Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
APT29 group exploited WinRAR 0day in attacks against embassies
Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Security Affairs
DarkCasino joins the list of APT groups exploiting WinRAR 0day
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831.
Bleeping Computer
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
The Record
Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers
Targets in Azerbaijan and Italy bore the brunt of the operation by the Kremlin-backed hackers of APT29, also known as Cozy Bear, according to Ukraine's National Cyber Security Coordination Center.
Bleeping Computer
SEC sues SolarWinds for misleading investors before 2020 hack
The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service (SVR) hacking division.
The Hacker News
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!
SecurityWeek
In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
New RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea in the United States
The Hacker News
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft sounds the alarm on Storm-0324's tactics, luring its prey through Teams messages to breach corporate networks.
Bleeping Computer
Ransomware access broker steals accounts via Microsoft Teams phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 13th to 19th
Welcome to Cyber Writes' weekly Threat and Vulnerability Roundup, where we provide the most recent information on cybersecurity news. Take advantage of our extensive coverage and keep yourself updated.
Security Affairs
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries
Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries. The experts detected two PDF files masqueraded as coming from the German embassy and that contained two […]
The Hacker News
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
Ongoing campaign targets NATO-aligned foreign affairs ministries. Attackers use PDFs disguised as diplomatic messages.
CyberScoop
Hackers are increasingly hiding within services such as Slack and Trello to deploy malware
A new analysis unpacks a wide array of malware abusing legitimate internet services and what defenders should do to stop it.
The Record
PDF lures aimed at NATO countries contain a Russian clue
Documents that appear to be from a Germany embassy contain malware, including a strain with Russian roots called Duke.
SecurityWeek
MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs
MoustachedBouncer is a cyberespionage group that targets foreign diplomats in Belarus via ISP adversary-in-the-middle attacks.
Security Affairs
Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in […]
Security Affairs
Russian APT29 conducts phishing attacks through Microsoft Teams
Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) carried out Microsoft Teams phishing attacks aimed at dozens of organizations and government agencies worldwide. APT29 along with APT28 cyber espionage group was involved in […]
The Hacker News
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft reveals highly targeted social engineering attacks by Russian threat actor, using Microsoft Teams chats to steal credentials via phishing .
The Record
Fortinet VPN bug tops CISA’s list of most exploited vulnerabilities in 2022
A joint advisory from the Five Eyes nations warns that malicious cyber actors are exploiting older software vulnerabilities more frequently than recently disclosed ones.
Bleeping Computer
Russian hackers target govt orgs in Microsoft Teams phishing attacks
Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks.
The Hacker News
Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers
Obscure Iranian company Cloudzy is being used by cybercrime groups and nation-state crews as a command-and-control provider.
The Record
Russian military hackers sent phishing lures masquerading as Microsoft Teams chats
Hackers within the Russian military used Microsoft Teams chats as phishing lures in “highly targeted social engineering attacks,” according to security officials at Microsoft.
Security Affairs
Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor
Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29, Cloaked Ursa, and Midnight Blizzard, Nobelium) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor […]
SecurityWeek
In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android
Weekly cybersecurity news roundup of noteworthy stories that might have slipped under the radar for the week of July 24, 2023.
The Hacker News
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities
BlueBravo, a Russian nation-state actor, has been targeting diplomatic entities in Eastern Europe with a new backdoor named GraphicalProton.
DarkReading
SolarWinds Attackers Dangle BMWs to Spy on Diplomats
Cloaked Ursa/Nobelium gets creative by appealing to the more personal needs of government employees on foreign missions in Kyiv.
Bleeping Computer
Russian state hackers lure Western diplomats with BMW car ads
The Russian state-sponsored hacking group 'APT29' (aka Nobelium, Cloaked Ursa) has been using unconventional lures like car listings to entice diplomats in Ukraine to click on malicious links that deliver malware.
Infosecurity News
Diplomats in Ukraine Targeted by “Staggering” BMW Phishing Campaign
Unit 42 researchers believe a Russian threat group repurposed a legitimate flyer for a BMW car sent to embassies in Kyiv, Ukraine
The Hacker News
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
Microsoft exposes a surge in credential-stealing attacks by Russian hacker group Midnight Blizzard.
Ars Technica
Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack
With no easy way to revoke compromised keys, MSI, and its customers, are in a real pickle.
DarkReading
Threat Actor Names Proliferate, Adding Confusion
Goodbye, Phosphorus! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?
The Hacker News
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
Russian Hackers Tomiris Targeting Central Asian Government and Diplomatic Entities for Intelligence Gathering
CSO
3CX hack highlights risk of cascading software supply-chain compromises
The attack that injected malicious code into the company's software appears to have been enabled by another compromised application.
Cyber Security News
Russia-linked APT29 Attacking NATO and European Union Countries
The Polish military, along with its CERT.PL recently discovered that a Russian state-sponsored group of hackers, dubbed APT29.
Security Affairs
Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. New Android malicious library Goldoson found in 60 apps +100M downloads Siemens Metaverse exposes sensitive corporate data CISA adds bugs in Android and Novi Survey to its Known Exploited […]
DarkReading
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks
The threat group behind the SolarWinds supply-chain attacks is back with new tools for spying on officials in NATO countries and Africa.
Bleeping Computer
Russia accuses NATO of launching 5,000 cyberattacks since 2022
The Federal Security Service of the Russian Federation (FSB) has accused the United States and other NATO countries of launching over 5,000 cyberattacks against critical infrastructure in the country since the beginning of 2022.
The Hacker News
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
Russia-linked APT29 (Cozy Bear) is behind an ongoing cyber espionage campaign targeting foreign ministries & diplomatic entities in NATO states, EU, &
CSO
Russian cyberspies hit NATO and EU organizations with new malware toolset
The APT29 espionage campaign is ongoing and the Polish military is urging potential targets to mitigate the risk.
Security Affairs
The Russia-linked APT29 is behind recent attacks targeting NATO and EU
Poland intelligence linked the Russian APT29 group to a series of attacks targeting NATO and European Union countries. Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes). APT29 along with APT28 cyber espionage group […]
Bleeping Computer
Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries.
The Hacker News
Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
Cyber espionage group Winter Vivern targets officials in Europe & US. The threat actor, known as TA473, exploits unpatched Zimbra vulnerabilities in g
Security Affairs
Security Affairs newsletter Round 411 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Kaspersky released a new decryptor for Conti-based ransomware US govt agencies released a joint alert […]
The Hacker News
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
Winter Vivern, an advanced persistent threat, has targeted government officials in India, Lithuania, Slovakia, and the Vatican.
Security Affairs
Russia-linked APT29 abuses EU information exchange systems in recent attacks
Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group, Cozy Bear, Nobelium, and The Dukes) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. In early March, BlackBerry researchers uncovered a new cyber espionage campaign aimed at EU […]
The Hacker News
Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks
North Korean group hacked a pro-North Korean organization's website and distributed their latest backdoor, WhiskerSpy, to unsuspecting visitors.
Bleeping Computer
Hackers start using Havoc post-exploitation framework in attacks
Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel.
Trend Micro
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.
The Hacker News
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector
A new research report has revealed details about the NikoWiper wiper malware responsible for cyberattacks on Ukraine's energy sector.
The Hacker News
Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack
Ukraine is under attack from a new Golang-based data wiper called SwiftSlicer.
Infosecurity News
Hackers Deploy Open-Source Tool Sliver C2, Replacing Cobalt Strike, Metasploit
Sliver is gaining popularity due to its modular capabilities and cross-platform support
The Hacker News
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
New findings indicate that the Sliver C2 framework is gaining popularity among threat actors as a versatile alternative to traditional C2 tools.
CSO
Here is why you should have Cobalt Strike detection in place
Abusing variants of legitimate penetration testing tools has become a standard tactic for many attackers seeking to fool security teams. Cobalt Strike is among the attack frameworks used by red teams and cyber specialists should be on the lookout for cybercriminals seeking to exploit it.
Infosecurity News
LockBit Remains Most Prolific Ransomware in Q3
Phobos is a close second, according to Trellix
SecurityWeek
Analysis of Russian Cyberspy Attacks Leads to Discovery of Windows Vulnerability
While analyzing Russian cyberespionage group APT29’s LDAP queries to Active Directory, Mandiant identified a vulnerability in the credential roaming functionality in Windows.
Security Affairs
APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity
Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes) successfully phished a European diplomatic entity. The attack stands out for the use of the Windows Credential […]
CSO
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
The Hacker News
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
Russia-linked APT29 hackers has been found leveraging a "lesser-known" Windows feature called "Credential Roaming" in attack on European diplomatic.
SecurityWeek
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks
Recent high-profile cyberattacks have demonstrated the effectiveness of an interesting method for getting past MFA.
Bleeping Computer
NSA shares guidance to help secure OT/ICS critical infrastructure
The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.
SecurityWeek
Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers
Russian cyberespionage group UAC-0113 is using dynamic DNS domains masquerading as telecoms providers in ongoing attacks targeting entities in Ukraine.
The Hacker News
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware
Researchers have discovered a threat cluster linked to Sandworm that continues to target Ukraine with commodity malware.
Bleeping Computer
Russian Sandworm hackers pose as Ukrainian telcos to drop malware
The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware.
Infosecurity News
New Spear Phish Methodology Relies on PuTTY SSH Client to Infect Systems
It tried to trick victims into clicking on malicious files as part of a fake Amazon job assessment
The Record
Fears grow of Russian spies turning to industrial espionage
Russia acknowledged this week that parts of its technology industry are dependent on foreign knowledge and lagging competitors by more than a decade, raising concerns that the country’s spies will be used for cyber espionage.
DarkReading
'Sliver' Emerges as Cobalt Strike Alternative for Malicious C2
Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns.
Security Affairs
Nobelium APT uses new Post-Compromise malware MagicWeb
Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […]
Bleeping Computer
Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network.
The Hacker News
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
Microsoft has uncovered "MagicWeb," a new "highly targeted" post-exploitation malware used by Nobelium APT hackers to gain persistent access.
Bleeping Computer
Hackers adopt Sliver toolkit as a Cobalt Strike alternative
Threat actors are dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. After Brute Ratel, the open-source, cross-platform kit called Sliver is becoming an attractive alternative.
Bleeping Computer
More hackers adopt Sliver toolkit as a Cobalt Strike alternative
Threat actors are dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. After Brute Ratel, the open-source, cross-platform kit called Sliver is becoming an attractive alternative.
SecurityWeek
Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies
Microsoft has shared technical details on APT29’s MagicWeb, a post-exploitation tool facilitating data collection and covert access.
Security Affairs
Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users
Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka APT29, CozyDuke, and Nobelium), has targeted Microsoft 365 accounts in espionage campaigns. The experts pointed out that APT29 devised new advanced tactics, techniques, and procedures to evade detection. […]
Bleeping Computer
Russian APT29 hackers abuse Azure services to hack Microsoft 365 users
The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information.
SecurityWeek
Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West
New study from Trustwave analyzes the Russian state cyberattacks against Ukraine since the war began, tying the attack groups back to their controlling state agencies.
DarkReading
Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.
CSO
July was a hot month for cybersecurity research
Malware-laden Google Play apps, a Russian hijack of cloud storage services, and “flaws” that aren’t really flaws in the Okta platform all made for interesting security research this month.
DarkReading
In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement
With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections.
Security Affairs
Security Affairs newsletter Round 375 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks SonicWall fixed critical SQLi in […]
DarkReading
ICYMI: Neopets & the Gaming Problem; SolarWinds Hackers Are Back; Google Ads Abused
Dark Reading's weekly roundup of all the OTHER important stories of the week.
Cyber Security News
Russian APT29 Hackers Use DropBox and Google Drive for Hacking
Although some services are trusted by the general public more and more, there are threats that are exploiting the trust in them. The goal of these threat actors is to make it extremely difficult to detect and prevent their attacks in the future owing to this technology and trust.
Ars Technica
Pro-Russia hacking campaigns are running rampant in Ukraine
Hacks also exploit critical Follina vulnerability and phishing campaigns.
CyberSecurity Dive
State-backed threat actors use Google Drive, Dropbox to launch attacks
The Russia-linked threat actor behind the SolarWinds attack used cloud storage services to deploy malicious payloads using Cobalt Strike.
Security Affairs
Security Affairs newsletter Round 364 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Raspberry Robin spreads via removable USB devices Malware campaign hides a shellcode into Windows […]
ZDNet
This sneaky hacking group hid inside networks for 18 months without being detected | ZDNet
Group exploits IoT vulnerabilities and legitimate Windows functions to snoop on emails and servers, say researchers.
Cyber Security News
Russian Hackers Attacking Diplomatic Organizations in Europe & Asia
The Russian Foreign Intelligence Service is believed to sponsor APT29 and during the SolarWinds Cyberattack 2020, cybercriminals were able to penetrate hundreds of organizations, leading to hundreds of breaches.
CyberScoop
SolarWinds hackers set up phony media outlets to trick targets
New infrastructure, old tricks.
Ars Technica
Botnet that hid for 18 months boasted some of the coolest tradecraft ever
Once-unknown group uses a tunnel fetish and a chameleon's ability to blend in.
SecurityWeek
Russian Cyberspies Target Diplomats With New Malware
Russian cyberespionage group APT29 has been observed using new malware and techniques in phishing campaigns targeting diplomatic organizations in Europe, the Americas, and Asia
Security Affairs
UNC3524 APT uses IP cameras to deploy backdoors and target Exchange
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. Once gained initial access to the target systems, […]
The Hacker News
New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions
A New Hacker Group Pursuing Corporate Employees Focused on Mergers, Acquisitions and Large Transactions
Bleeping Computer
Cyberspies use IP cameras to deploy backdoors, steal Exchange emails
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
Bleeping Computer
Cyberspies breach networks via IP cameras to steal Exchange emails
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
The Hacker News
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
Russia's cozy bear hackers have been spotted targeting diplomatic organizations across Europe, Asia, and the Americas.
Security Affairs
Russia-linked APT29 targets diplomatic and government organizations
Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers from Mandiant have spotted a spear-phishing campaign, launched by the Russia-linked APT29 group, on targeting diplomats and government entities. The Russia-linked APT29 group (aka SVR, Cozy Bear, and The Dukes) has been active since at least 2014, […]
Bleeping Computer
Russian hackers compromise embassy emails to target governments
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium) targeting diplomats and government entities.
The Record
From the front lines of ‘the first real cyberwar’
Natalia Tkachuk is no stranger to cyberattacks. As the head of the Information Security and Cybersecurity Service — part of the National Security and Defense Council of Ukraine — she helps coordinate and manage the government’s response to cyberthreats, which now mostly consist of a bombardment of attacks from Russian military hackers and other groups.
Bleeping Computer
US and allies warn of Russian hacking threat to critical infrastructure
Today, Five Eyes cybersecurity agencies warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders.
Ars Technica
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Not all MFA is created equal, as script kiddies and elite hackers have shown recently.
Ars Technica
Leaked ransomware documents show Conti helping Putin from the shadows
Hacker gang sometimes acts in Russia’s interest, with ad hoc links to FSB, Cozy Bear.
Bleeping Computer
FBI warns of MFA flaw used by state hackers for lateral movement
The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.
CyberNews
Google to buy Mandiant for $5.4 billion | CyberNews
Alphabet Inc’s Google will pay $23 per share, and the cybersecurity company will join Google Cloud.
Bleeping Computer
US says Russian state hackers breached defense contractors
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.
Bleeping Computer
US says Russian state hackers breached cleared defense contractors
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.
The Hacker News
Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
According to ESET's T3 2021 Threat Report Russian APT Hackers Used COVID-19 Lures to Target European Diplomats
Bleeping Computer
Russian APT29 hackers' stealthy malware undetected for years
Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats.
The Record
A top Ukrainian security official on defending the nation against cyber attacks
In the wake of an escalating crisis between Ukraine and Russia, Serhii Demediuk agreed to a follow-up interview in which he discussed issues including the recent defacement of Ukrainian websites, the security of the country’s critical infrastructure, and Russia’s motivations.
Bleeping Computer
US govt warns of Russian hackers targeting critical infrastructure
The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors, orchestrated by Russian-backed hacking groups.
The Record
Russian hackers bypass 2FA by annoying victims with repeated push notifications
Nobelium, the Russian cyber-espionage group that has orchestrated the SolarWinds 2020 supply chain attack, has continued to carry out new attacks throughout 2021, and according to security firm Mandiant, has been using a clever trick to bypass two-factor authentication in order to access some of its targets' accounts.
Bleeping Computer
France warns of Nobelium cyberspies attacking French orgs
The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021.
Bleeping Computer
Russian hacking group uses new stealthy Ceeloader malware
The Nobelium hacking group continues to breach government and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom Ceeloader malware.