Security News

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for overseeing the civil aviation industry in Russia, keeping records of flight or emergency incidents.

Also: Qakbot on verge of permadeath, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month Infosec in Brief Cybercriminals working out of Russia go to great lengths...

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The...

NDSC says that the Russian hackers used a Ngrok free static domain to access the command and control server hosted on their Ngrok instance. A report from Google in October notes that the security issue was exploited by Russian and Chinese state hackers to steal credentials and other sensitive data, as well as to establish persistence on target systems.

Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities....

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation...

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty. "The...

The FBI says it has dismantled another botnet and collared its operator, who admitted hijacking tens of thousands of machines around the world to create his network of nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in Florida in January and sent to Puerto Rico, where he pleaded guilty [PDF] in September, details of which were only publicized today by the US Department of Justice.

Mandiant, a cybersecurity company owned by Google, has revealed the details of a 2022 cyberattack run by Russian threat actor Sandworm. The threat group then accessed the OT environment "Through a hypervisor that hosted a Supervisory Control And Data Acquisition management instance for the victim's substation environment," according to Mandiant researchers, who stated the attacker potentially had access to the SCADA system for up to three months.

The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. "The actor first used OT-level living-off-the-land techniques to likely trip the victim's substation circuit breakers, causing an unplanned power outage that coincided with mass missile strikes on critical infrastructure across Ukraine," the company said.