The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023.
The agency is tracking the activity under the name UAC-0165, stating the intrusions led to service interruptions for customers.
The starting point of the attacks is a reconnaissance phase in
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin.
"Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country.
The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain.
βVisiting the link will download a ZIP archive containing three JPG images (
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors.
The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware calledΒ Duke, which has been attributed toΒ APT29Β (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,
A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities.
Cybersecurity firm Recorded FutureΒ linked the revamped infrastructure to a threat actor it tracks under the nameΒ BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto,
The Russian nation-state actor known asΒ BlueBravoΒ has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in
The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor calledΒ DeliveryCheckΒ (aka CAPIBAR or GAMEDAY) that's capable of delivering next-stage payloads.
The Microsoft threat intelligence team, inΒ collaborationΒ with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known asΒ Turla, which is
The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise.
"As a vector of primary compromise, for the most part, emails and messages in messengers (Telegram, WhatsApp, Signal) are used, in most cases, using previously compromised accounts," the Computer Emergency Response Team of Ukraine (CERT-UA)Β saidΒ in
Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
The intrusions,Β which make use of residential proxy services to obfuscate the source IP address of the attacks, target governments, IT service providers, NGOs, defense, and critical manufacturing sectors, the tech giant's threat
A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against "thousands of victims" in the country and across the world.
Mikhail Pavlovich MatveevΒ (akaΒ Wazawaka, m1x, Boriselcin, and Uhodiransomwar), the 30-year-old individual in question, is alleged to be a "central figure" in the development and deployment ofΒ LockBit,Β Babuk,
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA).
The emails, per theΒ agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is aΒ polyglot fileΒ containing a decoy document and a JavaScript file.
The
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal.
"Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan KwiatkowskiΒ saidΒ in an analysis published today. "The threat actor targets government and
Elite hackers associated withΒ Russia's military intelligence serviceΒ have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war.
Google's Threat Analysis Group (TAG), which isΒ monitoringΒ the activities of the actor under the nameΒ FROZENLAKE, said theΒ attacksΒ continueΒ the "group's 2022 focus
The Russia-linkedΒ APT29Β (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa.
According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as
Login
FreshRSS