Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent … [Read more...] about Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
russian
Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, … [Read more...] about Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Mar 09, 2024NewsroomCyber Attack / Threat Intelligence Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is … [Read more...] about Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
Feb 15, 2024NewsroomMalware / Cyber Espionage The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023. "TinyTurla-NG, just like TinyTurla, is a small 'last chance' backdoor that is left behind to be used when all other … [Read more...] about Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those … [Read more...] about Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies
Dec 25, 2023NewsroomCyber Espionage / Malware The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia … [Read more...] about Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Dec 02, 2023NewsroomCybercrime / Malware A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev developed browser modifications and malicious … [Read more...] about Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Nov 18, 2023NewsroomCyber Attack / USB Worm Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon's (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, … [Read more...] about Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
Nov 10, 2023NewsroomCyber Warfare / Network Security The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google's Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems … [Read more...] about Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to "enable unauthorized access to … [Read more...] about Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military