russia (162)

13658418677?profile=RESIZE_400xHackers are targeting Russia’s industrial sector with a new spyware strain that steals sensitive internal documents, local researchers warned.  The campaign, which began in July 2024 and remains active, uses phishing emails disguised as fake contracts. Victims are urged to download a file via a malicious link, which infects their systems with previously unknown spyware called Batavia, according to a new report by Moscow-based cybersecurity firm Kaspersky.[1]

Link to full report:  IR-25-191-002_R

13650201278?profile=RESIZE_400xThe International Criminal Court (ICC) suffered a sophisticated cyber-attack coinciding with the Hague NATO summit attended by US President Donald J. Trump, who pushed for increased defense spending among member countries.  Ironically, besides defense spending, the NATO summit also aimed to address measures to address cyber attacks. Meanwhile, Hague-based ICC said it immediately detected the cyber incident and promptly moved to contain the intrusion without divulging additional details.

The inte

13644803664?profile=RESIZE_400xSince 9 June 2025, Internet users located in Russia and connecting to web services protected by Cloudflare have been throttled by Russian Internet Service Providers (ISPs).  As the throttling is being applied by local ISPs, the action is outside of Cloudflare’s control and we are unable, at this time, to restore reliable, high-performance access to Cloudflare products and protected websites for Russian users in a lawful manner.  Internal data analysis suggests that the throttling allows Internet

13644107656?profile=RESIZE_400xThe current ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.  "In the cyber world, there's no such thing as a ceasefire," he recently said.  “If we see something in cyberspace that can disrupt us, we're going to attack it first, and we have that under US Cyber Command's mission

Bolukbas is chief technology officer and founder of Black Kite, a cyber-risk

13570270684?profile=RESIZE_400xDutch intelligence agencies and Microsoft report that a novel Russian state intelligence hacking group is likely purchasing stolen credentials from criminal marketplaces to gain entry to North American and European networks.   In coordinated disclosure recently, the Dutch government and Microsoft stated this group of government-linked hackers has been active since 2024 and has "a specific interest in European Union and NATO member states."  Dutch agencies said the group, which they named "Laundr

13563077261?profile=RESIZE_400xThis US cyber security advisory sent through CISA highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 2616

13551686071?profile=RESIZE_400xA Russian-linked hacktivist group known as NoName057(16) claimed responsibility for cyberattacks on several Romanian websites over the weekend, as voters headed to the polls to elect a new president.  Among the targets of the distributed denial-of-service (DDoS) attacks were the official websites of the Ministry of Foreign Affairs, the Romanian government, the Constitutional Court and several presidential candidates.

Romania’s National Directorate for Cyber Security (DNSC) confirmed the attacks,

13544090271?profile=RESIZE_400xAccording to the US Department of Justice, Ryan Mitchell Kramer has pleaded guilty to accessing a computer and obtaining information, and threatening to damage a protected computer, as well as to two felony charges that each carry a prison sentence of up to five years.  Kramer is behind the 2024 hack targeting The Walt Disney Company.  The media giant launched an investigation into the incident in July 2024, after a threat actor calling itself NullBulge announced the theft of 1.1 Tb of data from

13541168471?profile=RESIZE_400xFrance's foreign ministry explicitly accused Russia's GRU military intelligence agency on 29 April of mounting cyber-attacks on a dozen entities including ministries, defense firms and think tanks since 2021 to destabilize France.  The accusations, levelled at GRU unit APT28, which officials said was based in Rostov-on-Don in southern Russia, are not the first by a Western power, but it is the first time Paris has blamed the Russian state on the basis of its own intelligence.

The ministry said i

13538469687?profile=RESIZE_400xAccording to Dutch military intelligence, Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service.  "We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine," MIVD director Peter Reesink said in the agency's annual report.  In the Netherlands, we saw the first (Russian) cyber sabotage act against a public service, wi

13528388101?profile=RESIZE_400xRussian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices.  The suspects, whose identities remain undisclosed, were apprehended in the Saratov region. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs, being escorted by police officers.

According to the MVD, the trio is linked to over 300 cybercrime incidents. Authorities also seized co

13517251489?profile=RESIZE_400xWhen Russia launched its full-scale invasion of Ukraine in February 2022, it also ushered in a new era of warfare, one where cyberattacks were no longer a supporting act but a core component of battlefield operations.  This was the world’s first full-scale cyberwar, where digital operations were synchronized with kinetic strikes to disrupt, disable, and disorient the enemy.  For three years, Ukraine has defended itself not only on the battlefield but also in cyberspace, repelling relentless Russ

13462486067?profile=RESIZE_400xRussian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group.  These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe

13450849091?profile=RESIZE_400xComputers need electricity.  Without electricity, a country will effectively shut down.  In the near future EstoniaLatvia, and Lithuania will be officially severing their remaining electricity grid connections with Russia and Belarus, marking a significant step in their move away from Moscow’s influence nearly 35 years after leaving the Soviet Union.

This symbolic move, laden with geopolitical significance, accelerates a process that gained momentum following Russia’s invasion of Ukraine.  “Th

13450320484?profile=RESIZE_400xA Russian hacking campaign has exploited a vulnerability in a popular file archiver to infect Ukrainian government and private organizations with SmokeLoader malware, researchers have found.

The bug, tracked as CVE-2025-0411, was discovered in 7-Zip, a free and open-source file archiver developed by Russian programmer Igor Pavlov.  It was identified by researchers at Tokyo-based cybersecurity firm Trend Micro in September and patched two months later, giving hackers ample time to exploit it in t

13450347090?profile=RESIZE_400xEnterprise cybersecurity tools, such as routers, firewalls, and VPNs, exist to protect corporate networks from intruders and malicious hackers, something that is particularly important in today’s age of widespread remote and hybrid working. But while pitched as tools that help organizations stay safe from outside threats, many of these products have time and again been found to contain software bugs that allow malicious hackers to compromise the very networks these products were designed to prot

13407282094?profile=RESIZE_400xThe US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

13331638888?profile=RESIZE_400xThe Ukrainian security service (SBU) has uncovered a new suspected espionage campaign by Russian intelligence services involving the recruitment of Ukrainian teenagers for criminal activities disguised as "quest games."  During an operation in the northeastern city of Kharkiv, local law enforcement arrested two groups of alleged Russian Federal Security Service (FSB) agents, all of whom were 15- and 16-years-old.

The teenagers were allegedly tasked with carrying out espionage, directing missile

13110565861?profile=RESIZE_400xUkraine is accusing Google of exposing the locations of its military sites in recent updates to its online mapping service.  Andrii Kovalenko, the head of the counter-disinformation department at Ukraine's National Security and Defense Council, said the images were spotted last week and have already been “actively distributed” by Russians.  He did not provide further details about what was specifically revealed or how Moscow could use the obtained data.

Kovalenko said Google hasn’t yet fixed the

13074788297?profile=RESIZE_400xThe Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyber-attack campaign carried out by the APT28 threat group, also known as Fancy Bear.  This group is thought, with a high degree of confidence, to be affiliated with Russian military intelligence operations.  Here’s what we know so far and what you need to watch out for if you think you might be at risk of being targeted. 

The APT28 Fancy Bear Cyber Attack Campaign Warning From CERT-UA - The Ukr