All articles tagged with #russian hackers
Norwegian authorities revealed that Russian hackers briefly hijacked the Bremanger dam in Norway in April, releasing millions of gallons of water, with Norway's spy chief blaming Russia for the cyberattack, which the Russian embassy denied. This incident is part of a pattern of Russian cyberattacks targeting Western energy infrastructure.
The UK government is updating its National Security and Investment Act to reduce business burdens and enhance security measures, including banning British institutions from paying ransoms to Russian hackers and expanding oversight of key sectors like semiconductors, AI, and water to protect against foreign influence and cyber threats.
Russian-affiliated hackers known as Void Blizzard have targeted over 20 NGOs and other organizations in Europe and North America using sophisticated phishing attacks, including fake Microsoft Entra login pages, to steal sensitive data and gather intelligence related to Russian strategic interests, especially concerning Ukraine and NATO countries.
A Russian hacking group, identified as "RomCom," has exploited two zero-day vulnerabilities to target Firefox and Tor browser users on Windows PCs, primarily in Europe and North America. The attacks, which began in October, involve a malicious web page that installs a backdoor on victims' PCs without user interaction. The vulnerabilities, CVE-2024-9680 and CVE-2024-49039, have been patched by Mozilla, Tor, and Microsoft. However, users who haven't updated remain at risk. ESET links these attacks to RomCom's previous exploits.
A newly patched NTLM vulnerability, CVE-2024-43451, was exploited by suspected Russian hackers to target Ukraine through phishing emails. The flaw, which allows NTLMv2 hash theft, was used to deliver Spark RAT malware via a compromised Ukrainian government server. The attack involved phishing emails prompting users to download malicious URL files, leading to further payload downloads. CERT-UA linked the activity to Russian threat actor UAC-0194, while also warning of financially motivated attacks using LiteManager software.
The Russian GRU-backed APT28 group, also known as BlueDelta, has been targeting European networks, particularly in Ukraine, with the HeadLace malware and credential-harvesting web pages. The campaigns, running from April to December 2023, utilized spear-phishing emails and sophisticated multi-stage infection sequences. BlueDelta's operations aimed to gather intelligence on military-related entities, employing various techniques including geofencing, legitimate internet services, and compromised Ubiquiti routers. The group's activities reflect a broader strategy to influence military tactics and regional policies amidst ongoing aggression against Ukraine.
A group of young, English-speaking hackers known as Scattered Spider has teamed up with Russian ransomware hackers, earning respect and becoming a force multiplier for cyberattacks. The FBI has identified them as experts in social engineering and part of a larger online criminal subculture called "the Community." Their criminal exploits, including a ransomware attack on MGM Resorts, have caused significant disruptions and financial losses. The Russian government's leniency towards ransomware gangs and the growing threat of costly and disruptive ransomware attacks have raised concerns among cybersecurity researchers and law enforcement agencies.
The US Cybersecurity and Infrastructure Security Agency (CISA) revealed that a Russian hacker group, Midnight Blizzard, compromised Microsoft corporate email accounts to exfiltrate correspondence between US government agencies and Microsoft, posing a significant risk. This follows Microsoft's report of a Moscow-sponsored hacker group accessing emails, documents, and source code repositories. CISA has issued an emergency directive for affected agencies to review and enhance security measures, including analyzing exfiltrated content, resetting compromised credentials, and securing authentication tools for privileged Microsoft Azure accounts. Midnight Blizzard, also known as Nobelium and Cozy Bear, is associated with Russia’s Foreign Intelligence Service and was behind the 2020 SolarWinds hack.
The U.S. government revealed that Russian hackers who breached Microsoft's corporate emails have potentially gained access to passwords and sensitive material, posing a serious threat to multiple federal agencies. The Cybersecurity and Infrastructure Security Agency issued a directive for agencies to change compromised log-ins and investigate further risks. The breach, attributed to Russian military intelligence agency SVR, has raised concerns about the cybersecurity of federal employees and their work, prompting urgent action to secure authentication tools and analyze the content of exfiltrated emails.
Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft, potentially compromising login information such as usernames and passwords. While there is no evidence of successful breaches into federal computer systems, US officials are taking the breach seriously and have issued an emergency directive for affected agencies to bolster their defenses. This incident is the latest in a series of foreign hacking campaigns targeting US government agencies through Microsoft software, with the hackers having a history of wide-ranging intelligence gathering campaigns in support of the Kremlin.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Russian government-backed hackers, known as "Midnight Blizzard," stole emails from several U.S. federal agencies through a cyberattack on Microsoft. CISA issued an emergency directive ordering civilian government agencies to secure their email accounts after discovering that the Russian hackers were escalating their intrusions. Microsoft, which initially disclosed the attack in January, has been working to expel the hackers from its systems, while facing scrutiny over its security practices. This incident follows a previous breach attributed to China government-backed hackers, which was also linked to security failures at Microsoft.
Microsoft is still grappling with Russian state hackers who breached the email accounts of senior company executives in November and have been attempting to breach customer networks using stolen access data. The hackers, known as Cozy Bear, are linked to Russia's SVR foreign intelligence service and have compromised source-code repositories and internal systems. Microsoft has disclosed that the hackers stole "secrets" from email communications, including cryptographic secrets, and is reaching out to affected customers to assist in mitigating measures. The ongoing attack raises concerns about the national security implications and the heavy reliance on Microsoft's software monoculture, with cybersecurity experts criticizing the company's handling of vulnerabilities and security practices.
Microsoft admits that Russian state hackers, known as Cozy Bear, are still active within its systems, with access to stolen email communications and source code repositories. The hackers, linked to the SVR foreign intelligence service, have compromised customer networks using stolen access data and continue to pose a significant threat. This revelation raises concerns about the national security implications and the potential for supply chain attacks against Microsoft's customers. Cybersecurity experts criticize Microsoft's handling of the situation and express alarm over the ongoing breaches, while the company states that it has not yet determined the financial impact of the incident.
Russian hackers, including the group Nobelium responsible for the SolarWinds attack, have infiltrated Microsoft's internal systems, accessing source code and leveraging stolen information to breach further. Meanwhile, a former Google engineer is charged with stealing trade secrets for Chinese companies, and the US Cybersecurity and Infrastructure Security Agency experienced a breach through vulnerabilities in Ivanti IT management software. Additionally, Meta faces demands for action over hacked accounts, and a ransomware attack on Change Healthcare causes nationwide prescription drug delivery delays.
Microsoft warns that Russian hackers, known as Midnight Blizzard, have used stolen executive emails to broaden cyberattacks, gaining unauthorized access to source code repositories and internal systems. The group has increased the volume of attacks, such as password sprays, and Microsoft is reaching out to affected customers to assist in mitigating measures. The company expressed surprise at the sustained commitment and focus of the threat actor's resources, and believes the hackers are supported by the Kremlin.