Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional targets. The Security Service of Ukraine (SSU) identified the Gamaredon personnel as Russian Federal Security Service (FSB) officers.

Des experts en sécurité informatique ont enquêté sur un piratage, jusqu'alors inconnu, du groupe «Sandworm» sur le réseau électrique ukrainien.

This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

Des pirates informatiques russes ont publié un document interne de la Confédération concernant une possible livraison indirecte de chars Piranha à l'Ukraine. Le Secrétariat d'Etat à l'économie (Seco) a confirmé l'authenticité du document à Keystone-ATS.

Recorded Future's Insikt Group, in partnership with Ukraine's Computer Emergency Response Team (CERT-UA), has uncovered a campaign targeting high-profile entities in Ukraine that was cross-correlated with a spearphishing campaign uncovered by Recorded Future’s Network Traffic Intelligence. The campaign leveraged news about Russia’s war against Ukraine to encourage recipients to open emails, which immediately compromised vulnerable Roundcube servers (an open-source webmail software), using CVE-2020-35730, without engaging with the attachment. We found that the campaign overlaps with historic BlueDelta activity exploiting the Microsoft Outlook zero-day vulnerability CVE-2023-23397 in 2022.

How links between ‘hacktivists’ and official military are becoming blurred on both sides in the war.

In recent days, the US Justice Department and Pentagon have begun investigating an apparent online leak of sensitive documents, including some that were marked “Top Secret”.

A portion of the documents, which have since been widely covered by the news media, focused on Russia’s invasion of Ukraine, while others detailed analysis of potential UK policies on the South China Sea and the activities of a Houthi figure in Yemen.

The existence of the documents was first reported by the New York Times after a number of Russian Telegram channels shared five photographed files relating to the invasion of Ukraine on April 5 – at least one of which has since been found by Bellingcat to be crudely edited.

Russia’s further invasion of Ukraine in February 2022 was a watershed moment, and unique in that a major nation-state had engaged in coordinated, convergent digital and physical attacks in an effort to conquer a neighboring country. Leaders will draw lessons from this conflict for years, but one is already clear: the ability to deliver cyber defense assistance must be a key national security capability.

The Ukraine war has inspired a defensive cyber effort that government officials and technology executives describe as unprecedented.

Ukraine has achieved a cut-price version of what the Pentagon has spent decades and billions of dollars striving to accomplish: digitally networked fighters, intelligence and weapons.

With the ongoing war in Ukraine, in the Polish cyberspace, there are more and more occurrences classified as computer incidents, including attacks perpetrated by Russian hackers. This is a response of the Russian Federation to the Poland’s support provided to Ukraine and an attempt to destabilise the situation in our country.

A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.

The Russian government is planning “massive cyberattacks” against Ukrainian critical infrastructure facilities to “increase the effect of missile strikes on electrical supply facilities,” the Ukrainian government said Monday.

Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy.

Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine

A Lugano, le plus jeune ministre de Volodymyr Zelensky a révélé une nouvelle facette de l’Ukraine aux yeux du monde: celle d’un pays digital qui se bat contre l’invasion russe grâce à une e-armée, aussi

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.

Threat actors associated with Russian intelligence are using the fear or nuclear war to spread data-stealing malware in Ukraine.

The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...