Security News

Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to...

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in...

In January 2024, an operation dismantled a network of hundreds of SOHO routers controlled by GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit. The Department's court-authorized operation leveraged the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Then the GRU spying team used Moobot to install their own bespoke scripts and files that repurposed the botnet, thus "Turning it into a global cyber espionage platform," according to the Feds.

Last night's launch of six Pentagon missile-detection satellites was well timed as fears mount that Russia is considering putting nuclear weapons into space. The US Department of Defense confirmed its payload included two satellites for the Missile Defense Agency's Hypersonic and Ballistic Tracking Space Sensor, and the final four Tranche 0 satellites for the Space Development Agency's Proliferated Warfighter Space Architecture communications constellation.

The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. This network of hundreds of Ubiquiti Edge OS routers infected with Moobot malware was controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit.

The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. Subsequently, the GRU hackers leveraged the Moobot malware to deploy their own custom malicious tools, effectively repurposing the botnet into a cyber espionage tool with global reach.

The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in...

Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The...

Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication enabled. On Thursday, Redmond admitted Midnight Blizzard - a Moscow-supported espionage team also known as APT29 or Cozy Bear - "Utilized password spray attacks that successfully compromised a legacy, non-production test tenant account that did not have multifactor authentication enabled."