Russia

Pierluigi Paganini April 21, 2023
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency

Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL. Europe’s air-traffic control agency EUROCONTROL announced that it was under attack from pro-Russian hackers. The European Organisation for the Safety of Air Navigation pointed out that the attack had no impact on European air traffic control activities. “Since 19 April, the EUROCONTROL […]

Pierluigi Paganini April 19, 2023
US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. Russia-linked APT28 group accesses unpatched Cisco routers to deploy malware exploiting the not patched CVE-2017-6742 vulnerability (CVSS score: 8.8), states a joint report published by the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure […]

Pierluigi Paganini April 13, 2023
The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Poland intelligence linked the Russian APT29 group to a series of attacks targeting NATO and European Union countries. Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes). APT29 along with APT28 cyber espionage group […]

Pierluigi Paganini April 02, 2023
Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Files leaked by Russian IT contractor NTC Vulkan show that Russia-linked Sandworm APT requested it to develop offensive tools. Documents leaked from Russian IT contractor NTC Vulkan show it was likely involved in the development of offensive tools. The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm. The Sandworm group […]

Pierluigi Paganini March 31, 2023
Russian APT group Winter Vivern targets email portals of NATO and diplomats

Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. A Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 […]

Pierluigi Paganini March 21, 2023
New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict

Threat actors are targeting organizations located in Donetsk, Lugansk, and Crimea with a previously undetected framework dubbed CommonMagic. In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. Researchers believe that threat actors use spear […]

Pierluigi Paganini March 16, 2023
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine

Russia-linked threat actors targeted at least 17 European nations in 2023, and 74 countries since the start of the invasion of Ukraine. Microsoft revealed that Russia-linked threat actors targeted at least 17 European nations between January and mid-February 2023. According to a report published by the IT giant, the state-sponsored hackers have targeted 74 countries […]

Pierluigi Paganini March 16, 2023
Polish intelligence dismantled a network of Russian spies

Polish intelligence dismantled a cell of Russian spies that gathered info on military equipment deliveries to Ukraine via the EU member. Polish counter-intelligence has dismantled a cell of Russian spies that gathered information on the provisioning of military equipment to Ukraine via the EU member. “The ABW counter-intelligence agency has arrested nine people suspected of […]

Pierluigi Paganini March 15, 2023
Russia-linked APT29 abuses EU information exchange systems in recent attacks

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group, Cozy Bear, Nobelium, and The Dukes) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. In early March, BlackBerry researchers uncovered a new cyber espionage campaign aimed at EU […]

Pierluigi Paganini February 24, 2023
CISA warns of disruptive attacks amid the anniversary of Russia’s invasion of Ukraine

One year after Russia’s invasion of Ukraine, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations to increase vigilance. Exactly one year, Russia invaded Ukraine, and now one year later the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase vigilance. The US agency warns that the United States […]