Security News

A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "Initial access broker" from February 2019 to May 2024. An initial access broker is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks.

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. The pieces of malware have been used to breach the Ministry of Foreign Affairs of a European country with diplomatic missions in the Middle East and have been active since at least 2020. Researchers at cybersecurity company ESET believe that the backdoors may be connected to the Russian state-sponsored hacker group Turla, although attribution has medium confidence at this point.

Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident Response Team and CERT Polska, Russian APT28 state hackers attacked multiple government institutions in a large-scale phishing campaign.

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich...

Russian national Dmitry Khoroshev is "LockBitSupp", the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and Australia law enforcement agencies. In February 2024, the UK National Crime Agency took over LockBit's leak site and claimed to have infiltrated the group's network, obtained the LockBit platform's source code, as well as intelligence about its affiliates and victims.

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken...

The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology systems used to disrupt critical infrastructure operations. Water plants use OT devices to manage water treatment, distribution, and pressure to provide a continuous and safe water supply.

For nearly four years and perhaps even longer, Forest Blizzard has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service. Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more.

Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team. The attacks occurred in March and in some cases the hackers were able to infiltrate the targeted network by poisoning the supply chain to deliver compromised or vulnerable software, or through the software provider's ability to access organization's systems for maintainance and technical suport.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.