Security News

Russian national Anatoly Legkodymov pleaded guilty to operating the Bitzlato cryptocurrency exchange that helped ransomware gangs and other cybercriminals launder over $700 million. As a Bitzlato co-founder and principal stakeholder, Legkodymov has agreed to disband the cryptocurrency exchange and relinquish any rights to approximately $23 million in seized assets, as outlined in the plea agreement.

The UK National Cyber Security Centre and Microsoft warn that the Russian state-backed actor "Callisto Group" is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data. Today, the United Kingdom officially attributed attacks to Callisto that led to the leaking of UK-US trade documents, the 2018 hack of the UK think tank Institute for Statecraft, and more recently, the hack on StateCraft's founder Christopher Donnelly.

Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned. The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The tech giant also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks, including CVE-2023-38831 in WinRAR and CVE-2021-40444 in Windows MSHTML. Outlook flaw exploitation background.

A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40,...

Another member of the Trickbot malware crew now faces a lengthy prison sentence amid US law enforcement's ongoing search for its leading members. Russian national Vladimir Dunaev, 40, faces a maximum sentence of 35 years in prison for his involvement in the now-shuttered Trickbot malware, which was often used to deploy ransomware.

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for overseeing the civil aviation industry in Russia, keeping records of flight or emergency incidents.

Also: Qakbot on verge of permadeath, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month Infosec in Brief Cybercriminals working out of Russia go to great lengths...

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The...

NDSC says that the Russian hackers used a Ngrok free static domain to access the command and control server hosted on their Ngrok instance. A report from Google in October notes that the security issue was exploited by Russian and Chinese state hackers to steal credentials and other sensitive data, as well as to establish persistence on target systems.