Tag: russia
-
Russia jails hacker for two years over cyberattack on local tech company
by
in SecurityNewsA Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company. First seen on therecord.media Jump to article: therecord.media/russia-jails-hacker-over-cyberattack-on-tech-firm
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
by
in SecurityNewsA novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB
by
in SecurityNewsA former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused of smuggling sensitive trade secrets to Russia over a span of nearly nine years. The engineer, originally from Russia, reportedly transferred confidential information using USB drives while traveling regularly to Moscow, where authorities allege he received cash payments for his…
-
Surge in threat actors scanning Juniper, Cisco, and Palo Alto Networks devices
by
in SecurityNewsScanning for Palo Alto Networks portals: Meanwhile, researchers at GreyNoise this week reported seeing a recent significant surge in login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect portals. GlobalProtect is an endpoint application that allows employees to access a company’s resources remotely.Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access…
-
Operation HollowQuill Unveiled: Weaponized Documents Infiltrate Russia’s Defense Sector
by
in SecurityNewsA recent report by SEQRITE Labs APT-Team has shed light on a sophisticated campaign, dubbed Operation HollowQuill, targeting First seen on securityonline.info Jump to article: securityonline.info/operation-hollowquill-unveiled-weaponized-documents-infiltrate-russias-defense-sector/
-
US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs
by
in SecurityNewsRansomware gangs and Russian government hackers are increasingly turning to an old tactic called “fast flux” to hide the location of infrastructure used in cyberattacks. First seen on therecord.media Jump to article: therecord.media/us-australia-canada-warn-of-fast-flux-ransomware-rusia
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
by
in SecurityNewsA newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
by
in SecurityNewsA newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations
by
in SecurityNewsEvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This partnership has heightened the threat landscape, as both entities leverage advanced tools and techniques to target organizations across the globe. EvilCorp: A History of Cybercrime EvilCorp, led by Maksim Yakubets, has long been notorious…
-
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools
by
in SecurityNewsSeashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide. Associated with Russia’s Military Intelligence Unit 74455 (GRU), this group has been active since at least 2009, focusing on sectors such as energy, telecommunications, government, military, manufacturing, and retail. Their operations often involve long-term access…
-
Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware
by
in SecurityNewsThe cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/coquettte-hacker-malware-bph/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Emulating the Sophisticated Russian Adversary Seashell Blizzard
by
in SecurityNewsAttackIQ has released a new assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the sabotage-motivated Russian adversary Seashell Blizzard. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-sophisticated-russian-adversary-seashell-blizzard/
-
Hackers Exploit Cloudflare for Advanced Phishing Attacks
by
in SecurityNewsA sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes. Researchers at Hunt.io have identified this new wave of attacks, which employs Cloudflare-branded phishing pages and advanced tactics to evade detection. The campaign utilizes Cloudflare’s Pages.dev and Workers.dev platforms typically used…
-
Western cyber aid to Ukraine faces strain as Russia’s war drags on
by
in SecurityNewsAs the war between Russian and Ukraine continues, Western cyber support is waning, raising growing concerns about the long-term effectiveness of these efforts. First seen on therecord.media Jump to article: therecord.media/western-cyber-aid-to-ukraine-faces-strain-war-drags
-
DDoS-Angriff auf die russische Eisenbahn
by
in SecurityNewsDigital disruptions continue for Russian transportation, this time at state railway First seen on therecord.media Jump to article: therecord.media/russia-state-railway-rzd-ddos-website-app
-
Russia tightens cybersecurity measures as financial fraud hits record high
by
in SecurityNewsVladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers. First seen on therecord.media Jump to article: therecord.media/russia-tightens-cyber-measures-as-fraud-hits-record-high
-
Ukraine Blames Russia for Railway Hack, Labels It Act of Terrorism
by
in SecurityNewsThe CERT-UA investigation concluded that the attack’s techniques were “characteristic of Russian intelligence services” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ukraine-russia-railway-hack/
-
Digital disruptions continue for Russian transportation, this time at state railway
by
in SecurityNewsA day after an incident affected the Moscow subway system, Russian state railway RZD said a distributed denial-of-service (DDoS) attack disrupted its website and app. First seen on therecord.media Jump to article: therecord.media/russia-state-railway-rzd-ddos-website-app
-
Volume of attacks on network devices shows need to replace end of life devices quickly
by
in SecurityNews
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign
by
in SecurityNewsA recent report by Intrinsec has uncovered the activities of Russia-aligned intrusion sets, UAC-0050 and UAC-0006, which have First seen on securityonline.info Jump to article: securityonline.info/bulletproof-hosting-fuels-russia-linked-intrusion-sets-global-cyber-campaign/
-
Operation HollowQuill Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs to deliver Cobalt Strike malware implants. The campaign appears to focus on infiltrating critical institutions such as the Baltic State Technical University (BSTU…
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
by
in SecurityNewsRussian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…
-
News brief: China-linked APTs and Russian access broker
by
in SecurityNewsCheck out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366621697/News-brief-China-linked-APTs-and-Russian-access-broker
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
by
in SecurityNewsThe threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.”The threat actor deploys payloads primarily by means…
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
by
in SecurityNews
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine
by
in SecurityNewsWater Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive data, and maintain persistent control over infected machines. The exploit leverages custom payloads and advanced…
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
by
in SecurityNewsEntities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine
by
in SecurityNewsWater Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive data, and maintain persistent control over infected machines. The exploit leverages custom payloads and advanced…