Tag: RUSSIA

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog
Microsoft Threat Intelligence has reported on the Russian nation-state actor Secret Blizzard, which has been using co-opted tools and infrastructure from other threat actors to conduct espionage activities against targets in Ukraine. The campaigns have involved the deployment of custom malware, including the Tavdig and KazuarV2 backdoors, often facilitated through cybercriminal tools like Amadey bot malware.…
Read More
Summary: A recent report from Knownsec 404 highlights the emergence of GamaCopy, a cyber espionage group imitating Gamaredon APT, targeting Russian defense and critical infrastructure. GamaCopy uses military-themed documents as bait, employing obfuscated scripts and open-source tools like UltraVNC to minimize detection. The group’s tactics reveal a sophisticated approach to cyber espionage, complicating attribution and showcasing a false flag operation.…
Read More
Pivoting for Nosviak
Censys discovered a network of botnet management systems utilizing a modified version of the Nosviak command-and-control service. This network connects over 150 hosts across multiple countries and operates under various aliases, primarily offering DDoS and proxy services marketed as “stress testing.” Evidence suggests a significant infrastructure that leverages shared resources for malicious activities.…
Read More
BreachForums admin to be resentenced after appeals court slams supervised release
Summary: Conor Fitzpatrick, the founder of the cybercrime platform BreachForums, is set to be resentenced after a three-judge panel vacated a previous lenient sentence that allowed him to serve only 17 days in prison. The appellate court criticized the district court’s decision, which was influenced by Fitzpatrick’s age and autism diagnosis, for being “substantively unreasonable” given his extensive criminal activities.…
Read More
Iran and Russia deepen cyber ties with new agreement
Summary: A recent agreement between Iran and Russia aims to enhance military, security, and technological cooperation, particularly in cybersecurity and internet regulation. The deal, signed by leaders of both nations, seeks to formalize their close ties and establish stronger control over the digital space. Both countries, known for their restrictive internet policies, plan to collaborate on countering cybercrime and managing national internet segments.…
Read More

Victim: Hayloft Property Management Country : US Actor: akira Source: Discovered: 2025-01-22 13:12:12.263263 Published: 2025-01-22 13:12:10.836618 Description : Below are the keypoints extracted from the provided content: Hayloft Property Management Co. offers modern and spacious living accommodations. Focus on quality and comfort in their housing options.…
Read More
TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team
Summary: The Transportation Security Administration (TSA) administrator David Pekoske was removed from his position by the Trump administration, despite having been appointed during Trump’s first term and later renewed by President Biden. Pekoske played a significant role in enhancing cybersecurity measures across transportation sectors, particularly following the Colonial Pipeline ransomware attack.…
Read More
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
Hackers impersonate Ukraine’s CERT to trick people into allowing computer access
Summary: Ukrainian researchers have uncovered a cyber campaign where attackers impersonate tech support from CERT-UA to gain unauthorized access to victims’ devices. Utilizing AnyDesk, a legitimate remote desktop software, the intruders claim to conduct “security audits” to exploit trust and authority. The campaign highlights the growing number of cyberattacks targeting Ukraine, with a significant increase in incidents reported over the past year.…
Read More
Russian ransomware hackers increasingly posing as tech support on Microsoft Teams
Summary: Russian cybercriminals are executing a new scam by impersonating tech support on Microsoft Teams to install ransomware on victims’ networks. British cybersecurity firm Sophos reported over 15 incidents involving two groups leveraging Microsoft Office 365 settings for social engineering attacks. The report highlights connections between one group and Storm-1811, while the other may have ties to the FIN7 cybercrime group.…
Read More
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
Summary: The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about ongoing social engineering attempts by unknown threat actors impersonating the agency through AnyDesk connection requests. These requests aim to exploit user trust under the guise of conducting security audits, highlighting the need for vigilance and proper communication protocols.…
Read More
HPE investigates breach as hacker claims to steal source code
Summary: Hewlett Packard Enterprise (HPE) is currently investigating claims made by the threat actor IntelBroker, who alleges to have stolen sensitive documents from HPE’s developer environments. Although HPE has not found evidence of a breach, they are actively assessing the validity of these claims. The incident raises concerns given IntelBroker’s history of high-profile breaches and HPE’s previous security incidents.…
Read More