Security News

Google's Threat Analysis Group, a team of security experts who defend Google users from state-sponsored attacks, has detected state hackers from several countries targeting the bug, including the Sandworm, APT28, and APT40 threat groups from Russia and China. In an early September attack, Russian Sandworm hackers delivered Rhadamanthys infostealer malware in phishing attacks using fake invitations to join a Ukrainian drone training school.

The agency states that the Russian hackers "Interfered" with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches. Sandworm is a very active espionage threat group linked to Russia's GRU. The attackers have focused on Ukraine throughout 2023, using phishing lures, Android malware, and data-wipers.

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from...

"Their primary objectives were to identify which evidence of Russian war crimes and exercise control over potential ground-deployed spies have our law enforcement teams," states the report [PDF], which was released on Monday. Intruders linked to Russia's Federal Security Service, Main Intelligence Directorate, and Foreign Intelligence Service also sought out material that could be used in criminal proceedings against Russian spies, other specific individuals, institutions, and organizations "Potentially leading to sanctions or other actions," the SSSCIP reports.

The Government of British Overseas Territory Bermuda has linked a cyberattack affecting all its departments' IT systems since Thursday to hackers based out of Russia. "The public is advised that the Government Is currently experiencing internet/email and phone service interruptions. All Departments are impacted," the Bermuda Government said.

A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed. "Probably more than obvious at this time, but the company and board have decided it is no longer right for us to sell or ship to Russian customers and risk that our displays will be used in devices that could put US or NATO forces in harm's way, or support Russia's unlawful invasion of Ukraine and its human rights abuse," a company exec said in an email to employees, which was quoted in the prosecution's court filings.

September 13th 2023 Hackers use new 3AM ransomware to save failed LockBit attack. A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The Washington Post reported that the Russian government is not a client of NSO Group, citing an unnamed person familiar with the company's operations.

Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday, for his involvement in a cyber-crime operation that stole top corporations' confidential financial information to make $93 million through insider trading. His alleged Russian co-conspirators, Ivan Ermakov and Nikolai Rumiantcev, remain at large.

Top admin, HR managers, devs go on transatlantic deny-list The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…