Tag: russia
-
Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign
by
in SecurityNewsA recent report by Intrinsec has uncovered the activities of Russia-aligned intrusion sets, UAC-0050 and UAC-0006, which have First seen on securityonline.info Jump to article: securityonline.info/bulletproof-hosting-fuels-russia-linked-intrusion-sets-global-cyber-campaign/
-
Operation HollowQuill Weaponized PDFs Deliver a Cobalt Strike Malware Into Gov Military Networks
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs to deliver Cobalt Strike malware implants. The campaign appears to focus on infiltrating critical institutions such as the Baltic State Technical University (BSTU…
-
Russian Hackers Leverage Bulletproof Hosting to Shift Network Infrastructure
by
in SecurityNewsRussian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructure, enabling sophisticated campaigns involving financial theft, espionage, and psychological operations. UAC-0050, linked to Russian law enforcement agencies, has transitioned to deploying NetSupport…
-
News brief: China-linked APTs and Russian access broker
by
in SecurityNewsCheck out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366621697/News-brief-China-linked-APTs-and-Russian-access-broker
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
by
in SecurityNewsThe threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.”The threat actor deploys payloads primarily by means…
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
by
in SecurityNews
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine
by
in SecurityNewsWater Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive data, and maintain persistent control over infected machines. The exploit leverages custom payloads and advanced…
-
Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine
by
in SecurityNewsWater Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) to compromise Windows systems. This vulnerability, embedded in the Microsoft Management Console (MSC) framework, allows attackers to execute malicious code remotely, exfiltrate sensitive data, and maintain persistent control over infected machines. The exploit leverages custom payloads and advanced…
-
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
by
in SecurityNewsEntities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.”The file names use Russian words related to the movement of troops in Ukraine as a lure,” Cisco Talos researcher Guilherme Venere said in a report published last week. “The PowerShell downloader contacts geo-fenced…
-
Gamaredon Exploits Troop Movement Lures to Spread Remcos via DLL Sideloading
A new targeted malware campaign linked to the Russian state-aligned group Gamaredon is exploiting Windows shortcut (.LNK) files First seen on securityonline.info Jump to article: securityonline.info/gamaredon-exploits-troop-movement-lures-to-spread-remcos-via-dll-sideloading/
-
Russian Intelligence Impersonates CIA in Phishing Attacks
by
in SecurityNewsSilent Push Threat Analysts uncover a multi-cluster phishing operation leveraging fake CIA and anti-Putin group websites to harvest First seen on securityonline.info Jump to article: securityonline.info/russian-intelligence-impersonates-cia-in-phishing-attacks/
-
Firefox fixes flaw similar to Chrome zero-day used against Russian organizations
by
in SecurityNewsDevelopers of Mozilla’s Firefox say that reports on a Google Chrome zero-day vulnerability led them to find a similar bug for the Windows version of their browser. First seen on therecord.media Jump to article: therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
-
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows First seen on theregister.com Jump to article: www.theregister.com/2025/03/28/google_kaspersky_mozilla/
-
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
by
in SecurityNewsThe phishing campaign is highly sophisticated! First seen on hackread.com Jump to article: hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/
-
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
by
in SecurityNewsFirefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/firefox-affected-by-flaw-similar-to-chrome-zero-day-exploited-in-russia/
-
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
by
in SecurityNewsIn a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be orchestrated by Russian Intelligence Services or aligned actors, utilizes a network of fraudulent websites to…
-
Leaked Black Basta chat logs indicate ties to Russian officials
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/leaked-black-basta-chat-logs-indicate-ties-to-russian-officials
-
Russian internet provider purportedly breached by Ukrainian hacktivists
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/russian-internet-provider-purportedly-breached-by-ukrainian-hacktivists
-
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
by
in SecurityNewsRussian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users. First seen on therecord.media Jump to article: therecord.media/mamont-banking-malware-arrests-russia
-
Russian Espionage Group Using Ransomware in Attacks
by
in SecurityNewsRussian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-espionage-group-using-ransomware-in-attacks/
-
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
by
in SecurityNews“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday. First seen on therecord.media Jump to article: therecord.media/russian-media-academia-targeted-in-espionage-campaign
-
Cyberangriff auf ein Mineralöl-Unternehmen in Russland
by
in SecurityNewsRussian Lukoil hit by large-scale cyberattack First seen on newsukraine.rbc.ua Jump to article: newsukraine.rbc.ua/news/russian-lukoil-hit-by-large-scale-cyberattack-1742981848.html
-
Raspberry Robin: From Copy Shop Worm to Russian GRU Cyber Tool
Raspberry Robin, also known as Roshtyak or Storm-0856, has evolved from a simple worm targeting copy shops to First seen on securityonline.info Jump to article: securityonline.info/raspberry-robin-from-copy-shop-worm-to-russian-gru-cyber-tool/
-
Russian threat actor weaponized Microsoft Management Console flaw
by
in SecurityNewsA threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russian-threat-actor-weaponizing-microsoft-management-console-zero-day/743558/
-
CVE-2025-2783: Chrome Zero-Day Targets Russian Organizations
by
in SecurityNewsGoogle Issues Emergency Patch for Chrome Zero-Day Exploit Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-2783-chrome-zero-day/
-
Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine
by
in SecurityNewsThe campaign was identified during an investigation into a Bulgarian woman accused of spying for Russia earlier this year. First seen on therecord.media Jump to article: therecord.media/austria-uncovers-russian-disinfo-campaign
-
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
by
in SecurityNewsExploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-ransomware-gang-exploited-windows-zero-day-before-patch/
-
Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
by
in SecurityNewsTrend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework. The vulnerability, dubbed MSC EvilTwin (CVE-2025-26633), allows attackers to execute malicious code on infected machines. The attack manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and…