Security News

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globally spanning government, non-government organizations, IT services, technology, discrete manufacturing, and media sectors.

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks. These new domains were part of the 'onmicrosoft.com' domain, a legitimate Microsoft domain that is automatically used by Microsoft 365 for fallback purposes in case a custom domain is not created.

A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity...

A city court in Moscow on Wednesday convicted Group-IB co-founder and CEO Ilya Sachkov of "high treason" and jailed him for 14 years in a "strict regime colony" over accusations of passing...

Ukrainian cops have disrupted a massive bot farm with more than 100 operators allegedly spreading fake news about the Russian invasion, leaking personal information belonging to Ukrainian citizens, and instigating fraud schemes. "The Cyber Police established that the attackers used special equipment and software to register thousands of bot accounts in various social networks and subsequently launch advertisements that violated the norms and legislation of Ukraine," according to machine translation of the news alert issued by the police.

The Russian state-sponsored hacking group 'APT29' has been using unconventional lures like car listings to entice diplomats in Ukraine to click on malicious links that deliver malware. APT29 is linked to the Russian government's Foreign Intelligence Service and has been responsible for numerous cyberespionage campaigns targeting high-interest individuals across the globe.

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The group, which drew worldwide attention for the SolarWinds supply chain compromise in December 2020, has continued to rely on unseen tooling in its targeted attacks aimed at foreign ministries and diplomatic entities.

Three of them were exploited by Russian APT28 cyberspies to hack into Roundcube email servers belonging to Ukrainian government organizations. While the KEV catalog's primary focus is alerting federal agencies of exploited vulnerabilities that must be patched as soon as possible, it is also highly advised that private companies worldwide prioritize addressing these bugs.

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. In these attacks, the cyber-espionage group leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails that would exploit Roundcube Webmail vulnerabilities to hack into unpatched servers.

The U.S. Department of Justice on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. "Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware," the DoJ said.