Tag: russian

US disrupts AI-powered bot farm pushing Russian propaganda on X
News

US disrupts AI-powered bot farm pushing Russian propaganda on X

A collaborative international law enforcement operation headed by the U.S. Justice Department took down 1,000 Twitter accounts that were part of a huge bot farm that was propagating Russian misinformation, as well as the domains that were used to register the bots. The Russian FSB officer and the deputy editor-in-chief of Russia Today (RT), who organized and oversaw the bots' usage of Meliorator, an AI-enabled program, to distribute misinformation to Twitter users worldwide, have been behind the disinformation campaign since 2022. RT affiliates created social media profiles with an authentic appearance using Meliorator, impersonating people from all around the world. This was done to spread misinformation and undermine Russian influence on Twitter. Widespread information dissemin...
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
News

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

A cybercrime group known as ExCobalt has been targeting Russian organizations with a backdoor known as GoRed that is built on Golang and was previously undiscovered. According to a technical analysis released this week by Positive Technologies experts Vladislav Lunin and Alexander Badayev, "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang." The report focused on cyber intrigue. To steal money, Cobalt assaulted banking institutions. Using the CobInt tool was one of Cobalt's distinguishing features; ExCobalt started using it in 2022. Over the past year, the threat actor has targeted attacks on a number of Russian industries read more about ExCobalt Cyber Gang Targets Russian Sectors wit...
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
News

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Cyberattacks targeting Russian enterprises have been identified to distribute a Windows variant of a malware known as Decoy Dog. Under the moniker Operation Lahat, the cybersecurity firm Positive Technologies is monitoring the activity cluster and linking it to the HellHounds advanced persistent threat (APT) group. According to security analysts Stanislav Pyzhov and Aleksandr Grigorian, the Hellhounds group infiltrates the networks of the organizations they choose, becomes established there, and goes years without being discovered. The organization uses trusted relationships and vulnerable online services as their main compromise vectors read more Russian Power Companies IT Firms and Govt Agencies Hit by Decoy Dog Trojan. Get up to date on the latest cybersecurity news and enhanc...
Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
News

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

From at least mid-2022, a hitherto unreported "flexible" backdoor known as Kapeka has been "sporadically" seen in cyberattacks directed towards Eastern Europe, particularly Estonia and Ukraine. The malware was related to the Russia-affiliated advanced persistent threat (APT) organization identified as Sandworm (also known as APT44 or Seashell Blizzard), according to research by Finnish cybersecurity company WithSecure. The same malware is being monitored by Microsoft under the handle KnuckleTouch. According to security expert Mohammad Kazem Hassan Nejad, "the malware […] is a flexible backdoor with all the necessary functionalities to serve as an early-stage toolkit for its operators and also to provide long-term access to the victim estate." A dropper built into Kapeka is intend...
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
News

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

Three cryptocurrency exchanges have been sanctioned by the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury for providing services that help people get around economic sanctions placed on Russia after its invasion of Ukraine in early 2022. This comprises Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP), Bitpapa IC FZC LLC, and Crypto Explorer DMCC (AWEX). Thirteen organizations and two people working in the Russian financial services and technology industries are covered by the designations overall. The Treasury stated that a large number of the people and organizations designated today assisted in transactions or provided other services that allowed OFAC-designated entities to evade sanctions read more U.S....
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
News

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A fresh phishing attempt has been noticed, which uses a Microsoft Word document written in Russian to spread malware that can be used to obtain private data from Windows hosts that have been compromised. The activity is linked to a threat actor known as Konni, who is thought to have similarities with the North Korean cluster known as Kimsuky (also known as APT43). This campaign is based on a remote access trojan (RAT) that can be used to take control of compromised devices and extract data, according to an analysis released this week by Cara Lin, a researcher at Fortinet FortiGuard Labs. The cyber espionage group is well-known for its targeting of Russia, and their attack strategy involves using malicious documents read more Konni Group Using Russian-Language Malicious Word Docs ...
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
News

Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks

Targeting Ukrainian entities, Russian cyber espionage actors connected to the Federal Security Service (FSB) have been seen employing the USB propagating worm LitterDrifter in their operations. Gamaredon (also known as Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) was described by Check Point as a group that conducts large-scale campaigns that are preceded by "data collection efforts aimed at specific targets, whose selection is likely motivated by espionage goals." The two primary functions of the LitterDrifter worm are its ability to communicate with the threat actor's command-and-control (C&C) servers and to automatically propagate malware read more Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks. Get up to date...
U.S. Takes Down IPStorm Botnet Russian-Moldovan Mastermind Pleads Guilty
News

U.S. Takes Down IPStorm Botnet Russian-Moldovan Mastermind Pleads Guilty

On Tuesday, after the Russian and Moldovan nationals responsible for the operation entered a guilty plea, the US government declared that the IPStorm botnet proxy network and its supporting infrastructure had been taken down. "The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America," the Department of Justice (DoJ) stated in a press announcement. Sergei Makinin may spend up to 30 years in prison for creating and distributing the malicious software that thousands of internet-connected devices were infected read more U.S. Takes Down IPStorm Botnet Russian-Moldovan Mastermind Pleads Guilty. Get...
Russian state-owned Sberbank hit by 1 million RPS DDoS attack
News

Russian state-owned Sberbank hit by 1 million RPS DDoS attack

According to a press release from the Russian financial institution Sberbank, it was the target of the strongest distributed denial of service (DDoS) attack in recent memory two weeks ago. With nearly a third of all Russian assets, Sberbank is the largest institution in the country and a majority-owned banking and financial services company. After Russia invaded Ukraine, the bank was subject to international sanctions and blockades and was frequently targeted by hacktivists aligned with the west. According to Russian news agency Interfax, the attack was as high as one million requests per second (RPS), which is approximately four times more than the most potent DDoS that Sberbank had faced at the time read more Russian state-owned Sberbank hit by 1 million RPS DDoS attack. Get up...
France says Russian state hackers breached numerous critical networks
News

France says Russian state hackers breached numerous critical networks

Since the second part of 2021, the Russian hacking group APT28 (also known as "Strontium" or "Fancy Bear") has been focusing on French government agencies, corporations, academic institutions, research centers, and think tanks. The attack group was recently connected to the exploitation of two vulnerabilities: CVE-2023-23397, a zero-day privilege elevation weakness in Microsoft Outlook, and CVE-2023-38831, a remote code execution vulnerability in WinRAR. The threat group is thought to be a part of Russia's military intelligence service GRU. Russian hackers are no longer using backdoors to avoid detection; instead, they are infiltrating peripheral devices on vital networks belonging to French organizations read more France says Russian state hackers breached numerous critical network...