Russia

Pierluigi Paganini September 28, 2022
APT28 relies on PowerPoint Mouseover to deliver Graphite malware

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. Cluster25 researchers were analyzing a lure PowerPoint document used to deliver a variant of Graphite malware, which is known to be used […]

Pierluigi Paganini September 28, 2022
Meta dismantled the largest Russian network since the war in Ukraine began

Meta dismantled a network of Facebook and Instagram accounts spreading disinformation across European countries. Meta announced to have taken down a huge Russian network of Facebook and Instagram accounts used to spread disinformation published on more than 60 websites impersonating news organizations across Europe. The disinformation operation began in May 2022, the network targeted primarily […]

Pierluigi Paganini September 27, 2022
Mandiant identifies 3 hacktivist groups working in support of Russia

Researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the GRU. Mandiant researchers are tracking multiple self-proclaimed hacktivist groups working in support of Russia, and identified 3 groups linked to the Russian Main Intelligence Directorate (GRU). The experts assess with moderate confidence that moderators of the […]

Pierluigi Paganini September 26, 2022
Russia prepares massive cyberattacks on the critical infrastructure of Ukraine and its allies

The Ukrainian military intelligence warns that Russia is planning to escalate cyberattacks targeting Ukraine and Western allies. The Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR MO) warns that Russia is planning to escalate cyberattacks targeting the critical infrastructure of Ukraine and western countries. According to the Ukrainian military intelligence service, […]

Pierluigi Paganini September 20, 2022
Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Multiple security firms have reported that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet like Cyclops […]

Pierluigi Paganini September 15, 2022
Russia-linked Gamaredon APT target Ukraine with a new info-stealer

Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) is targeting employees of the Ukrainian government, defense, and law enforcement agencies with a piece of a custom-made information stealer implant. The malicious code was designed to […]

Pierluigi Paganini September 13, 2022
Montenegro and its allies are working to recover from the massive cyber attack

A massive cyberattack hit Montenegro, officials believe that it was launched by pro-Russian hackers and the security services of Moscow. A massive cyberattack hit Montenegro, the offensive forced government headquarters to disconnect the systems from the Internet. The attack started on August 20 and impacted online government information platforms. According to the media, the critical […]

Pierluigi Paganini September 01, 2022
FBI is helping Montenegro in investigating the ongoing cyberattack

A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive cyberattack. A team of cybersecurity experts from the FBI is heading to Montenegro to help local authorities in investigating the recent massive cyber attack that hit the government infrastructure last week. “This is another confirmation […]

Pierluigi Paganini August 19, 2022
Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users

Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka APT29, CozyDuke, and Nobelium), has targeted Microsoft 365 accounts in espionage campaigns. The experts pointed out that APT29 devised new advanced tactics, techniques, and procedures to evade detection. […]

Pierluigi Paganini August 19, 2022
Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector. The Pro-Russia hacker […]