Security News

This included using email, OneDrive and other Microsoft cloud services accounts, as well as phony LinkedIn profiles that the criminals used to scope out employees who work for target organizations. In May, Google and Reuters attributed a hack-and-leak campaign to Coldriver, aka Seaborgium, in which the criminals leaked emails and documents reportedly stolen from high-level Brexit proponents, including former British spymaster Richard Dearlove.

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa.

The Microsoft Threat Intelligence Center has disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM that targets people and organizations in NATO countries. "Within the target countries, SEABORGIUM primarily focuses operations on defense and intelligence consulting companies, non-governmental organizations and intergovernmental organizations, think tanks, and higher education," explains Microsoft in a report released today.

Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country. Gamaredon is a group of Russian hackers believed to be part of the 18th Center of Information Security of the FSB, Russia's Federal Security Service.

The hacktivist attacks that have occurred during the ongoing war in Ukraine are setting a dangerous precedent for cyber norms - and infrastructure security, according to journalist and author Kim Zetter. Zetter, for her part, focused on Ukrainian hacktivists and sympathizers, possibly because Russia usually displays very little regard for international norms, cyber or otherwise.

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability in Windows.

Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely. According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.

Named "Torrents of Truth," the initiative is similar to "Call Russia," a project to help break through Russian propaganda and open people's eyes to what's happening in Ukraine. The initiative creates torrents that contain a text file with a list of credible news sources that Russians can trust and instructions on downloading and installing a VPN to secure anonymity from ISPs.

A team of Ukrainian cyber-activists has thought of a simple yet potentially effective way to spread uncensored information in Russia: bundling torrents with text and video files pretending to include installation instructions. The initiative creates torrents that contain a text file with a list of credible news sources that Russians can trust and instructions on downloading and installing a VPN to secure anonymity from ISPs.

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a.LNK files to other devices in the target network.