Tag: RUSSIA

Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Summary: Recent cyber threats highlight vulnerabilities in open-source tools, escalating ad fraud through mobile apps, and advanced ransomware tactics targeting critical defenses. Notably, attacks have leveraged AI, and a supply chain breach at Coinbase exemplifies these risks. A rise in stolen credentials further underscores the urgent need for improved cybersecurity measures.…
Read More

Victim: Synesis Surveillance System Country : RU Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/9cb5fece49800a33eddaf3e4cd4a943612fe9701c7ace4e0d84b06784c09ef03/ Discovered: 2025-03-22 14:54:11.625401 Published: 2025-03-22 14:53:00.890150 Description : Synesis Surveillance System, a company based in Russia, fell victim to a ransomware attack orchestrated by the notorious hacking group Babuk2. This malicious incident marked a significant security breach for Synesis, which specializes in surveillance technology.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Summary: A new stealer malware called Arcane is being distributed through YouTube videos promoting game cheats, targeting Russian-speaking users. This malware gathers a wide range of sensitive information from various applications, including VPNs, messaging apps, and gaming clients. It utilizes various techniques, including a batch file that activates PowerShell to initiate its malicious activities, while also evading security measures like Windows SmartScreen.…
Read More
Ukraine’s IT Army keeps up attacks on Russia despite waning media hype
Summary: Ukraine’s IT Army remains active in cyber warfare against Russian entities, with a significant increase in attacks noted by Russian cybersecurity firm F6. The group is targeting regional telecom operators and has recently claimed responsibility for disrupting services in major Russian cities. Despite claiming fewer attacks than at the onset of the war, the IT Army continues to improve its tactics and expand its range of targets.…
Read More
Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers
Summary: A significant vulnerability affecting Microsoft Windows shortcuts, exploited by numerous state-sponsored and criminal groups since 2017, has come under scrutiny. Despite identification by researchers at the Zero Day Initiative, Microsoft has classified the vulnerability as low severity and is not prioritizing a patch. The exploitation primarily targets espionage and data theft, impacting various organizations globally, particularly in the U.S.…
Read More
New Windows zero-day exploited by 11 state hacking groups since 2017
Summary: Multiple state-sponsored hacking groups have been exploiting a Windows vulnerability known as ZDI-CAN-25373 for cyber espionage and data theft since 2017. Despite the identification of nearly a thousand exploit samples, Microsoft has deemed the issue as not warranting immediate security updates. Researchers indicate the vulnerability allows attackers to execute arbitrary code on affected systems while remaining hidden from users.…
Read More
AI Is Turbocharging Organized Crime, EU Police Agency Warns
Summary: The European Union’s law enforcement agency, Europol, warns that artificial intelligence is significantly amplifying organized crime, posing a threat to societal stability across member nations. A recent report highlights the increasing sophistication of cybercrime, with AI-driven attacks merging profit motives with state-sponsored destabilization efforts. As the EU prepares to address these challenges, there is an urgent call for integrated security measures to counteract the evolving threats.…
Read More
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
Summary: An unpatched security vulnerability in Microsoft Windows allows 11 state-sponsored groups to execute hidden malicious commands through crafted .LNK files, leading to significant risks of data theft and cyber espionage. Discovered by Trend Micro’s Zero Day Initiative (ZDI), the flaw has been utilized since 2017, targeting various organizations globally.…
Read More
Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation
This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…
Read More
Major Cyber Attacks in Review: February 2025
In February 2025, multiple significant cyber incidents revealed ongoing risks across various industries worldwide. Notable attacks included the Qilin ransomware incident at Lee Enterprises, which disrupted media distribution, and a .5 billion cryptocurrency theft attributed to North Korea’s Lazarus Group. Breaches at DISA Global Solutions, Orange, and LANIT highlighted severe vulnerabilities in finance, telecom, healthcare, media, and government sectors.…
Read More
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…
Read More

Victim: Belarus E-commerce & Energy Data Country : BY Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/82b3572f2dadeca89f06a17fd17a8f05f10e23aff09bfc7071d7b6d29e6238e5/ Discovered: 2025-03-15 10:23:47.937201 Published: 2025-03-15 10:22:41.152730 Description :Belarus has seen significant growth in its e-commerce sector, driven by increased internet penetration and smartphone usage. The total e-commerce market in Belarus is projected to continue expanding, with a focus on both B2C and B2B transactions.…
Read More

Victim: Indian military and government defense 20TB Country : Actor: babuk2 Source: http:/bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/blog/67f8d9ab763c7643085b2123508f6e46cc5d8319f906fd54b45439219b8ad67f/ Discovered: 2025-03-14 07:55:25.323579 Published: 2025-03-14 07:40:17.000000 Description : Here are some keypoints related to the Indian military and government defense: India has one of the largest standing armies in the world. The Indian Armed Forces consist of three branches: the Indian Army, Indian Navy, and Indian Air Force.…
Read More