russia (144)

12404998269?profile=RESIZE_400xOn 16 March 2024, Sentinel Labs identified a suspicious Linux binary uploaded from Ukraine.  Initial analysis showed surface similarities with the infamous AcidRain wiper used to disable KA-SAT modems across Europe at the start of the Russian invasion of Ukraine (commonly identified by the ‘Viasat hack’ misnomer).  Since our initial finding, no similar samples or variants have been detected or publicly reported until now.  This new sample is a confirmed variant called ‘AcidPour’, a wiper with si

12402161876?profile=RESIZE_400xThe US Department of Justice claims that it has disrupted a botnet controlled by the Russian state-sponsored hacking group Forest Blizzard, also known as Fancy Bear. The Russian hackers' targets include US and foreign governments, military entities, and security and corporate organizations. The FBI operation copied and deleted stolen files and other data from the compromised routers and, working with local Internet service providers, the FBI then informed the owners and operators of the routers.

12400254075?profile=RESIZE_400xCyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity.  AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response.  Adversaries can use AI as part of their exploits.  It is never been more critical for us to design, deploy, and use AI securely.

See:  https://redskyalliance.org/xin

12399706096?profile=RESIZE_400xThe top US intelligence agency has revamped its election security team ahead of the 2024 presidential election, a contest multiple national security leaders have warned could be targeted by foreign adversaries using fast-moving attacks.  Jessica Brandt, who previously held a variety of prominent research roles at Washington think tanks, was appointed the first full-fledged director of the Foreign Malign Influence Center in late 2023.

The hub, part of the Office of the Director of National Intell

12400169052?profile=RESIZE_400xA Microsoft spokesman reported that the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal computer systems.  In what is being described as an “ongoing attack,” the world’s largest software maker says it has evidence the hacking group “is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.”  This has inc

12398739494?profile=RESIZE_400xCISA Report JCSA-20240227-001

Note: This CISA advisory uses the MITRE ATT&CK® for Enterprise framework, version 14.  See the MITRE ATT&CK Tactics and Techniques section for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

Overview - This advisory provides observed tactics, techniques,

12397806069?profile=RESIZE_400xRussia has been accused of attempting to inflame divisions in Germany by publishing an intercepted conversation in which Bundeswehr officials discuss the country’s support for Ukraine, particularly around the supply of Taurus cruise missiles.

The 38-minute conversation, which took place on 19 February 2024, was first published on social media platform Telegram by Margarita Simonyan, the editor-in-chief of RT and a sanctioned propagandist, who said the recording had been provided to her by “comra

12390151900?profile=RESIZE_400xSentinelLabs and ClearSky Cyber Security have been tracking a propaganda and disinformation campaign since late November 2023, highly likely orchestrated by Doppelgänger, a suspected Russia-aligned influence operation network known for its persistent and aggressive tactics.  Initially focusing on disseminating anti-Ukraine content following the onset of the Russo-Ukrainian conflict, Doppelgänger has since broadened its scope, targeting audiences in the US, Israel, Germany, and France.

Analysts o

12390146467?profile=RESIZE_400xIt is no longer theoretical; the world's major powers are working with large language models to enhance offensive cyber operations.  Advanced persistent threats (APTs) aligned with China, Iran, North Korea, and Russia use large language models (LLMs) to enhance their operations.  New blog posts from OpenAI and Microsoft reveal that five prominent threat actors have used OpenAI software for research, fraud, and other malicious purposes.  After identifying them, OpenAI shuttered all their accounts

12389946096?profile=RESIZE_400xCyber threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited Cross-Site Scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.   According to investigators, these entities are primarily located in Georgia, Poland, and Ukraine and attributed the intrusion set to a threat actor known as Winter Vivern, also known as TA473 and UAC0114.  The cybersecurity firm tracks the hacki

12386303859?profile=RESIZE_400xAn international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns.  While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's ‘.onion’ website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finl

12389945471?profile=RESIZE_400xCybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital and that the US government is doing too little to prevent such breaches.  Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records.  Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage f

12368645483?profile=RESIZE_400xResearchers from Microsoft reported on 25 January 2024 that the Russian state-sponsored threat actors responsible for a cyberattack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them.  The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzar

12366106682?profile=RESIZE_400xThe Fidelity National Financial (FNF) cyber-attack leaked the personal data of 1.3 million customers, the company has disclosed in a new filing with the Securities and Exchange Commission.  FNF is one of the largest title insurance and transaction services providers in the United States, with a market capitalization of $13.3 billion, an annual revenue of over $10 billion, and a workforce of about 23,000 people.[1]

The November 2023 cyber-attack disrupted the company’s operations for nearly a wee

12346580278?profile=RESIZE_400xThe mass outage of Ukrainian mobile and internet provider Kyivstar on December 12 last year has now been attributed to the Russian state-sponsored Sandworm group by Ukraine’s Security Service (SBU).  The attack resulted in a total outage of the networks provided by Kyivstar, which included several early-warning attack systems and caused a surge in traffic on other network providers in Ukraine as people sought alternative means of connectivity.  It has now been determined that the group were ling

12311324881?profile=RESIZE_400xHacktivist group Killnet rose to prominence in 2022.  After the launch of SVO, it openly sided with Russia. It carried out high-profile DDoS attacks against significant targets such as the US Federal Tax Service, the European Union’s banking systems SWIFT, and the American arms company Lockheed IBAN. Martin et al.  At the same time, little was known for a long time about the identity of its leader, hacker Killmilk. In the public sphere, he formed the image of a great patriot of the Russian Feder

12309889482?profile=RESIZE_400xResearchers have tracked more activity by an influence campaign linked to Russia that spreads disinformation and propaganda in the US, Germany and Ukraine through a vast network of social media accounts and fake websites.

The campaign, attributed to the Russia-linked influence operation network called Doppelgänger, has been active since at least May 2022.  The US tech company Meta previously referred to Doppelgänger as the “largest” and “most aggressively persistent” malign network sponsored by

12309104701?profile=RESIZE_400xThe UK’s Sellafield nuclear facility has denied reports that its IT networks have been attacked by cyber groups linked to Russia and China.  The Guardian said an investigation into the nuclear site in Cumbria found security breaches, dating back to 2015, which it says were not reported to regulators for “several years.”

The year-long investigation, named ‘Nuclear Leaks,’ said sleeper malware which can be used to spy on or attack systems had been embedded in the networks and could still be there.

12296261478?profile=RESIZE_400x“We’re open for everyone,” announces a brightly colored sign welcoming visitors to the British Library.  But inside the airy building beside London’s St Pancras Station, not everyone can get what they want.  Not since the library was struck by cyber criminals at the end of last month.  The ransomware attack, carried out by a group known for such activity, has knocked out the website of the UK’s national library.  It has also taken down the WiFi, upon which the crowds who come here to work rely. 

12264247482?profile=RESIZE_400xUkrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News.  Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, hacked into Alfa-Bank and claimed to obtain the data of more than 30 million customers, including their names, dates of birth, account numbers, and phone numbers, according to a post on their official website.

Alfa-Bank was sanctioned by the United S