Security News

Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. "COLDRIVER presents these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target. When the user opens the benign PDF, the text appears encrypted," Google TAG said.

The UK National Cyber Security Centre and Microsoft warn that the Russian state-backed actor "Callisto Group" is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data. Today, the United Kingdom officially attributed attacks to Callisto that led to the leaking of UK-US trade documents, the 2018 hack of the UK think tank Institute for Statecraft, and more recently, the hack on StateCraft's founder Christopher Donnelly.

The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

Russia's internal security agency said today it had dismantled the REvil ransomware gang's networks and raided its operators' homes following arrests yesterday in Ukraine. Only yesterday five ransomware suspects were arrested in Ukraine, though their gang affiliations were not revealed by local police.

The Russian FSB has identified the entire criminal enterprise known as "REvil". Police raids on 25 addresses in at least Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk.

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in digital intrusions attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service. Calling the hacker group "An FSB special project, which specifically targeted Ukraine," the Security Service of Ukraine said the perpetrators "Are officers of the 'Crimean' FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.".

Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia's Federal Security Service. Calling the hacker group "An FSB special project, which specifically targeted Ukraine," the Security Service of Ukraine said the perpetrators "Are officers of the 'Crimean' FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.".

SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated under the FSB and is believed to be responsible for over 5,000 attacks in Ukraine since the operation began.