Security News

Russian Foreign Intelligence Service operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks. In a third advisory issued on April 26, the FBI, DHS, and CIA warned of continued attacks coordinated by the Russian SVR against the US and foreign organizations.

VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies.

The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. Evil Corp is allegedly run by Russian nationals Maksim Yakubets and Igor Turashev, who were charged by the United States in 2019.

A previously undocumented backdoor malware, dubbed PortDoor, is being used by a probable Chinese advanced persistent threat actor to target the Russian defense sector, according to researchers. The malware then creates an additional file in %temp% with the hardcoded name "58097616.tmp" and writes the GetTickCount value multiplied by a random number to it: "This can be used as an additional identifier for the target, and also as a placeholder for the previous presence of this malware," researchers explained.

Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored. One sample was found dropping previously unknown malware, that the Cybereason researchers have now called PortDoor.

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. Threat researchers at Cybereason Nocturnus found that the attacker lured the recipient to open the malicious document with a general description for an autonomous underwater vehicle.

The U.S. Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, and the Federal Bureau of Investigation on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures adopted by the Russian Foreign Intelligence Service in its attacks targeting the U.S and foreign entities. By employing "Stealthy intrusion tradecraft within compromised networks," the intelligence agencies said, "The SVR activity-which includes the recent SolarWinds Orion supply chain compromise-primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information."

The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service via the cyber actor known as APT 29. The new advisory, provides "Information on the SVR's cyber tools, targets, techniques, and capabilities to aid organizations in conducting their own investigations and securing their networks." Noticeably, the advisory uses the term SVR and APT 29 indistinguishably throughout, indicating that it sees no difference between the cyber actor and the Russian intelligence agency.

The FBI, the US Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency warned today of continued attacks coordinated by the Russian Foreign Intelligence Service against US and foreign organizations. With access to the administrative account, the actors modified permissions of specific e-mail accounts on the network, allowing any authenticated network user to read those accounts.

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "Access to classified or sensitive information" being targeted by Britain's enemies.