Tag: RUSSIA

Summary: This report examines the threat posed by Russia-linked advanced persistent threat (APT) groups on operational technology (OT) by analyzing key cyber attacks from the past 12 months, providing detection rules and recommendations for network defenders.

Threat Actor: Russia-linked APT groups | Russia-linked APT groups Victim: Various industries and specifically a manufacturing industry customer | manufacturing industry

Key Points:

This report analyzes cyber attacks conducted by Russia-linked APT groups on operational technology (OT) in the past year, providing useful detection rules and recommendations for network defenders.…
Read More

ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past activities, we attribute these compromises to the infamous Russia-aligned cyberespionage group Turla, with medium confidence.…

Read More

Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help civil society organizations mitigate cyber threats, particularly those posed by state-sponsored actors from nations like Russia, China, Iran, and North Korea.

Threat Actor: State-sponsored actors | state-sponsored actors Victim: Civil society organizations | civil society organizations

Key Point :

The guide, titled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” provides actionable steps for civil society organizations to enhance their cybersecurity defenses.…
Read More

Summary: This post examines the activities of Dmitry Yuryevich Khoroshev, the alleged leader of the LockBit ransomware group, who has been charged by the United States, United Kingdom, and Australia for his involvement in cybercrimes.

Threat Actor: Dmitry Yuryevich Khoroshev | Dmitry Yuryevich Khoroshev Victim: Various organizations | LockBit ransomware victims

Key Point :

Dmitry Yuryevich Khoroshev has been indicted on 26 criminal counts, including extortion, wire fraud, and conspiracy, for allegedly creating, selling, and using the LockBit ransomware to extort over $100 million from victim organizations.…
Read More

Summary: Russian-aligned hackers hijacked Ukrainian television channels to broadcast a Victory Day parade in Moscow, marking an act of aggression in the ongoing information war against Ukraine.

Threat Actor: Russia | Russia Victim: Ukrainian television channels owned by Starlight Media | Starlight Media

Key Point :

Russian-aligned hackers took control of Ukrainian television channels to broadcast a Victory Day parade in Moscow, as part of the ongoing information war against Ukraine.…
Read More

This report was originally published for our customers on 2 May 2024.

As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential exploitations.

Table of contentsIntroduction

Recently, our team observed an incident involving our MS-SQL (Microsoft SQL) honeypot.…

Read More

Threat Actor: HackNeT and Cyber Army of Russia | HackNeT and Cyber Army of Russia Victim: Fremantle Ports, Sydney Opera House, AuditCo | Fremantle Ports, Sydney Opera House, AuditCo Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

The DDoS attacks are targeted at prominent Australian websites including Fremantle Ports, Sydney Opera House, and AuditCo.…
Read More

Summary: The Library of Congress was targeted in a cyberattack, but the hackers were unable to access the library’s systems due to multifactor authentication and quick response from IT staff.

Threat Actor: Rhysida ransomware gang | Rhysida ransomware gang Victim: The Library of Congress | Library of Congress

Key Point :

The Library of Congress was targeted in a cyberattack, but the hackers failed to access the library’s systems due to multifactor authentication.…
Read More

In early March 2024, Insikt Group identified a malign influence network, CopyCop, skillfully leveraging inauthentic media outlets in the US, UK, and France. This network is suspected to be operated from Russia and is likely aligned with the Russian government. CopyCop extensively used generative AI to plagiarize and modify content from legitimate media sources to tailor political messages with specific biases.…

Read More

Summary: The FBI, UK National Crime Agency, and Europol have identified and sanctioned the admin of the LockBit ransomware operation, Dmitry Yuryevich Khoroshev, a Russian national.

Threat Actor: LockBit ransomware operation | LockBit Victim: N/A

Key Point :

The admin of the LockBit ransomware operation, Dmitry Yuryevich Khoroshev, has been identified and sanctioned by law enforcement agencies.…
Read More

Summary: Germany has recalled its ambassador to Russia following alleged Moscow-backed cyberattacks targeting the country’s defense, aerospace, and IT companies, as well as the German Social Democratic Party.

Threat Actor: Russia | Russia Victim: Germany | Germany

Key Point :

Germany has recalled its ambassador to Russia in response to alleged cyberattacks on its defense, aerospace, IT companies, and the German Social Democratic Party.…
Read More

Summary: A Russian operator of the virtual currency exchange BTC-e, Alexander Vinnik, pleaded guilty to participating in a money laundering scheme, which involved processing over $9 billion in transactions and serving over a million users worldwide.

Threat Actor: Alexander Vinnik | Alexander Vinnik Victim: BTC-e | BTC-e

Key Point :

Alexander Vinnik operated BTC-e from 2011 to 2017, processing over $9 billion in transactions and serving over a million users worldwide.…
Read More

Summary: The U.S. State Department will announce a new strategy to combat nation-state cyberthreats and promote international cooperation in cyberspace, while also addressing the risks of generative artificial intelligence systems.

Threat Actor: N/A Victim: N/A

Key Point :

The U.S. State Department will engage international partners, build coalitions, and develop new capabilities to aid allies in cyberspace.…
Read More

Summary: NATO and the European Union condemn cyber espionage operations conducted by the Russia-linked threat actor APT28 against European countries.

Threat Actor: APT28 | APT28 Victim: European countries | European countries

Key Point:

NATO and the European Union have condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 against European countries.…
Read More

Summary: This content discusses a cyberwarfare and nation-state attack carried out by APT28, targeting political parties and critical infrastructure in Germany and the Czech Republic.

Threat Actor: APT28 | APT28 Victim: German and Czech governments | German and Czech governments

Key Point :

The German and Czech governments have revealed that Russian military intelligence hackers, known as APT28, conducted a cyber espionage campaign targeting political parties and critical infrastructure.…
Read More

Summary: This content discusses the ongoing activity of the Moobot botnet, which is associated with the APT28 group and used by cyber criminal organizations. It also highlights the use of compromised Ubiquiti EdgeRouters by Russia-linked threat actors to evade detection in cyber operations worldwide.

Threat Actor: APT28 | APT28 Victim: Various organizations | Moobot botnet victim

Key Point :

The Moobot botnet, associated with the APT28 group, is still active and being used by cyber criminal organizations.…
Read More