Lucene search
K

17 matches found

The Hacker News
The Hacker News
added 2025/07/08 8:22 a.m.11 views

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious link...

6.2AI score
Exploits0
Securelist
Securelist
added 2025/07/07 10:0 a.m.7 views

Batavia spyware steals data from Russian organizations

Introduction Since early March 2025, our systems have recorded an increase in detections of similar files with names like договор-2025-5.vbe, приложение.vbe, and dogovor.vbe translation: contract, attachment among employees at various Russian organizations. The targeted attack begins with bait...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/21 1:10 p.m.33 views

PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. "The campaign aimed at Russian business began back in March 2023, but in the first third of 2025 the number of attacks quadrupled compared to the...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/04/22 1:0 p.m.15 views

Russian organizations targeted by backdoor masquerading as secure networking software updates

As we were looking into a cyberincident in April 2025, we uncovered a rather sophisticated backdoor. It targeted various large organizations in Russia, spanning the government, finance, and industrial sectors. While our investigation into the attack associated with the backdoor is still ongoing, ...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/04/10 10:0 a.m.25 views

GOFFEE continues to attack organizations in Russia

GOFFEE is a threat actor that first came to our attention in early 2022. Since then, we have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of...

7.7AI score
Exploits0
HackRead
HackRead
added 2025/02/27 1:39 p.m.14 views

Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia

Angry Likho APT resurfaces, targeting Russian and Belarusian organizations with Lumma Stealer malware via phishing attacks, stealing credentials, banking data, and more...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/09/25 10:0 a.m.10 views

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures TTPs among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups...

8.1AI score
Exploits0
Securelist
Securelist
added 2024/08/14 12:0 p.m.14 views

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that...

7.5AI score
Exploits0
hivepro
hivepro
added 2022/08/05 6:22 p.m.65 views

Woody RAT leverages Follina to target Russia

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The unknown threat actor employs the Woody RAT to spear-phish Russian organizations. The malware was distributed via archive files and later switched to Microsoft Office documents leveraging the now-patched...

9.3CVSS3.4AI score0.99374EPSS
Exploits62
The Hacker News
The Hacker News
added 2022/08/04 12:55 p.m.210 views

New Woody RAT Malware Being Used to Target Russian Organizations

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office...

9.3CVSS1.2AI score0.99374EPSS
Exploits62
hivepro
hivepro
added 2022/04/20 6:6 a.m.11 views

OldGremlin, a threat actor targeting Russian organizations with phishing emails since 2020

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After almost a year, OldGremlin made a comeback in March 2022 by resuming their malicious email campaigns against two Russian organizations. Over the last two years, OldGremlin has carried out 13 malicious email campaigns...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/12 11:53 a.m.20 views

Conti ransomware offshoot targets Russian organizations

Thanks to the Threat Intelligence team for their help with this article. Conti, the infamous ransomware created by a group of Russian and Eastern European cybercriminals, has again made headlines after a hacking group used its leaked source code to create another variant of the ransomware and...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/10/01 12:36 p.m.136 views

New APT ChamelGang Targets Russian Energy, Aviation Orgs

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security firm...

10CVSS9.3AI score0.99999EPSS
Exploits32References11
ThreatPost
ThreatPost
added 2021/03/03 7:18 p.m.35 views

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

The Russian-speaking group behind the infamous RTM banking trojan is now packing a trifecta of threats as it turns up the heat – part of a massive new money-grab campaign. Beyond the banking malware it is known for, attackers have enlisted a recently-discovered ransomware family called Quoter as...

0.7AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/09/23 2:26 p.m.50 views

OldGremlin Ransomware Group Bedevils Russian Orgs

A new cybercriminal group called OldGremlin has been targeting Russian companies – including banks, industrial enterprises and medical firms – with ransomware attacks. OldGremlin relies on a bevy of tools, including custom backdoors called TinyPosh and TinyNode, to gain an initial foothold in the...

1.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/06/17 10:12 p.m.565 views

AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit

Advanced malware, dubbed AcidBox, has been identified by researchers who say a mysterious cybergang used it twice against Russian organizations as far back as 2017. In a report released Wednesday, Palo Alto Networks’ Unit 42 sheds new light onto attacks against the popular open-source...

7.2CVSS9.1AI score0.26869EPSS
Exploits8References7
Talos Blog
Talos Blog
added 2020/03/10 6:0 a.m.109 views

Bisonal: 10 years of play

By Warren Mercer, Paul Rascagneres and Vitor Ventura. Update 06/03/20: added samples from 2020. Executive summary Security researchers detected and exposed the Bisonal malware over the past 10 years. But the Tonto team, the threat actor behind it, didn't stop.The victimology didn't change over...

2.8AI score
Exploits0
Rows per page
Query Builder