russia (156)

13551686071?profile=RESIZE_400xA Russian-linked hacktivist group known as NoName057(16) claimed responsibility for cyberattacks on several Romanian websites over the weekend, as voters headed to the polls to elect a new president.  Among the targets of the distributed denial-of-service (DDoS) attacks were the official websites of the Ministry of Foreign Affairs, the Romanian government, the Constitutional Court and several presidential candidates.

Romania’s National Directorate for Cyber Security (DNSC) confirmed the attacks,

13544090271?profile=RESIZE_400xAccording to the US Department of Justice, Ryan Mitchell Kramer has pleaded guilty to accessing a computer and obtaining information, and threatening to damage a protected computer, as well as to two felony charges that each carry a prison sentence of up to five years.  Kramer is behind the 2024 hack targeting The Walt Disney Company.  The media giant launched an investigation into the incident in July 2024, after a threat actor calling itself NullBulge announced the theft of 1.1 Tb of data from

13541168471?profile=RESIZE_400xFrance's foreign ministry explicitly accused Russia's GRU military intelligence agency on 29 April of mounting cyber-attacks on a dozen entities including ministries, defense firms and think tanks since 2021 to destabilize France.  The accusations, levelled at GRU unit APT28, which officials said was based in Rostov-on-Don in southern Russia, are not the first by a Western power, but it is the first time Paris has blamed the Russian state on the basis of its own intelligence.

The ministry said i

13538469687?profile=RESIZE_400xAccording to Dutch military intelligence, Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service.  "We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine," MIVD director Peter Reesink said in the agency's annual report.  In the Netherlands, we saw the first (Russian) cyber sabotage act against a public service, wi

13528388101?profile=RESIZE_400xRussian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices.  The suspects, whose identities remain undisclosed, were apprehended in the Saratov region. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs, being escorted by police officers.

According to the MVD, the trio is linked to over 300 cybercrime incidents. Authorities also seized co

13517251489?profile=RESIZE_400xWhen Russia launched its full-scale invasion of Ukraine in February 2022, it also ushered in a new era of warfare, one where cyberattacks were no longer a supporting act but a core component of battlefield operations.  This was the world’s first full-scale cyberwar, where digital operations were synchronized with kinetic strikes to disrupt, disable, and disorient the enemy.  For three years, Ukraine has defended itself not only on the battlefield but also in cyberspace, repelling relentless Russ

13462486067?profile=RESIZE_400xRussian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group.  These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe

13450849091?profile=RESIZE_400xComputers need electricity.  Without electricity, a country will effectively shut down.  In the near future EstoniaLatvia, and Lithuania will be officially severing their remaining electricity grid connections with Russia and Belarus, marking a significant step in their move away from Moscow’s influence nearly 35 years after leaving the Soviet Union.

This symbolic move, laden with geopolitical significance, accelerates a process that gained momentum following Russia’s invasion of Ukraine.  “Th

13450320484?profile=RESIZE_400xA Russian hacking campaign has exploited a vulnerability in a popular file archiver to infect Ukrainian government and private organizations with SmokeLoader malware, researchers have found.

The bug, tracked as CVE-2025-0411, was discovered in 7-Zip, a free and open-source file archiver developed by Russian programmer Igor Pavlov.  It was identified by researchers at Tokyo-based cybersecurity firm Trend Micro in September and patched two months later, giving hackers ample time to exploit it in t

13450347090?profile=RESIZE_400xEnterprise cybersecurity tools, such as routers, firewalls, and VPNs, exist to protect corporate networks from intruders and malicious hackers, something that is particularly important in today’s age of widespread remote and hybrid working. But while pitched as tools that help organizations stay safe from outside threats, many of these products have time and again been found to contain software bugs that allow malicious hackers to compromise the very networks these products were designed to prot

13407282094?profile=RESIZE_400xThe US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

13331638888?profile=RESIZE_400xThe Ukrainian security service (SBU) has uncovered a new suspected espionage campaign by Russian intelligence services involving the recruitment of Ukrainian teenagers for criminal activities disguised as "quest games."  During an operation in the northeastern city of Kharkiv, local law enforcement arrested two groups of alleged Russian Federal Security Service (FSB) agents, all of whom were 15- and 16-years-old.

The teenagers were allegedly tasked with carrying out espionage, directing missile

13110565861?profile=RESIZE_400xUkraine is accusing Google of exposing the locations of its military sites in recent updates to its online mapping service.  Andrii Kovalenko, the head of the counter-disinformation department at Ukraine's National Security and Defense Council, said the images were spotted last week and have already been “actively distributed” by Russians.  He did not provide further details about what was specifically revealed or how Moscow could use the obtained data.

Kovalenko said Google hasn’t yet fixed the

13074788297?profile=RESIZE_400xThe Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyber-attack campaign carried out by the APT28 threat group, also known as Fancy Bear.  This group is thought, with a high degree of confidence, to be affiliated with Russian military intelligence operations.  Here’s what we know so far and what you need to watch out for if you think you might be at risk of being targeted. 

The APT28 Fancy Bear Cyber Attack Campaign Warning From CERT-UA - The Ukr

13028514873?profile=RESIZE_400xRecently, the Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.  The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the disclosure reported.  The marketplace discontinued its operations in late 2023 following reports of service disruptions and exit

13027365063?profile=RESIZE_400xSome television stations and websites in Russia are offline for the second day in a row following what Moscow called an “unprecedented” attack on its digital infrastructure.  The disruption began on October 7, Russian President Vladimir Putin’s birthday.  Last week, Russian state-owned broadcaster VGTRK’s website and digital streaming services went off the air.  The affected outlets included radio stations and TV channels such as Russia-1 and Russia-24.  “Our state media holding, one of the larg

12941407654?profile=RESIZE_400xPoland’s security services reported that they had broken up an alleged cyber sabotage group linked to Russia and Belarus that had attempted to “paralyze” the country through cyberattacks.  The group, whose members were not publicly identified, extorted information from Polish local government agencies and state companies related to military and security matters, Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, said during a press briefing on 10 September 2024.  He referred to the group

12932620875?profile=RESIZE_400xThe US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.  GRU Unit 29155 cyber actors began deploying the destructi

12924237658?profile=RESIZE_400xThe first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.

Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware.  This threat group i

12912122879?profile=RESIZE_400xSo maybe China and Russia are not such good friends after all.  Cyber security researchers have uncovered an apparently new Advanced Persistent Threat (APT) group targeting Russian government entities, known as CloudSorcerer.  They use a sophisticated cyber espionage tool, discovered by investigators and reported in an advisory they published in June, and is designed for covert data collection and exfiltration, using Microsoft Graph, Yandex Cloud, and Dropbox for its command and control (C2) inf