Security News

DDoS attacks against Russian firms have almost tripled in 2021
2021-10-20 17:47

A report analyzing data from the start of the year concludes that distributed denial-of-service attacks on Russian companies have increased 2.5 times compared to the same period last year. DDoS attacks are commonly used to extort victims with ransom demands or as a distraction for IT teams while hackers attempt to steal precious data from compromised systems.

Russian cybercrime gang targets finance firms with stealthy macros
2021-10-15 13:58

A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations. The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk.

Russian orgs heavily targeted by smaller tier ransomware gangs
2021-10-08 14:40

Even though American and European companies enjoy the lion's share of ransomware attacks launched from Russian ground, companies in the country aren't spared from having to deal with file encryption and double-extortion troubles of their own. The actors who trouble Russian and CIS-based companies in general though, aren't REvil, LockBit, DarkSide, and any of the more notorious groups that launch high-profile attacks on critical infrastructure targets.

Microsoft: Russian state hackers behind 53% of attacks on US govt agencies
2021-10-08 11:04

Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. "Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% - largely agencies involved in foreign policy, national security or defense," said Tom Burt, Microsoft's Corporate Vice President for Customer Security & Trust.

Google warns 14,000 Gmail users targeted by Russian hackers
2021-10-07 23:38

Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia. The campaign was detected in late September and accounts for a larger than usual batch of Government-Backed Attack notifications that Google sends to targeted users every month.

Russian spies reportedly used SolarWinds hack to steal US counterintelligence details
2021-10-07 19:30

Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation. The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.

New APT ChamelGang Targets Russian Energy, Aviation Orgs
2021-10-01 12:36

Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday. ChamelGang - like Nobelium and REvil before it - has hopped on the bandwagon of attacking the supply chain first to gain access to its ultimate target, they said.

Russian Turla APT Group Deploying New Backdoor on Targeted Systems
2021-09-27 21:14

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected.

Russian state hackers use new TinyTurla malware as secondary backdoor
2021-09-21 15:54

Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Named TinyTurla due to its limited functionality and uncomplicated coding style, the backdoor could also be used as a stealthy second-stage malware dropper.

Yandex is battling the largest DDoS in Russian Internet history
2021-09-09 06:26

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service attack that started last week and reportedly continues this week. A report in Russian media says that the assault is the largest in the short history of the Russian internet, the RuNet, and that it was confirmed by a U.S.-based company.