Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine
Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.
Russian Cyberattack Hits Wales-Ukraine Football Broadcast
The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...
Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them
On December 30, 2021, in Moscow, Russian Foreign Minister Sergey Lavrov pinned the Order of Friendship on the suit of his Hungarian counterpart Péter Szijjártó. Although the medal was presented by Lavrov, it was Russian President Vladimir Putin himself who decided to award it. Not coincidentally, the medal, which is in the form of a wreath of olive branches encircling a globe, includes the inscription “Peace and Friendship” in Cyrillic on the back, is the highest Russian state decoration that can be awarded to a foreigner.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
2022 Russia-Ukraine war — Cyber group tracker
A tracker to collate cyber groups engaged in cyber activities during the Russia-Ukraine war 2022.
Conti ransomware group announces support of Russia, threatens retaliatory attacks
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
New data-wiping malware used in destructive attacks on Ukraine
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes. Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace. “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”
Hunting Russian Intelligence “Snake” Malware
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.
DOJ Detected SolarWinds Breach Months Before Public Disclosure
In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.
Espionage campaign linked to Russian intelligence services
The Military Counterintelligence Service and the CERT Polska team (CERT.PL) observed a widespread espionage campaign linked to Russian intelligence services
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.
From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat
In recent days, the US Justice Department and Pentagon have begun investigating an apparent online leak of sensitive documents, including some that were marked “Top Secret”. A portion of the documents, which have since been widely covered by the news media, focused on Russia’s invasion of Ukraine, while others detailed analysis of potential UK policies on the South China Sea and the activities of a Houthi figure in Yemen. The existence of the documents was first reported by the New York Times after a number of Russian Telegram channels shared five photographed files relating to the invasion of Ukraine on April 5 – at least one of which has since been found by Bellingcat to be crudely edited.
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Meet the FSB contractor: 0Day Technologies
An investigation into the FSB’s digital surveillance and disinformation contractor
SEKOIA.IO analysis of the #VulkanFiles leak
- Exfiltrated Russian-written documents provide insights into cyber offensive tool projects contracted by Vulkan private firm for the Russian Ministry of Defense. * Scan-AS is a database used to map adversary networks in parallel or prior to cyber operations. Scan-AS is a subsystem of a wider management system used to conduct, manage and capitalize results of cyber operations. * Amezit is an information system aimed at managing the information flow on a limited geographical area. It allows communications interception, analysis and modification, and can create wide information campaigns through social media, email, altered websites or phone networks.
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
- Proofpoint has observed recent espionage-related activity by TA473, including yet to be reported instances of TA473 targeting US elected officials and staffers. TA473 is a newly minted Proofpoint threat actor that aligns with public reporting on Winter Vivern. * TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe. * TA473 recons and reverse engineers bespoke JavaScript payloads designed for each government targets’ webmail portal. * Proofpoint concurs with Sentinel One analysis that TA473 targeting superficially aligns with the support of Russian and/or Belarussian geopolitical goals as they pertain to the Russia-Ukraine War.
‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics
Vulkan engineers have worked for Russian military and intelligence agencies to support hacking operations, prepare for attacks on infrastructure and spread disinformation
Royal Mail ransomware attackers threaten to publish stolen data
Postal service has been unable to send letters and parcels overseas since Wednesday due to hacking Royal Mail has been hit by a ransomware attack by a criminal group, which has threatened to publish the stolen information online. The postal service has received a ransom note purporting to be from LockBit, a hacker group widely thought to have close links to Russia.
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
Prigozhin interests and Russian information operations
TAG highlights four case studies involving Russian IO tied to the Internet Research Agency and Russian oligarch Yevgeny Prigozhin.
Liz Truss's personal phone was hacked by Putin's spies for top messages | Daily Mail Online
One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.
Prime minister links drones over Norway to ‘hybrid threats’
Norwegian police and military were busy again this week investigating more unidentified drones seen flying over critical energy infrastructure. After a Russian man was arrested for trying to leave Norway with two drones containing lots of pictures, Prime Minister Jonas Gahr Støre likened the incidents to a new form of “hybrid threats.”
GRU: Rise of the (Telegram) MinIOns
Multiple self-proclaimed hacktivist groups are conducting attacks in support of Russian interests.
How Russian Trolls Helped Keep the Women’s March Out of Lock Step
As American feminists came together in 2017 to protest Donald Trump, Russia’s disinformation machine set about deepening the divides among them.
Overview of the Cyber Weapons Used in the Ukraine
Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy.
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Killnet makes three announcements The past month seemed to be a turning point for the pro-Russian hacktivist group “Killnet”—and it was very eager to tell the world about it. First, on July 27, “Killmilk”—the founder and the head of the group who led its transformation from a DDoS-for-hire outlet i