Tag: RUSSIA

GZR Observer Daily, Feb 15, 2025
The article discusses China’s expanding influence in the Pacific region through multiple cooperation agreements with the Cook Islands. It also highlights various geopolitical issues, economic developments, and cybersecurity threats faced by different countries, emphasizing the complex international landscape. Affected: Cook Islands, China, U.S., Ukraine, Sudan, Hong Kong, Russia, organizations using SonicWall and Palo Alto Networks firewalls

Keypoints :

China signed multiple cooperation agreements with the Cook Islands to strengthen its economic presence in the Pacific.…
Read More
Sweden’s PM on suspected cable sabotage: ‘We don’t believe random things suddenly happen quite often’
Summary: Sweden’s Prime Minister Ulf Kristersson expressed concerns over a series of submarine cable cuts in the Baltic Sea, suggesting potential sabotage amidst a backdrop of geopolitical tensions, particularly involving Russia. He highlighted investigations that indicate a combination of weather and human error but noted the unusual frequency of such incidents raises suspicions.…
Read More
[Law] The US, UK, Australia take action against Russia-based BPH provider Zservers over LockBit ransomware attacks
Summary: The US, UK, and Australia have implemented sanctions against Zservers, a Russian bulletproof hosting provider involved in ransomware activities, targeting key individuals linked to the company. Additionally, a US citizen has pleaded guilty to charges related to a scheme that funneled over million to North Korea through identity theft and fraudulent employment practices.…
Read More
Telegram Abused as C2 Channel for New Golang Backdoor
This article details the discovery of a new Go backdoor malware suspected to originate from Russia. Utilizing Telegram as its command and control (C2) channel, the malware is fully functional albeit still under development. Its design complicates detection as it masquerades as legitimate API communications through cloud applications, exemplifying challenges faced by cybersecurity defenders.…
Read More
Failed Ukraine would weaken both US and Europe, says EU chief von der Leyen
Summary: European Commission President Ursula von der Leyen emphasized at the Munich Security Conference that a lasting peace in Ukraine is crucial for both the EU and the U.S. Amidst mixed messages from U.S. officials regarding the conflict, Ukraine’s President Volodymyr Zelensky expressed the need for robust security guarantees while seeking peace through dialogue.…
Read More
Dark Web Profile: Fog Ransomware
Fog Ransomware, detected in May 2024, primarily targets educational institutions in the US, employing a double extortion tactic. It utilizes a TOR-based data leak site to pressure victims into compliance by threatening to release stolen data if ransoms are not paid. The operational structure behind Fog remains unclear, emphasizing the model of varied affiliates over unified groups.…
Read More
Ukraine struggles to counter Russian disinfo without US support, local cyber official says
Summary: U.S. foreign aid freezes and shifts in disinformation countermeasures are leaving European nations, especially Ukraine, vulnerable to Russian influence operations, according to Ukrainian security officials. With dwindling support for cybersecurity and independent media projects, the situation raises alarms about increasing Russian propaganda and misinformation strategies across Europe.…
Read More
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Microsoft has revealed insights into a subgroup of the Russian state actor Seashell Blizzard, known for its “BadPilot campaign.” This group has been active since at least 2021 and utilizes a variety of opportunistic access techniques to compromise global infrastructure, primarily focusing on sensitive sectors such as energy and telecommunications.…
Read More
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Volexity has reported multiple Russian threat actors conducting social-engineering and spear-phishing campaigns aimed at compromising Microsoft 365 accounts through Device Code Authentication phishing. These campaigns have political themes, targeting various governmental and institutional entities. Users may not recognize the atypical workflow as phishing, leading to successful compromises.…
Read More
Google Hub in Poland to Develop AI Use in Energy and Cybersecurity Sectors
Summary: Google and Poland signed a memorandum to boost artificial intelligence in critical sectors like energy and cybersecurity while expanding Google’s operations in the country. This collaboration aims to enhance Poland’s security and economic growth, amidst ongoing cyber threats. Additionally, Google will invest million over five years to improve digital skills for approximately 1 million young Poles.…
Read More
Sandworm APT Attacks Detection: Russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine – SOC Prime
The Sandworm APT group, linked to Russian military intelligence, has ramped up cyber-espionage attacks against Ukrainian organizations, focusing on critical infrastructure and state bodies since the full-scale invasion in 2022. The group employs trojanized Microsoft KMS activators and fake Windows updates to infect systems with various malware, including Dark Crystal RAT.…
Read More
Cybercrime evolving into national security threat: Google
Summary: Google warns that cybercrime has become a national security threat and is increasingly linked to state-backed attacks, as shown in a report released prior to the Munich Security Conference. The research highlights a significant rise in financially motivated cyber intrusions while emphasizing the need for international cooperation to address the intertwined nature of cybercrime and state-sponsored hacking.…
Read More
Subgroup of Russia’s Sandworm compromising US and European organizations, Microsoft says
Summary: A subgroup of the Russian hacking group Sandworm has conducted a multi-year campaign targeting critical infrastructure in the U.S. and Europe, aiming to gain initial access to strategic organizations across various sectors. Microsoft warns that this group’s activities support Russia’s military objectives and pose significant risks to global security.…
Read More
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
Summary: The US, alongside Australia and the UK, has sanctioned Zservers, a Russia-based bulletproof hosting service, for facilitating LockBit ransomware attacks. This action is part of ongoing international efforts to dismantle the LockBit cybercriminal organization and disrupt its operations. The sanctions aim to impede ransomware activities by targeting the infrastructure that enables such attacks.…
Read More
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
Summary: A subgroup of the Russian hacking group Sandworm, known as Seashell Blizzard, has expanded its global operations through a multi-year initiative called BadPilot, targeting various sectors and regions worldwide. This group has utilized advanced malware and exploits to compromise sensitive infrastructure, supporting espionage and geopolitical objectives, particularly in relation to the Russo-Ukrainian war.…
Read More
Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft
Summary: Microsoft reports that the Russia-linked threat actor Seashell Blizzard has intensified its operations through a subgroup focusing on initial access and long-term persistence in various organizations. This group, active since at least 2021, has employed a range of vulnerabilities to target critical infrastructure and military entities, particularly in Ukraine, while also expanding efforts to include targets in the US and UK.…
Read More