Russian ISP confirms Ukrainian hackers "destroyed" its network
Russian internet service provider Nodex confirmed on Tuesday that its network was
Finnish police detain Russian 'ghost fleet' ship crew as cable damage probe continues
The Eagle S is suspected of damaging the Estlink-2 power cable which runs under the Baltic Sea between Finland and Estonia by dragging its anchor along the seabed on Christmas Day. Police in Finland say the crew of a Russia-linked tanker suspected of damaging a power cable under the Baltic Sea have been detained indefinitely. The Eagle S crew consists of 24 people with Finland’s Central Criminal Police imposing movement restrictions on eight.
Finland identifies seven suspects among crew of alleged Russian 'spy' tanker
Seven crew members of the seized ship Eagle S are being treated as suspects as Finland investigates undersea cable sabotage and alleged Russian spying.
Finnish authorities board ship suspected of cutting subsea Internet and power cables
Four Internet cables cut in latest Baltic Sea incident
Russia is using bitcoin in foreign trade, finance minister says
Russian companies have begun using bitcoin and other digital currencies in international payments following legislative changes that allowed such use in order to counter Western sanctions, Finance Minister Anton Siluanov said on Wednesday. Sanctions have complicated Russia's trade with its major partners such as China or Turkey, as local banks are extremely cautious with Russia-related transactions to avoid scrutiny from Western regulators.
Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED
In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks
- The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost‘ and ‘BEARHOST‘. We notably observed that both network’s configurations are almost identical in terms of peering agreements and their respective share of loads throughout time. Amongst the activities shared by the two networks, we noticed that both GootLoader and SpyNote malwares recently changed their infrastructure of command-and-control servers and phishing pages from to Proton66. Additionally, the domains hosting the phishing pages deploying SpyNote were hosted on either one of the two AS and had already been used in previous campaigns delivering revoked AnyDesk and LiveChat versions for both Windows and Mac. Regarding the other malicious activities found on PROSPERO’s IPs, we found that throughout September, multiple SMS spam campaigns targeting citizens from various countries were leading to phishing domains hosted on PROSPERO and Proton66. While most phishing templates were usurping bank login pages to steal credit card details, we also noticed that some of them were used to deploy android spywares such as Coper (a.k.a. Octo). * SocGholish, another initial access broker (IAB) that we found to be hosting a major part of its infrastructure on Proton66, continues to leverage this autonomous system to host fingerprinting scripts contained on the websites it infects. Along SocGholish, we found out that FakeBat, another loader that infects systems through compromised websites, was using the same IPs to host both screening and redirection script
Threat Hunting Case Study: Uncovering Turla | Intel 471
Russia has long been a military power, a nuclear power, a space power and in recent decades, a cyber power. It has been one of the most capable cyber actors, going back to the late 1990s when Russian state hackers stole classified documents and military research from U.S. universities and government agencies. The stolen documents, if stacked on top of one another, would have been taller than the Washington Monument (555 feet or 169 meters). These incidents, dubbed “Moonlight Maze” as described in Thomas Rid’s book “Rise of the Machines,” marked one of the world’s first advanced persistent threat (APT) attacks. Russia’s intelligence and security agencies continue to operate highly skilled groups of offensive attackers. Those APT groups are spread across its intelligence and security agencies and the Ministry of Defense. They engage in a broad range of cyber and influence operations tied to Russia’s strategic objectives. These include exploiting adversary systems, establishing footholds, conducting cyber espionage operations and running disinformation and misinformation campaigns designed to undermine Western narratives. One of the most effective and long-running Russian groups is Turla, a unit known as Center 16 housed within Russia’s Federal Security Service, or FSB. Researchers found that this group, which is active today, may have been connected with Moonlight Maze.
UK Ambulance Services targeted by Kremlin-protected Russian hackers
A cyber security expert warns the hack, uncovered by i, presents a 'terrible threat to public health safety'
U.S., Microsoft seize over 100 websites allegedly used by Russian spies
The FBI and Microsoft have seized more than 100 web domains they say Russian intelligence used for cyber-espionage, according to court documents unsealed Thursday.
Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday
Ukrainian hackers carried out a cyberattack that took down online broadcasts of Russian state television and radio channels on Monday, according to an official in Kyiv with knowledge of the operation. #A #Dmitry #Emerging #Europe #Infrastructure #Markets #Media #Peskov #Putin #Radio #Russia #Ukraine #Vladimir #business #cybersecni #cybersecurity #politics #technology
Further Evil Corp cyber criminals exposed, one unmasked as LockBit affiliate - National Crime Agency
Sixteen individuals who were part of Evil Corp, once believed to be the most significant cybercrime threat in the world, have been sanctioned in the UK, with their links to the Russian state and other prolific ransomware groups, including LockBit, exposed. Sanctions have also been imposed by Australia and the US, who have unsealed an indictment against a key member of the group.
US intelligence agencies confirm Russia is pushing fake videos of Kamala Harris
The U.S. intelligence community on Monday said Russia is responsible for recent videos shared on social media that sought to denigrate Vice President Kamala Harris, including one that tried to implicate her in a hit-and-run accident. Spy agencies also assess that Russian influence actors were responsible for altering videos of the vice president's speeches — behavior consistent with Moscow’s broader efforts to boost former President Donald Trump’s candidacy and disparage Harris and the Democratic Party, an official with the Office of the Director of National Intelligence said during a press briefing.
Russia focusing on US social media stars to covertly influence voters
Russia is increasingly turning to American social media stars to covertly influence voters ahead of the 2024 presidential election, according to U.S. officials and recently unveiled criminal charges. “What we see them doing is relying on witting and unwitting Americans to seed, promote and add credibility to narratives that serve these foreign actors’ interest,” a senior intelligence official said in a briefing on Friday. “These foreign countries typically calculate that Americans are more likely to believe other Americans’ views.”
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
U.S. charges five Russian military members for destructive cyber ops, hack-and-leak campaigns | CyberScoop
The hackers were working with a unit in the Russian Main Intelligence Directorate, according to the DOJ.
Russia-linked phishing campaigns ensnare civil society and NGOs
Russia-linked phishing campaigns are targeting civil society and NGOs operating in the region and abroad, according to a new investigation by Access Now and the Citizen Lab.
Russia-linked operations target Paris 2024 Olympics
Cross-platform efforts denigrated France's handling of the games and fomented fear of a potential terrorist attack
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
Russian and Moldovan companies targeted by XDSpy phishing campaign, deploying DSDownloader malware, amid escalating cyber conflicts.
Who are the two major hackers Russia just received in a prisoner swap?
Both men committed major financial crimes—and had powerful friends.
Mid-year Doppelgänger information operations in Europe and the US
This report delves into Doppelgänger information operations conducted by Russian actors, focusing on their activities from early June to late-July 2024. Our investigation was motivated by the unexpected snap general election in France, prompting a closer look at Doppelgänger activities during this period. While recent activities have been described since1,2, our first dive into the information operations topic offers a complementary threat-intelligence analysts’ perspective on the matter, brings additional knowledge on associated infrastructure, tactics and motivation in Europe and the United States.
Doppelganger operation
This page is designed to gather a timeline of the Doppelganger operation with a few elements gathered from different reports.
US Disrupts Russian Bots Spreading Propaganda on Twitter
Russian media outlet RT ran the bot farm to pump out disinformation via 968 Twitter accounts, the US Justice Department says.
Russia forces Apple to remove VPN apps from the App Store
Apple has caved to pressure from Russian authorities and removed a number of the best iPhone VPN apps from the App Store in the country.
Poland to probe Russia-linked cyberattack on state news agency
In May, hackers published fake news on the website of the Polish Press Agency claiming the country’s authorities had announced a partial mobilization of 200,000 men to be sent to fight in a war in Ukraine.
US accuses Russian of helping Kremlin hack Ukraine’s state computer systems
According to the Department of Justice, 22-year-old Amin Stigal helped Russian military intelligence carry out cyber operations, including probing computers belonging to a federal government agency in Maryland.
Russian spies' hacking campaign is 'endangering' French diplomatic interests
An alert from France's ANSSI confirms several incidents that had previously been publicly reported and attributed to the Kremlin-backed hacking group that the French agency tracks as Nobelium.
US bans sale of Kaspersky software citing security risk from Russia
U.S. officials imposed the “first of its kind” ban arguing that Kaspersky threatens U.S. national security because of its links to Russia.