Security News
Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns - dubbed River of Phish - has been attributed to COLDRIVER, an adversarial collective with ties to Russia's Federal Security Service, the second set of attacks have been deemed the work of a previously undocumented threat cluster codenamed COLDWASTREL. Targets of the campaigns also included prominent Russian opposition figures-in-exile, officials and academics in the US think tank and policy space, and a former U.S. ambassador to Ukraine, according to a joint investigation from Access Now and the Citizen Lab.
Cyber-spies suspected of connections with China have infected "Dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky. The Russia-based security biz claimed the malware used in the ongoing, targeted attacks - dubbed EastWind - has links to two China-nexus groups tracked as APT27 and APT31.
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of...
Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish Russia's Federal Security Service (FSB) cyberspies, joined by a new digital snooping crew, have been conducting a massive...
Google is notifying Russian YouTubers, bloggers, and publishers that their Adsense accounts are being deactivated and can no longer be used for advertising. [...]
A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the...
A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. [...]
In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. U.S. President Joe Biden called the deal a "Feat of diplomacy," adding "Some of these women and men have been unjustly held for years." Other nations that played a role in the swap include Poland and Turkey.
The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. [...]
Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. "Russian-speaking threat actors from across the former Soviet Union consistently drive most types of crypto-enabled cybercrime, from ransomware to illicit crypto exchanges and darknet markets," explains TRM. Ransomware is a form of cybercrime in which attackers steal and encrypt data on compromised systems and then demand a ransom payment in exchange for a decryption key and a promise to delete the stolen files.