on scworld.com Jump to article: www.scworld.com/news/midnight-blizzard-uses-rdp-to-target-100-organizations-in-us-and-europe
-
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations
by
in SecurityNewsMicrosoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group. The post Microsoft Warn… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-warns-of-russian-spear-phishing-attacks-targeting-over-100-organizations/
-
Russian hackers deliver malicious RDP configuration files to thousands
by
in SecurityNews
Tags: blizzard, cyber, espionage, government, group, hacker, intelligence, malicious, russia, serviceMidnight Blizzard a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) is targeting government, academia, de… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/30/midnight-blizzard-spearphishing-rdp-file/
-
Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/russia-midnight-blizzard-hackers-target-government-sector