X-Industry

Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices.  The suspects, whose identities remain undisclosed, were apprehended in the Saratov region. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs, being escorted by police officers.

According to the MVD, the trio is linked to over 300 cybercrime incidents. Authorities also seized co

When Russia launched its full-scale invasion of Ukraine in February 2022, it also ushered in a new era of warfare, one where cyberattacks were no longer a supporting act but a core component of battlefield operations.  This was the world’s first full-scale cyberwar, where digital operations were synchronized with kinetic strikes to disrupt, disable, and disorient the enemy.  For three years, Ukraine has defended itself not only on the battlefield but also in cyberspace, repelling relentless Russ

Russian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group.  These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe

Computers need electricity.  Without electricity, a country will effectively shut down.  In the near future Estonia, Latvia, and Lithuania will be officially severing their remaining electricity grid connections with Russia and Belarus, marking a significant step in their move away from Moscow’s influence nearly 35 years after leaving the Soviet Union.

This symbolic move, laden with geopolitical significance, accelerates a process that gained momentum following Russia’s invasion of Ukraine.  “Th

A Russian hacking campaign has exploited a vulnerability in a popular file archiver to infect Ukrainian government and private organizations with SmokeLoader malware, researchers have found.

The bug, tracked as CVE-2025-0411, was discovered in 7-Zip, a free and open-source file archiver developed by Russian programmer Igor Pavlov.  It was identified by researchers at Tokyo-based cybersecurity firm Trend Micro in September and patched two months later, giving hackers ample time to exploit it in t

Enterprise cybersecurity tools, such as routers, firewalls, and VPNs, exist to protect corporate networks from intruders and malicious hackers, something that is particularly important in today’s age of widespread remote and hybrid working. But while pitched as tools that help organizations stay safe from outside threats, many of these products have time and again been found to contain software bugs that allow malicious hackers to compromise the very networks these products were designed to prot

The US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

The Ukrainian security service (SBU) has uncovered a new suspected espionage campaign by Russian intelligence services involving the recruitment of Ukrainian teenagers for criminal activities disguised as "quest games."  During an operation in the northeastern city of Kharkiv, local law enforcement arrested two groups of alleged Russian Federal Security Service (FSB) agents, all of whom were 15- and 16-years-old.

The teenagers were allegedly tasked with carrying out espionage, directing missile

Ukraine is accusing Google of exposing the locations of its military sites in recent updates to its online mapping service.  Andrii Kovalenko, the head of the counter-disinformation department at Ukraine's National Security and Defense Council, said the images were spotted last week and have already been “actively distributed” by Russians.  He did not provide further details about what was specifically revealed or how Moscow could use the obtained data.

Kovalenko said Google hasn’t yet fixed the

The Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyber-attack campaign carried out by the APT28 threat group, also known as Fancy Bear.  This group is thought, with a high degree of confidence, to be affiliated with Russian military intelligence operations.  Here’s what we know so far and what you need to watch out for if you think you might be at risk of being targeted. 

The APT28 Fancy Bear Cyber Attack Campaign Warning From CERT-UA - The Ukr

Recently, the Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.  The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the disclosure reported.  The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit

Some television stations and websites in Russia are offline for the second day in a row following what Moscow called an “unprecedented” attack on its digital infrastructure.  The disruption began on October 7, Russian President Vladimir Putin’s birthday.  Last week, Russian state-owned broadcaster VGTRK’s website and digital streaming services went off the air.  The affected outlets included radio stations and TV channels such as Russia-1 and Russia-24.  “Our state media holding, one of the larg

Poland’s security services reported that they had broken up an alleged cyber sabotage group linked to Russia and Belarus that had attempted to “paralyze” the country through cyberattacks.  The group, whose members were not publicly identified, extorted information from Polish local government agencies and state companies related to military and security matters, Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, said during a press briefing on 10 September 2024.  He referred to the group

The US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.  GRU Unit 29155 cyber actors began deploying the destructi

The first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.

Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware.  This threat group i

So maybe China and Russia are not such good friends after all.  Cyber security researchers have uncovered an apparently new Advanced Persistent Threat (APT) group targeting Russian government entities, known as CloudSorcerer.  They use a sophisticated cyber espionage tool, discovered by investigators and reported in an advisory they published in June, and is designed for covert data collection and exfiltration, using Microsoft Graph, Yandex Cloud, and Dropbox for its command and control (C2) inf

As the US National Elections are coming quickly, all US eyes are on Russia and Iran to watch for an increase of cyber-attacks, aimed at the election process.  Russia remains the top source of troll networks disrupted on Facebook and Instagram, with Iran close behind, according to a threat report by social media giant Meta.  The company’s latest quarterly review, released on Thursday, states it has disrupted 39 covert influence operations originating in Russia since 2017, followed by 30 from Iran

Russia's Kursk region was hit by a “massive” distributed denial-of-service (DDoS) attack on 15 August amid Ukraine’s surprise cross-border incursion, Kursk state officials said in a statement.  The unnamed hackers targeted government and business websites, as well as critical infrastructure services, making some of them temporarily unavailable, state media reported.

Data shared by Internet monitoring service NetBlocks shows “sporadic disruptions to internet connectivity in and around Kursk,” lik

Cyber-spies suspected of connections with China have infected "dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky.  The Russia-based security biz claimed the malware used in the ongoing, targeted attacks, called EastWind, has links to two China-nexus groups tracked as APT27 and APT31. 

After gaining initial access to their victims' devices via phishing emails, the attackers used various cloud services

Researchers have discovered a new malware variant likely used in an attack this January against an energy company in western Ukraine that left 600 households without heat amid freezing temperatures.  The tool, called FrostyGoop, is one of only a few malware strains ever discovered in the wild that can interact directly with industrial control systems and have a physical effect on the hardware used by targeted enterprises, according to researchers at industrial cybersecurity firm Dragos, which di