Tag: Russia
-
The Professionalized Underground: Chainalysis Reveals $154B in Illicit Crypto Flows
By 2025, the subterranean cryptocurrency landscape had decisively transcended its origins as a chaotic bazaar of dubious schemes, coalescing into a sophisticated ecosystem defined by established hierarchies and streamlined services. According to the latest comprehensive analysis by Chainalysis, sovereign states are increasingly co-opting existing criminal blockchain infrastructures to circumvent international restrictions and sanctions, eschewing the…
-
Beyond Macros: Paper Werewolf’s “EchoGather” Backdoor Exploits Excel XLLs
The Excel format—long regarded as a harmless office staple—is increasingly being exploited as an entry point for cyberattacks. At the center of this trend are XLL files, specialized Excel add-ins that are, in reality, native Windows DLL libraries capable of executing arbitrary code immediately upon loading. This very mechanism was leveraged in late 2025 by…
-
Tomiris APT Infiltrates Governments Via Phishing, Uses Telegram/Discord for C2 Espionage
The Tomiris group launched a new wave of cyber-espionage in early 2025, targeting high-level political and diplomatic institutions. According to Kaspersky Lab, the attacks focused on ministries of foreign affairs, state agencies, and intergovernmental organizations in Russia and across the CIS, with more than a thousand users potentially exposed to the group’s activity. Initial access…
-
OpenSSH & Tor: ‘Operation SkyCloak’ Targets Defense Agencies with Stealthy Multi-Stage Backdoor
In mid-autumn 2025, researchers at Cyble and Seqrite Labs observed a new wave of targeted malicious activity dubbed Operation SkyCloak. According to their findings, an unidentified threat actor has been conducting a phishing campaign aimed at defence organizations in Russia and Belarus, with the objective of clandestinely installing a multi-stage backdoor that leverages OpenSSH and…
-
National Security Betrayal: Defense Contractor Sold 8 Zero-Days to Russian Broker for Crypto
Former L3Harris defense contractor employee Peter Williams has pleaded guilty in a U.S. federal court to two counts of theft of trade secrets, admitting that he sold eight zero-day vulnerabilities to a Russian intermediary for millions of dollars in cryptocurrency. According to court filings, the 39-year-old Williams spent three years working at Trenchant, an L3Harris…
-
Dark Web Alert: Massive Data Leak from Russian SMS Aggregators Threatens Global Accounts
An advertisement has surfaced on the dark web offering three terabytes of data allegedly stolen from two major Russian SMS aggregators. The individual behind the post, using the pseudonym ByteToBreach, claims that the leak includes names, phone numbers, IP addresses, banking messages, activation codes, and other sensitive information. The description notes that “a portion of…
-
Chancellor Rachel Reeves Blames Russia for UK Cyberattacks, but Evidence Points to Scattered Spider
In an interview with ITV, UK Chancellor Rachel Reeves asserted that “hostile states such as Russia” were behind recent cyberattacks on British companies. According to her, “a number of attacks are carried out from Russia by Russian entities.” However, no evidence was presented to substantiate these claims. Reeves’ remarks came against the backdrop of investigations…
-
Kaspersky Details 14 Cyber Groups Actively Attacking Russian Organizations
Kaspersky Lab has published its first comprehensive technical analysis of cyber groups most actively targeting Russian organizations. The report details 14 groups, outlining their tactics, tools, and the confirmed links between them. Experts identified three primary clusters of attackers. The first consists of hacktivists motivated by ideology and intent on disrupting infrastructure. Among them are…
-
The Single Point of Failure: A Russian Developer Maintains a Core Node.js Library
The fast-glob library—used in thousands of public Node.js projects and in more than thirty systems of the U.S. Department of Defense—has turned out to be the work of a single developer. Online profiles indicate that its sole author is Denis Malinochkin, a Russian programmer employed at Yandex. This revelation was published by the American company…
-
Fake Antivirus Targets Russian Businesses: Inside a New Android Espionage Campaign
The malware Android.Backdoor.916.origin, uncovered by Doctor Web’s research laboratory, specifically targets the corporate sector in Russia and possesses extensive capabilities for surveillance and data theft. Its primary purpose is not mass infection but rather precise, targeted attacks against employees of Russian companies. The first samples of this malicious program surfaced in January 2025, after which…
-
Kaspersky Uncovers Stealthy Cyberespionage: Cobalt Strike Beacon Delivered Via Social Media Profiles
Kaspersky Lab has reported a renewed wave of cyberattacks leveraging Cobalt Strike Beacon—a legitimate remote administration tool frequently repurposed for system compromise and data exfiltration. The malware is disseminated through encrypted code embedded within user profiles on prominent digital platforms such as GitHub, Microsoft Learn Challenge, Quora, and various Russian social networks. These attacks were…
-
CargoTalon: New Cyber-Espionage Campaign Targets Russian Aviation with Stealthy DLL Implants
Experts at SEQRITE Labs have uncovered a large-scale cyber-espionage campaign dubbed CargoTalon, specifically targeting personnel within a key enterprise of Russia’s aviation industry. The operation employs highly targeted phishing techniques, disguised as essential logistics documents critical to the nation’s internal supply chains. The investigation began on June 27, when a suspicious email surfaced on VirusTotal.…
-
WhatsApp on Notice: Russia Demands Exit as Kremlin Pushes for Digital Sovereignty
State Duma Deputy Alexander Gorelkin has declared that the messaging platform WhatsApp should “begin preparing to exit the Russian market.” According to him, the service—owned by Meta, a company designated as extremist within Russia—is highly likely to be included in a forthcoming list of software originating from unfriendly nations, which may be subjected to regulatory…
-
Batavia Spyware Unmasked: Covert Campaign Hits Russian Industrial & Scientific Orgs via Phishing Emails
Since July 2024, Russia has been the target of a large-scale, highly targeted cyber campaign employing a previously unknown espionage tool named Batavia. According to Kaspersky Lab, the attacks have been directed at industrial and scientific organizations, with malicious emails disguised as contract agreement requests resulting in the compromise of at least a hundred devices…
-
IBM announces its complete withdrawal from the Russian market
IBM announced this week that it will completely withdraw from Russia and lay off all local employees, but it will provide reasonable measures for these employees to help them tide over the difficulties. The tech giant mainly provides software solutions and cloud computing services, and its clients include Sberbank and Russian State Railways. On March…
-
Google suspends Google Play purchases/subscriptions/recharges in Russia
Google has currently suspended any paid content sales in its Play Store in Russia, including but not limited to app purchases, subscriptions, and game recharge services. The main reason for this is that after Russia was kicked out of the SWIFT system, Google has been unable to charge fees normally. For example, Russian users cannot…