Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified n...

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

In December 2025, we detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. We have attributed this activity to the Silver Fox threat group. Both...

EUVD-2022-1390

Malicious code in bioql PyPI...

New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks

The Russian advanced persistent threat APT group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campai...

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot , which was paying $250 a month to plug a pair of laptops into the...

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle AitM attack at the Internet Service Provider ISP level and delivering a custom malware...

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine

ESET reports on RoundPress, a cyber espionage campaign by Russia's Fancy Bear Sednit targeting Ukraine-related organizations via webmail…...

ROS-2-452

2.452 Multiple Vulnerabilities in LibTIFF 1. Vulnerability description: CVE-2020-35524 CVE-2020-35523 CVE-2020-35522 CVE-2020-35522 CVE-2020-35521 The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error in TIFF...

ROS-2-18

2.18 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...

ROS-2-232

2.232 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia №4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...

ROS-2-687

2.687 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...

From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks

France accuses Russia's APT28 hacking group Fancy Bear of targeting French government entities in a cyber espionage campaign.…...

Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…...

Biden's Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech Fight

Nathaniel Fick, the ambassador for cyberspace and digital policy, has led US tech diplomacy amid a rising tide of pressure from authoritarian regimes. Will the Trump administration undo that work?...

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in...

Hacktivist Groups: The Shadowy Links to Nation-State Agendas

Hacktivist Groups: The Shadowy Links to Nation-State Agendas By Ernesto Fernández Provecho · December 16, 2024 Introduction Hacktivism, the intersection of hacking and activism, has emerged as a potent force in the digital age. It involves using technology to achieve social or political goals,...

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as "Запрос цены и предложения от Индивидуального...

FBI-Wanted Hacker Behind Global Ransomware Attacks Arrested in Russia

Mikhail Pavlovich Matveev aka Wazawaka has been wanted by the FBI since 2023...

Russia’s Ballistic Missile Attack on Ukraine Is an Alarming First

This is the first time Russia has used its so-called Oreshnik intermediate-range ballistic missile in combat. The launch also serves as a warning to the West...

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack

In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street...