Security News

CISA orders govt agencies to patch bugs exploited by Russian hackers
2023-06-22 19:04

Three of them were exploited by Russian APT28 cyberspies to hack into Roundcube email servers belonging to Ukrainian government organizations. While the KEV catalog's primary focus is alerting federal agencies of exploited vulnerabilities that must be patched as soon as possible, it is also highly advised that private companies worldwide prioritize addressing these bugs.

Russian APT28 hackers breach Ukrainian govt email servers
2023-06-20 13:00

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. In these attacks, the cyber-espionage group leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails that would exploit Roundcube Webmail vulnerabilities to hack into unpatched servers.

20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
2023-06-16 08:02

The U.S. Department of Justice on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. "Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware," the DoJ said.

Russian hackers use PowerShell USB malware to drop backdoors
2023-06-15 10:00

Symantec's threat research team, part of Broadcom, reports today that the threat actors have recently begun using USB malware to propagate to additional systems inside infected networks. Symantec's analysts report that Gamaredon's 2023 activity spiked between February and March 2023, while the hackers continued to maintain a presence on some compromised machines until May 2023.

Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent
2023-06-15 09:00

Microsoft on Wednesday took the lid off a "Novel and distinct Russian threat actor," which it said is linked to the General Staff Main Intelligence Directorate and has a "Relatively low success rate." The tech giant's Threat Intelligence team, which was previously tracking the group under its emerging moniker DEV-0586, has graduated it to a named actor dubbed Cadet Blizzard.

WannaCry ransomware impersonator targets Russian "Enlisted" FPS players
2023-06-14 21:36

A ransomware operation targets Russian players of the Enlisted multiplayer first-person shooter, using a fake website to spread trojanized versions of the game. Enlisted is a legitimate game published by Gaijin Entertainment in 2021, having between 500,000 and a million active monthly players.

Fake WannaCry ransomware targets Russian "Enlisted" FPS players
2023-06-14 21:36

A ransomware operation targets Russian players of the Enlisted multiplayer first-person shooter, using a fake website to spread trojanized versions of the game. Enlisted is a legitimate game published by Gaijin Entertainment in 2021, having between 500,000 and a million active monthly players.

Microsoft links data wiping attacks to new Russian GRU hacking group
2023-06-14 17:27

Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia's Main Directorate of the General Staff of the Armed Forces. The company previously connected this new GRU hacking group with the destructive WhisperGate data-wiping attacks in Ukraine that started on January 13, 2022, more than a month before the Russian invasion of Ukraine in February 2022.

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack
2023-06-13 10:39

The U.S. Department of Justice has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through at least May 2014 as a result of unauthorized access to a server holding crypto wallets used by Mt. Gox customers.

Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse
2023-06-12 23:23

American prosecutors have unsealed an indictment against two Russians who allegedly had a hand in the ransacking and collapse of Mt Gox a decade ago, an implosion that cost the cryptocurrency exchange's thousands of customers most of their digital coins. Bilyuchenko and Aleksandr Verner, 29, were charged with conspiring to launder about 647,000 Bitcoins stolen from Mt Gox starting in 2011, fueling the exchange's eventual collapse in 2014.