X-Industry

The "coordinated" cyber-attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM.

Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber-attack targeting distributed energy resources (DERs).  "The attack affected communication and control systems at combined heat and power (C

Major sporting events are popular targets for cyber attackers.  There are therefore plenty of risks for the Winter Olympics, which will take place next month in the Italian cities of Milan and Cortina d’Ampezzo.  What can we expect from the digital battle taking place behind the scenes of the sport?  Unit 42 from Palo Alto Networks has provided an excellent overview.[1]

Critical infrastructure is under constant pressure both domestically and internationally.  Global events, from climate summits

UDPGangster is a UDP-based backdoor associated with the MuddyWater threat group, which is known for its cyber espionage operations across the Middle East and neighboring regions.  This malware enables remote control of compromised systems by allowing attackers to execute commands, exfiltrate files, and deploy additional payloads, all communicated through UDP channels designed to evade traditional network defenses.

Link to full report:  IR-26-021-002_UDPgangster.pdf

military

In July 2025, Russian President Vladimir Putin proudly added a new nuclear submarine, the Knyaz Pozharsky, to the country’s fleet. He celebrated it as proof that Russia could still build powerful weapons despite Western sanctions. But the celebration didn’t last long. Only days later, Ukrainian cyber experts managed to hack into Russian military networks. They stole and leaked secret documents that revealed the submarine’s technical details, including its design, systems, and crew infor

A new warning has been issued over continued disruptive cyber-attacks against UK organizations, with local government bodies and operators of critical national infrastructure remaining key targets.  Russian-aligned hacktivist groups are continuing to target UK and global organizations by attempting to disrupt operations, take websites offline and disable services.  The activity is largely focused on denial-of-service (DoS) attacks intended to overwhelm websites and online systems, preventing acc

US DHS, CISA, along with authoring organizations, assess pro-Russia hacktivist groups are conducting less sophisticated, lower-impact attacks against critical infrastructure entities, compared to advanced persistent threat (APT) groups.  These attacks use minimally secured, internet-facing virtual network computing (VNC) connections to infiltrate (or gain access to) OT control devices within critical infrastructure systems.  Pro-Russia hacktivist groups: Cyber Army of Russia Reborn (CARR), Z-Pen

Marquis Software Solutions is notifying banks and credit unions of a ransomware attack that leaked their customer data.  The Texas-based digital and physical marketing firm learned of the ransomware cyber-attack on 14 August 2025, after detecting suspicious activity on its network.  It responded by launching an investigation and notifying law enforcement.  The probe determined that the threat actor breached its SonicWall firewall to gain initial access.[1]

After gaining access, the attackers exf

A Chinese state-aligned threat actor may have been spying on Russia's government for years through its IT sector.  For all of the adversarial intelligence gathering going on in the world today, there is also plenty of spying among friends. Friendly nations, and friendly-ish nations like China and Russia, regularly use cyberspace against their allies to glean potentially valuable political or economic intelligence, gain advantages in strategic negotiations, or simply steal technology.

On 20 Novem

A series of big-game hunting incidents and double extortion attacks carried out by Kraken, a Russian-speaking operation that has emerged from the ashes of the HelloKitty cartel, was observed in August 2025 by Cisco Talos and detailed in an advisory published recently.  The group has been linked to intrusions where Server Message Block (SMB) flaws were abused for entry, followed using Cloudflare for persistence and SSH Filesystem (SSHFS) for data theft before encryption.  Kraken’s toolkit spans W

A China-linked hacking group known as APT31 has infiltrated Russia’s technology sector for years and quietly exfiltrated data from companies involved in government contracting and systems integration, according to a new report.  The campaign, which ran into this year, was “well-planned” and allowed intruders to remain undetected, Russian cybersecurity firm Positive Technologies said in research published on last week. 

Public reports of Chinese cyber operations against Russia are rare, given the

The Russian government's relationship with its cybercriminal ecosystem has transitioned from passive tolerance to active state management, marking a strategic shift. This report, covering 2024–2025, details the "Dark Covenant 3.0," characterized by selective enforcement, choreographed arrests, and direct coordination between criminal leaders and Russian intelligence intermediaries.

Insikt Group found that Russia leverages these criminal groups as geopolitical tools, with detentions and releases

Ukraine’s grain industry has become the latest target of the notorious Russian state-backed hacking unit Sandworm, amid Moscow's ongoing efforts to undermine the country’s wartime economy.  According to new research from the Slovak cybersecurity firm ESET, the Kremlin-linked group deployed multiple data-wiping malware strains against Ukrainian organizations in the grain, energy, logistics, and government sectors between June and September.  While wiper attacks have frequently hit Ukrainian infra

Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on 29 September 2025.  According to De Telegraaf, the two used a WiFi sniffer device near Europol and Eurojust offices, as well as the Canadian embassy in The Hague.  Europol has confirmed the reports, and a spokesperson acknowledged the incident, noting there are no signs of a compromise on the agency’s systems.  “We are in close contact with the Dutch authorities regarding this

A ransomware attack has forced drug research firm Inotiv to shut down critical systems, resulting in operational disruptions.  Inotiv is an analytical drug discovery and development service that works with various pharmaceutical companies.  It employs over 2,000 research specialists and reports an annual revenue of over $500 million.  According to a regulatory filing with the US Securities and Exchange Commission (SEC), Inotiv discovered the cyber attack on 8 August.  “On August 8, 2025, Inotiv,

Russian authorities shut down mobile internet services more than 2,000 times in July, which is a record monthly high, as Russia escalates its digital restrictions in the name of cyber security.  This presented through a report from the nonprofit Russian Internet Protection Society.  Local authorities often cut off access to the internet, citing “national security” amid Ukrainian drone attacks.   However, rights groups and digital watchdogs say many of the blackouts appear unrelated to any real t

The notorious Russian cyber-espionage gang known as Fancy Bear, also known as APT28, has increased its attacks against governments and military entities worldwide using new sophisticated cyber tools and technology.   Fancy Bear is perhaps best known in the United States for its hack and leak of Democratic National Committee emails in the lead-up to the 2016 presidential election.  Eleven Western countries have accused the hacking group of targeting defense, transport, and tech firms involved in

Ukrainian intelligence carried out a secret operation against Russian authorities in occupied Crimea. Over several days, Ukrainian cyber experts accessed and downloaded 100 terabytes of classified data from Russian-run government servers. After extracting the files, they completely erased the originals, leaving a major gap in Russian digital records.

The amount of data stolen, 100 terabytes which is massive.  That’s enough to fill more than 20,000 high-definition movies or store over 25 million

A new report from NATO’s Cooperative Cyber Defense Center of Excellence (CCDCOE) warns that global ports are vulnerable in the wake of escalating cyber threats.  The policy brief highlights that ports, which handle approximately 80% of international trade, “face unprecedented cybersecurity threats from state-linked actors” from Russia, Iran, and China.  These actors aim to disrupt operations and potentially inflict significant economic and military harm.

Ports serve as crucial nodes in NATO’s de

Hackers are targeting Russia’s industrial sector with a new spyware strain that steals sensitive internal documents, local researchers warned.  The campaign, which began in July 2024 and remains active, uses phishing emails disguised as fake contracts. Victims are urged to download a file via a malicious link, which infects their systems with previously unknown spyware called Batavia, according to a new report by Moscow-based cybersecurity firm Kaspersky.[1]

Link to full report:  IR-25-191-002_R

The International Criminal Court (ICC) suffered a sophisticated cyber-attack coinciding with the Hague NATO summit attended by US President Donald J. Trump, who pushed for increased defense spending among member countries.  Ironically, besides defense spending, the NATO summit also aimed to address measures to address cyber attacks. Meanwhile, Hague-based ICC said it immediately detected the cyber incident and promptly moved to contain the intrusion without divulging additional details.

The inte