Security News

The recently disclosed attack aimed at two websites pertaining to the San Francisco International Airport is the work of Russian hackers, ESET claims. In March, two SFO websites were found to have been compromised by hackers and injected with code designed to steal visitors' Windows login credentials.

The "Undeletable" xHelper malware - which ultimately results in the installation of the Triada trojan - has become a virulent scourge for Android devices this year, according to researcher analysis - bringing with it a hallmark of being virtually indestructible for the common user. According to analysis by Kaspersky, the latest sample of xHelper uses a Russian nesting-doll type architecture to worm its way into the heart of Android devices.

A huge BGP hijack by Russian state telecommunications provider Rostelecom diverted the traffic from more than 200 networks - including Google, Amazon, Facebook and Cloudflare - to Russian servers on April 1. Internet traffic routes are managed by the Border Gateway Protocol, which controls the way in which internet traffic moves from one autonomous system network to the next on its way to its destination.

Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited. According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 and Silence - the company previously found links between the two groups - targeted at least two pharmaceutical and manufacturing companies in Belgium and Germany in late January.

Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. In a statement released this week, the Russian Federal Security Service said 25 individuals were charged with circulating illegal means of payment in connection with some 90 websites that sold stolen credit card data.

The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal. For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.

The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, according to Trend Micro. A new report from the threat intel firm says that the Russian state-backed hacking outfit went on a spree of targeting defence firms in the Middle East back in May last year.

Facebook and Twitter revealed evidence Thursday suggesting that Russian efforts to interfere in the U.S. presidential election are getting more sophisticated and harder to detect. Facebook said the network of accounts it removed was in the "Early stages" of building an audience.

The US and UK governments have both accused Russia of launching a cyber attack against the Georgian government last year. The attacks, mounted on 28 October 2019, came from Russia's notorious GRU military intelligence unit, according to announcements from the US State Department and the UK's National Cyber Security Centre.

Russia is still using social media in a sustained campaign to dabble in US affairs, according to FBI director Chris Wray. Wray, speaking at a House Judiciary Hearing on FBI Oversight on Wednesday 5 February, said that Russia is still engaged in an "Information warfare" campaign against the US, according to a report by the Associated Press.