Russian
-
Blog
Russian hackers use RDP proxies to steal data in MiTM attacks
The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. The MiTM attacks utilized the PyRDP red team proxy tool to scan the victims’ filesystems, steal data in the background, and remotely execute rogue applications…
Read More » -
Blog
Russian cyberspies target Android users with new spyware
Russian cyberspies Gamaredon has been discovered using two Android spyware families named ‘BoneSpy’ and ‘PlainGnome’ to spy on and steal data from mobile devices. According to Lookout, which discovered the two malware families, BoneSpy has been active since 2021, while PlainGnome emerged in 2024. Both target Russian-speaking individuals in former Soviet states. Gamaredon (aka “Shuckworm”) is believed to be part…
Read More » -
Blog
New Android spyware found on phone seized by Russian FSB
After a Russian programmer was detained by Russia’s Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. The programmer, Kirill Parubets, was arrested by the FSB after being accused of donating to Ukraine. After regaining access to his mobile device, the programmer suspected…
Read More » -
Blog
UK disrupts Russian money laundering networks used by ransomware
A law enforcement operation led by the United Kingdom’s National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs. Dubbed “Operation Destabilise,” this international investigation has led to the arrest of 84 Russian-speaking suspects linked to the Smart (led by Ukrainian George Rossi) and TGR (controlled by Russian Ekaterina Zhdanova) criminal organizations.…
Read More » -
Blog
Firefox and Windows zero-days exploited by Russian RomCom hackers
Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. The first flaw (CVE-2024-9680) is a use-after-free bug in Firefox’s animation timeline feature that allows code execution in the web browser’s sandbox. Mozilla patched this vulnerability on October 9, 2024, one day after ESET reported it. The second…
Read More » -
Blog
US warns of last-minute Iranian and Russian election influence ops
The U.S. Cybersecurity & Infrastructure Security Agency is warning about last-minute influence operations conducted by Iranian and Russian actors to undermine the public trust in the integrity and fairness of the upcoming presidential election. In a joint statement, CISA, the Office of the Director of National Intelligence (ODNI), and the Federal Bureau of Investigation (FBI), collectively the Intelligence Community (IC),…
Read More » -
Blog
Russian charged by U.S. for creating RedLine infostealer malware
The United States announced charges today against Maxim Rudometov, a Russian national, for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific infostealers over the past few years. These infostealers, marketed to cybercriminals and sold via subscriptions, enable attackers to steal credentials and financial data and bypass multi-factor authentication. Rudometov was named in…
Read More » -
Blog
NCSC warns organizations of cyber threat from Russian Foreign Intelligence
The National Cyber Security Centre (NCSC) is warning organizations to buckle up for online attacks by Russia’s Foreign Intelligence Service (SVR). More than 20 publicly disclosed vulnerabilities have been listed in a joint advisory of US security agencies. These, it believes, can be exploited by the hacking group, APT29, also known as Midnight Blizzard, the Dukes, and Cozy Bear. The…
Read More » -
Blog
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia’s Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers “at a mass scale.” A joint advisory issued by the NSA, the FBI, the U.S. Cyber Command’s Cyber National Mission Force (CNMF), and the U.K.’s NCSC warns network defenders to patch exposed servers to block these ongoing…
Read More » -
Blog
Microsoft and DOJ disrupt Russian FSB hackers’ attack infrastructure
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. In December, the United Kingdom and its Five Eyes allies linked this threat group to Russia’s Federal Security Service (FSB), the country’s internal security and counterintelligence service.…
Read More »