14 matches found
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences...
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, ...
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations
Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. Th...
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR.net, a webmail and news service popular in Ukraine. The activity, observed by Recorded Future's Insikt Group between June...
Russian UAC-0063 Targets Europe and Central Asia with Advanced Malware
UAC-0063: A Russian-linked threat actor targeting Central Asia and Europe with sophisticated cyberespionage campaigns, including weaponized documents, data…...
CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities
The Computer Emergency Response Team of Ukraine CERT-UA has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust...
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this...
Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure
The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates th...
New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations
The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and...
Cadet Blizzard emerges as a novel and distinct Russian threat actor
As Russia’s invasion of Ukraine continues into its second year and Microsoft continues to collaborate with global partners in response, the exposure of destructive cyber capabilities and information operations provide greater clarity into the tools and techniques used by Russian state-sponsored...
Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme
A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers...
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers...
Russian threat actor UAC-0056 targets European countries
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...