The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control … [Read more...] about Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator
russian
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
Apr 22, 2024NewsroomNetwork Security / Endpoint Security The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental … [Read more...] about Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent … [Read more...] about Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, … [Read more...] about Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Mar 09, 2024NewsroomCyber Attack / Threat Intelligence Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is … [Read more...] about Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
Feb 15, 2024NewsroomMalware / Cyber Espionage The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023. "TinyTurla-NG, just like TinyTurla, is a small 'last chance' backdoor that is left behind to be used when all other … [Read more...] about Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those … [Read more...] about Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies
Dec 25, 2023NewsroomCyber Espionage / Malware The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia … [Read more...] about Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Dec 02, 2023NewsroomCybercrime / Malware A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev developed browser modifications and malicious … [Read more...] about Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Nov 18, 2023NewsroomCyber Attack / USB Worm Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon's (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, … [Read more...] about Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks