Chinese and Russian hackers have turned their focus to edge devices — like VPN appliances, firewalls, routers and Internet of Things (IoT) tools — amid a startling increase in espionage attacks, according to Google security firm Mandiant. The company published the findings as part of its annual report on cyber investigations Mandiant was involved in […]
A notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed. APT28 (aka Strontium, Forest Blizzard) has been using GooseEgg since potentially as far back as April 2019 to exploit CVE-2022-38028, Microsoft said in a new […]
Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ‘Kapeka’, has a high level of stealth and sophistication, designed to both serve as an early-stage toolkit for its operators, and also […]
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets Pierluigi Paganini April 15, 2024 The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities […]
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka,” or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at […]
The Russian independent media organization Meduza said that it has been targeted by an “unprecedented” cyber campaign ahead of the upcoming presidential election this month. “In February 2024, the Russian authorities launched a series of cyberattacks against Meduza, more intense than any we’ve ever faced,” the organization said in a statement on Monday. The campaign […]
Russian authorities have identified and arrested three alleged members of a local ransomware gang called SugarLocker. The group operates under the guise of a legitimate tech company called Shtazi-IT, offering services for the development of landing pages, mobile apps, and online stores, according to a report by F.A.C.C.T., a Russia-based company that was involved in […]
The Commerce Department has sanctioned several European, Israeli, Russian, and Singaporean companies involved in the trafficking and development of spyware tools used for repression and human rights abuses.
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an “aggressive” hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved […]