X-Industry

The Ukrainian security service (SBU) has uncovered a new suspected espionage campaign by Russian intelligence services involving the recruitment of Ukrainian teenagers for criminal activities disguised as "quest games."  During an operation in the northeastern city of Kharkiv, local law enforcement arrested two groups of alleged Russian Federal Security Service (FSB) agents, all of whom were 15- and 16-years-old.

The teenagers were allegedly tasked with carrying out espionage, directing missile

South Korea claims pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it chose to monitor North Korean soldiers in Ukraine. South Korea reports that over 10,000 North Korean troops are now deployed in Russia, including in the frontline Kursk region, to support the war in Ukraine. This development, confirmed b

Ukraine is accusing Google of exposing the locations of its military sites in recent updates to its online mapping service.  Andrii Kovalenko, the head of the counter-disinformation department at Ukraine's National Security and Defense Council, said the images were spotted last week and have already been “actively distributed” by Russians.  He did not provide further details about what was specifically revealed or how Moscow could use the obtained data.

Kovalenko said Google hasn’t yet fixed the

The Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyber-attack campaign carried out by the APT28 threat group, also known as Fancy Bear.  This group is thought, with a high degree of confidence, to be affiliated with Russian military intelligence operations.  Here’s what we know so far and what you need to watch out for if you think you might be at risk of being targeted. 

The APT28 Fancy Bear Cyber Attack Campaign Warning From CERT-UA - The Ukr

The US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.  GRU Unit 29155 cyber actors began deploying the destructi

Russia's Kursk region was hit by a “massive” distributed denial-of-service (DDoS) attack on 15 August amid Ukraine’s surprise cross-border incursion, Kursk state officials said in a statement.  The unnamed hackers targeted government and business websites, as well as critical infrastructure services, making some of them temporarily unavailable, state media reported.

Data shared by Internet monitoring service NetBlocks shows “sporadic disruptions to internet connectivity in and around Kursk,” lik

RU President Vladimir recently offered to end the war in Ukraine if Kyiv agreed to drop its NATO membership ambitions and concede the four provinces of its territory that are claimed and occupied by Russian troops. The democratically elected Ukraine government swiftly rejected these terms.   However, the Russian offer suggests that they do not see a near-term military victory in the disputed territory, which could be the motive behind the evolution of its cyberwar tactics in the overall military

Researchers have discovered a new malware variant likely used in an attack this January against an energy company in western Ukraine that left 600 households without heat amid freezing temperatures.  The tool, called FrostyGoop, is one of only a few malware strains ever discovered in the wild that can interact directly with industrial control systems and have a physical effect on the hardware used by targeted enterprises, according to researchers at industrial cybersecurity firm Dragos, which di

The United Nations' telecommunication agency condemned Russian interference in the satellite systems of several European countries.  Earlier this month, the UN’s International Telecommunication Union (ITU) received a series of complaints from Ukraine, France, Sweden, the Netherlands and Luxembourg about the Kremlin’s alleged satellite interference that has affected GPS signals and television channels.  The ITU reviewed these complaints and published a document Monday calling the practice “extrem

FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file.  The attacker uses a multi-stage malware strategy to deliver the notorious "Cobalt Strike" payload and establish communication with a command and control (C2) server.  This attack employs various evasion techniques to ensure successful payload delivery.

Over the past few years, Ukraine has been a significant target due to its geopolitical situation

The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.  An unknown threat actor targeted government entities in Ukraine toward the end of 2023 using an old Microsoft Office remote code execution (RCE) exploit from 2017 (CVE-2017-8570) as the initial vector and military vehicles as the lure.

The threat actor initiated the attack using a malicious PowerPoint file (.PPSX)

On 16 March 2024, Sentinel Labs identified a suspicious Linux binary uploaded from Ukraine.  Initial analysis showed surface similarities with the infamous AcidRain wiper used to disable KA-SAT modems across Europe at the start of the Russian invasion of Ukraine (commonly identified by the ‘Viasat hack’ misnomer).  Since our initial finding, no similar samples or variants have been detected or publicly reported until now.  This new sample is a confirmed variant called ‘AcidPour’, a wiper with si

Russia has been accused of attempting to inflame divisions in Germany by publishing an intercepted conversation in which Bundeswehr officials discuss the country’s support for Ukraine, particularly around the supply of Taurus cruise missiles.

The 38-minute conversation, which took place on 19 February 2024, was first published on social media platform Telegram by Margarita Simonyan, the editor-in-chief of RT and a sanctioned propagandist, who said the recording had been provided to her by “comra

SentinelLabs and ClearSky Cyber Security have been tracking a propaganda and disinformation campaign since late November 2023, highly likely orchestrated by Doppelgänger, a suspected Russia-aligned influence operation network known for its persistent and aggressive tactics.  Initially focusing on disseminating anti-Ukraine content following the onset of the Russo-Ukrainian conflict, Doppelgänger has since broadened its scope, targeting audiences in the US, Israel, Germany, and France.

Analysts o

Cyber threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited Cross-Site Scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.   According to investigators, these entities are primarily located in Georgia, Poland, and Ukraine and attributed the intrusion set to a threat actor known as Winter Vivern, also known as TA473 and UAC0114.  The cybersecurity firm tracks the hacki

An official at the Bangladesh Election Commission has claimed that a cyber-attack “from Ukraine and Germany” caused an election information app to crash as voters went to the polls on 8 January.  There has not been an allegation that the incident affected votes in the country, where incumbent Prime Minister Sheikh Hasina secured her fourth straight term in office after a record low turnout, as reported by BBC News.

Hasina, who has held power since 2009, is currently the longest-serving female he

The mass outage of Ukrainian mobile and internet provider Kyivstar on December 12 last year has now been attributed to the Russian state-sponsored Sandworm group by Ukraine’s Security Service (SBU).  The attack resulted in a total outage of the networks provided by Kyivstar, which included several early-warning attack systems and caused a surge in traffic on other network providers in Ukraine as people sought alternative means of connectivity.  It has now been determined that the group were ling

Cybersecurity researchers at Deep Instinct Lab have revealed a new series of cyberattacks by ‘UAC-0099,’ specifically targeting Ukrainians.  These attacks employ common tactics, such as using fabricated court summons to entice targets into executing malicious files.

The group’s activities were initially revealed in May 2023 through the Ukrainian CERT advisory ‘#6710,’ and Deep Instinct has now provided exclusive insights into their latest attack.

According to a blog post from the company, on Dec

Researchers have tracked more activity by an influence campaign linked to Russia that spreads disinformation and propaganda in the US, Germany and Ukraine through a vast network of social media accounts and fake websites.

The campaign, attributed to the Russia-linked influence operation network called Doppelgänger, has been active since at least May 2022.  The US tech company Meta previously referred to Doppelgänger as the “largest” and “most aggressively persistent” malign network sponsored by

Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News.  Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, hacked into Alfa-Bank and claimed to obtain the data of more than 30 million customers, including their names, dates of birth, account numbers, and phone numbers, according to a post on their official website.

Alfa-Bank was sanctioned by the United S