Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more than half a dozen countries, researchers said Wednesday. The threat group, tracked under names including APT28, Fancy Bear, Sednit, Forest Blizzard, and Sofacy, pounced on the vulnerability, tracked as… Read More »
One of the world’s most ruthless and advanced hacking groups, the Russian state-controlled Sandworm, launched a series of destructive cyberattacks in the country’s ongoing war against neighboring Ukraine, researchers reported Thursday. In April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often… Read More »
But ESET said its most likely hypothesis is that Turla and Gamaredon were working together. “Given that both groups are part of the Russian FSB (though in two different Centers), Gamaredon provided access to Turla operators so that they could issue commands on a specific machine to restart Kazuar, and deploy Kazuar v2 on some… Read More »
Once behind the captive portal, the page initiates the Windows Test Connectivity Status Indicator, a legitimate service that determines whether a device has Internet access by sending an HTTP GET request to hxxp://www.msftconnecttest[.]com/redirect. That site, in turn, redirects the browser to msn[.]com. As Thursday’s post explained: Once the system opens the browser window to this… Read More »
Russia’s biggest airline cancelled dozens of flights on Monday following a failure of the state-owned company’s IT systems and, according to a Russian lawmaker and pro-Ukrainian hackers, was the result of a cyberattack, it was widely reported. The airline, Aeroflot, said it cancelled about 40 flights following a “technical failure.” An online departure board for… Read More »
Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical… Read More »
Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers warned. The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication… Read More »
On Monday, the US government announced a new round of regulations on global AI chip exports, dividing the world into roughly three tiers of access. The rules create quotas for about 120 countries and allow unrestricted access for 18 close US allies while maintaining existing bans on China, Russia, Iran, and North Korea. AI-accelerating GPU… Read More »
Google researchers said they uncovered a Kremlin-backed operation targeting recruits for the Ukrainian military with information-stealing malware for Windows and Android devices. The malware, spread primarily through posts on Telegram, came from a persona on that platform known as “Civil Defense.” Posts on the @civildefense_com_ua telegram channel and the accompanying civildefense[.]com.ua website claimed to provide… Read More »
“Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.” That two-line comment, submitted by major Linux kernel maintainer Greg Kroah-Hartman, accompanied a patch that removed about a dozen names from the kernle’s MAINTAINERS file. “Some entries” notably had either Russian names or .ru email… Read More »