German chancellor promises probe after leak of officers discussing the supply of long-range missiles.

G7 is drafting a workaround to use frozen assets to rebuild Ukraine.

Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months

Senior execs' emails accessed in network breach that wasn't caught for 2 months.

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments.

The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly Nobelium), which is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.

NoName057(16) relies heavily on HTTPS application-layer DDoS attacks, with many attacks repeatedly sourced from the same attack harness, networks, and targeting similar countries and industries.

Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters.

The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12.

Cloud Atlas spear-phishing attacks hit an agro-industrial enterprise and a state-owned research company.

Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.

Hackers tied to Russian military take responsibility for hack on Ukraine's biggest provider.

Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.

Ukraine's biggest mobile network operator was hit on Tuesday by what appeared to be the largest cyberattack of the war with Russia so far, knocking out mobile and internet services for millions and the air raid alert system in parts of Kyiv region.

The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity.

The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cyber National Mission Force (CNMF), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ) assess that Star Blizzard is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18.

The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.

A Moscow legal battle strongly indicates that phone forensics tools used by both the FBI and FSB are exploiting security loopholes in Apple’s operating system.

Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.

It’s not every day that you discover a new Russian hacking group complete with a song and dance routine (performed live), a sleek user interface (with dark mode!) and a clearly thought-out business model. But that is exactly what our security research team discovered with “AlphaLock,” a “pentesting training organization” that trains hackers and then monetizes their services through a dedicated affiliate program.
...
We originally discovered their group through a public Telegram channel that has since become private. This post will serve as a detailed investigation and description of one of the most brazen, strange, and best marketed cybercrime groups to appear in 2023.

• Cybercrime sophistication and commoditization continues to grow: We now have a real life example of a threat group that seeks to create its own talent pool through a training program, goes to extensive lengths to market itself, and plans to monetize this through a hacker-for-hire scheme. The level of technical sophistication required to do this isn’t very high, but the level of organizational sophistication and business acumen is quite interesting.
• Ransomware isn’t the only game in town: Cybercriminals typically choose the path of least resistance that is most likely to prove profitable, this has been increasingly the case as the cybercrime ecosystem has evolved into a functional market economy. However AlphaLock represents another potential method to both monetize and democratize cybercrime. This could be a particularly interesting model alternative for ransomware groups if the U.S. follows through with the proposal of banning ransomware payments.
• A Technical Threat Actor Supply Shortage? One of the most fascinating things about AlphaLock is they want to create a pipeline of talent to populate their hacker marketplace. This suggests that there may be limitations on the supply of talented threat actors that have the required degree of sophistication to the point where they have tried to build their own pipeline of actors.
• The Brand: Our researchers have noted an increasing focus on group “brand” and identity among financially motivated threat groups. AlphaLock has clearly made significant investments in time to create a brand and reputation for itself. Notice in the final post they even advertise that they are looking to hire someone to market themselves on Telegram and social media.
• Blurred Lines: Many security practitioners have often assumed that threat actors primarily operate on the dark web. In most cases today this isn’t the case. There are increasingly blurred lines between clear web sites, Tor, and social media applications such as Telegram that create easy avenues for threat actors to congregate and communicate.

This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.