Security News

A US federal jury in Boston on Tuesday found Vladislav Klyushin - who owned an IT biz based in Moscow called M-13 - guilty of wire and securities fraud and conspiracy after two weeks of testimony and ten hours of deliberations. Prosecutors in the case argued that Klyushin and four others broke into the networks of Donnelley Financial Solutions and Toppan Merrill, through which publicly traded entities electronically file their quarterly earnings reports with America's financial watchdog, the Securities and Exchange Commission.

"Current members of the TrickBot group are associated with Russian Intelligence Services," the U.S. Treasury Department noted. "The TrickBot group's preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services."

The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan. Conti and Ryuk ransomware extorted at least £27 million from 149 UK individuals and businesses, according to the government's estimate.

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine as UAC-0056.

The Russian hacking group known as 'Nodaria' is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations. Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through mid-January 2023.

A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. "Between at least August 2018 and August 2021, Dubnikov and his co-conspirators laundered the proceeds of Ryuk ransomware attacks on individuals and organizations throughout the United States and abroad," the Department of Justice said.

Russian citizen Denis Mihaqlovic Dubnikov pleaded guilty on Tuesday to laundering money for the notorious Ryuk ransomware group for over three years. The guilty plea comes after Dubnikov was arrested in Amsterdam in November 2021 and extradited to the United States in August 2022.

The State Cyber Protection Centre of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. All the analyzed VBScript droppers and PowerShell scripts, per SCPC, are variants of GammaLoad and GammaSteel malware, respectively, effectively permitting the adversary to exfiltrate sensitive information.

In brief Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country's plan to send tanks to Ukraine. Germany announced the transfer of 14 Leopard 2 A6 tanks to Ukraine on Wednesday, jointly with the US saying it would send 31 M1 Abrams tanks to the besieged nation.

The U.K. National Cyber Security Centre on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations. The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles.