Security News

The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance. In a joint advisory issued Tuesday, the UK National Cyber Security Centre, the NSA, America's Cybersecurity and Infrastructure Security Agency and the FBI provided details about how Russia's APT28 - aka FancyBear and Stronium - exploited an old vulnerability in unpatched Cisco routers in 2021 to collect network information belonging to European and US government organizations, and about 250 Ukrainian victims.

Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service, to widespread attacks targeting NATO and European Union countries. The attackers have targeted diplomatic personnel using spear phishing emails impersonating European countries' embassies with links to malicious websites or attachments designed to deploy malware via ISO, IMG, and ZIP files.

An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. Court documents allege that Shevlyakov operated front companies that were used to import sensitive electronics from U.S. manufacturers.

Thousands of pages of secret documents reveal how Vulkan's engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company's work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia's foreign intelligence organisation.

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions. While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.

Microsoft on Friday shared guidance to help customers discover indicators of compromise associated with a recently patched Outlook vulnerability.Tracked as CVE-2023-23397, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager hashes and stage a relay attack without requiring any user interaction.

Threat activity clusters affiliated with the Chinese and Russian cybercriminal ecosystems have been observed using a new piece of malware that's designed to load Cobalt Strike onto infected machines. The development comes as improved detection capabilities against Cobalt Strike, a legitimate post-exploitation tool used for red team operations, is forcing threat actors to seek alternative options or concoct new ways to propagate the framework to evade detection.

"The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client," Microsoft explained. While Microsoft doesn't provide any details about what kind of nefarious deeds attackers are doing after exploiting the bug - or how widespread attacks are - Zero Day Initiative's Dustin Childs advises: "Definitely test and deploy this fix quickly."

Microsoft has patched an Outlook zero-day vulnerability exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. Microsoft shared this info in a private threat analytics report seen by BleepingComputer and available to customers with Microsoft 365 Defender, Microsoft Defender for Business, or Microsoft Defender for Endpoint Plan 2 subscriptions.

GSC Game World, the developer of the highly-anticipated 'STALKER 2: Heart of Chornobyl' game, warned their systems were breached, allowing threat actors to steal game assets during the attack. The Ukrainian game publisher says that a "Community from a Russian social network" was behind the attack and is blackmailing the company by threatening to release data for Stalker 2, which is expected to be released later this year.