Security News

Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware. These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine.

In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. This discovery comes from cybersecurity firm Sekoia, which built upon previous findings of Google's TAG, which has been following Russian hackers closely this year.

"This system includes a web-based dashboard known as SANA that enables a user to formulate and deploy trending social media events en masse. The system creates these events that it refers to as Инфоповоды, 'newsbreaks,' utilizing the botnet as a geographically distributed transport." The existence of Fronton, an IoT botnet, became public knowledge following revelations from BBC Russia and ZDNet in March 2020 after a Russian hacker group known as Digital Revolution published documents that it claimed were obtained after breaking into a subcontractor to the FSB, the Federal Security Service of the Russian Federation.

At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat. The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks.

The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels.

Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research. Check Point Research also noted that around the same time that they observed the Twisted Panda attacks, another Chinese advanced persistent threat group Mustang Panda was observed exploiting the invasion of Ukraine to target Russian organizations.

Russia's banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Sberbank is Russia's largest financial company and the third-largest in Europe, with total assets counting over $570 billion.

A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. Russian threat analysts at Positive Technologies named the group "Space Pirates" due to their espionage operations focusing on stealing confidential information from companies in the aerospace field.

The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "Overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website.

Hackers continue to target Russia with cyberattacks, defacing Russian TV to show pro-Ukrainian messages and taking down the RuTube video streaming site. During the Russian President Putin's speech at today's "Victory Day" military parade, pro-Ukrainian hacking groups defaced the online Russian TV schedule page to display anti-war messages.