Security News

At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat. The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks.

The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels.

Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research. Check Point Research also noted that around the same time that they observed the Twisted Panda attacks, another Chinese advanced persistent threat group Mustang Panda was observed exploiting the invasion of Ukraine to target Russian organizations.

Russia's banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Sberbank is Russia's largest financial company and the third-largest in Europe, with total assets counting over $570 billion.

A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. Russian threat analysts at Positive Technologies named the group "Space Pirates" due to their espionage operations focusing on stealing confidential information from companies in the aerospace field.

The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "Overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website.

Hackers continue to target Russia with cyberattacks, defacing Russian TV to show pro-Ukrainian messages and taking down the RuTube video streaming site. During the Russian President Putin's speech at today's "Victory Day" military parade, pro-Ukrainian hacking groups defaced the online Russian TV schedule page to display anti-war messages.

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat that's offered on sale for "Dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware , this remote access Trojan appears to be the work of a lone actor, offering a surprisingly effective homemade tool for opening backdoors on a budget," BlackBerry researchers said in a report shared with The Hacker News.

The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST, the two most important chip makers in Russia.

Threat analysts at the cybersecurity firm Mandiant have uncovered a new APT29 cyber attack once again aimed at diplomats and government agencies. APT29 is a cyber espionage group widely believed to be sponsored by the Russian Foreign Intelligence Service, the SVR. APT29 is also publicly referred to as Nobelium by Microsoft, Mandiant said.