Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 9
176 résultats taggé russia  ✕
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/
01/06/2025 17:07:39
QRCode
archive.org
thumbnail

Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.

microsoft EN 2025 Void Blizzard espionage Russia cloud abuse
Massive leak exposes Russian nuclear facilities https://cybernews.com/security/russian-missile-program-exposed-in-procurement-database/
29/05/2025 13:29:54
QRCode
archive.org

Detailed blueprints of Russia’s modernized nuclear weapon sites, including missile silos, were found leaking in public procurement database.
Russia is modernizing its nuclear weapon sites, including underground missile silos and support infrastructure. Data, including building plans, diagrams, equipment, and other schematics, is accessible to anyone in the public procurement database.

Journalists from Danwatch and Der Spiegel scraped and analyzed over two million documents from the public procurement database, which exposed Russian nuclear facilities, including their layout, in great detail. The investigation unveils that European companies participate in modernizing them.

According to the exclusive Der Spiegel report, Russian procurement documents expose some of the world’s most secret construction sites.

“It even contains floor plans and infrastructure details for nuclear weapons silos,” the report reads.

German building materials and construction system giant Knauf and numerous other European companies were found to be indirectly supplying the modernization through small local companies and subsidiaries.

Knauf condemned the Russian invasion of Ukraine and announced its intention to withdraw from its Russian business in 2024. Knauf told Der Spiegel that it only trades with independent dealers and cannot control who ultimately uses its materials in Russia.

Danwatch jointly reports that “hundreds of detailed blueprints” of Russian nuclear facilities, exposed in procurement databases, make them vulnerable to attacks.

“An enormous Russian security breach has exposed the innermost parts of Russia’s nuclear modernization,” the article reads.

“It’s completely unprecedented.”

The journalists used proxy servers in Russia, Kazakhstan, and Belarus to circumvent network restrictions and access the documents. The rich multimedia in the report details the inner structure of bunkers and missile silos.

cybernews.com EN 2025 Massive leak Russia nuclear facilities procurement database data-leak
Russian hybrid threats: EU lists further 21 individuals and 6 entities and introduces sectoral measures in response to destabilising activities against the EU, its member states and international partners https://www.consilium.europa.eu/en/press/press-releases/2025/05/20/russian-hybrid-threats-eu-lists-further-21-individuals-and-6-entities-and-introduces-sectoral-measures-in-response-to-destabilising-activities-against-the-eu-its-member-states-and-international-partners
24/05/2025 12:21:59
QRCode
archive.org

The Council today decided to impose additional restrictive measures against 21 individuals and 6 entities responsible for Russia’s destabilising actions abroad.

The Council has also broadened the scope to allow the EU to target tangible assets linked to Russia’s destabilising activities, such as vessels, aircraft, real estate, and physical elements of digital and communication networks, as well as transactions of credit institutions, financial institutions and entities providing crypto-assets services that directly or indirectly facilitate Russia’s destabilising activities.

Furthermore, in light of the systematic, international Russian campaign of media manipulation and distortion of facts aimed at destabilising neighbouring countries and the EU, the Council will now have the possibility to suspend the broadcasting licences of Russian media outlets under the control of the Russian leadership, and to prohibit them from broadcasting their content in the EU.

In line with the Charter of Fundamental Rights, the measures agreed today will not prevent the targeted media outlets and their staff from carrying out activities in the EU other than broadcasting, e.g. research and interviews.

Today’s listings include Viktor Medvedchuk, a former Ukrainian politician and businessman who, through his associates Artem Marchevskyi and Oleg Voloshin also listed today, controlled Ukrainian media outlets and used them to disseminate pro-Russian propaganda in Ukraine and beyond. Through secret financing of the “Voice of Europe” media channel - also listed today - and his political platform “Another Ukraine”, Medvedchuk has promoted policies and actions intended to erode the legitimacy and credibility of the government of Ukraine, in direct support of the foreign policy interests of the Russian Federation and disseminating pro-Russian propaganda.

consilium.europa.eu EN EU sanctioned Stark-Industries-Solutions cyberattacks propaganda russia
Marks & Spencer hackers appear to protect ‘former Soviet states’ from attacks | The Observer https://observer.co.uk/news/national/article/marks-spencer-hackers-appear-to-protect-former-soviet-states-from-attacks?ref=metacurity.com
13/05/2025 23:18:04
QRCode
archive.org
thumbnail

Marks & Spencer hackers appear to protect ‘former Soviet states’ from attacks

Marks & Spencer hackers appear to protect ‘former Soviet states’ from attacks
DragonForce group also says it has targeted Co-op and Harrods in cybercrime spree
Hackers who bragged about crippling Marks & Spencer’s systems and breaching Co-op Group databases appeared to have vowed to protect “the former Soviet Union” from the technology used in the attacks.

The DragonForce cybercrime group appeared to use a dark web forum to issue a threat to “punish any violations” by fellow hackers planning to use its ransomware in Russia or the former Soviet states – the first indication of any allegiance.

The group, which licenses its ransomware to other hacking gangs for a fee, claimed responsibility for an attack that has left shelves at some branches of M&S bare and has forced the company to suspend online orders.

A separate attack on the Co-op led to a data breach and customer details being stolen, and the group has also been linked to an attempt to hack systems at Harrods.

“Any attack by our software on critical infrastructure, hospitals where critical patients, children, and the elderly are kept, or on the countries of the former Soviet Union, is a PROVOCATION by unscrupulous partners,” read a statement which claimed to be from the group, released at the end of last month.

“We, as regulators, are doing our best to counteract this, and we will punish any violations, as well as assist in solving the problems of the affected parties.”

observer.co.uk EN 2025 Marks&Spencer DragonForce Russia
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US https://www.wired.com/story/easyjson-open-source-vk-ties/
05/05/2025 20:48:26
QRCode
archive.org
thumbnail

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.
Security researchers warn that a popular open source tool maintained by Russian developers could pose significant risks to US national security.

Key Points:

  • The open source tool easyjson is linked to VK Group, a company run by a sanctioned Russian executive.

  • easyjson is widely used in the US across various critical sectors including defense, finance, and healthcare.

  • Concerns are heightened due to the potential for data theft and cyberattacks stemming from this software.

*Recent findings from cybersecurity researchers at Hunted Labs indicate that easyjson, a code serialization tool for the Go programming language, is at the center of a national security alert. This tool, which has been integrated into multiple sectors such as the US Department of Defense, is maintained by a group of Russian developers linked to VK Group, led by Vladimir Kiriyenko. While the complete codebase appears secure, the geopolitical context surrounding its management raises substantial concerns about the potential risks involved.

The significance of easyjson cannot be overstated, as it serves as a foundational element within the cloud-native ecosystem, critical for operations across various platforms. With connections to a sanctioned CEO and the broader backdrop of Russian state-backed cyberattacks, the fear is that easyjson could be manipulated to conduct espionage or potentially compromise critical infrastructures. Such capabilities underscore the pressing need for independent evaluations and potential reevaluations of software supply chains, particularly when foreign entities are involved.

wired EN 2025 russia US easyjson national-security vulnerabilities open-source hacking
Ransom-War and Russian Political Culture: Trust, Corruption, and Putin's Zero-Sum Sovereignty https://nattothoughts.substack.com/p/ransom-war-conclusion-trust-corruption
02/05/2025 11:55:17
QRCode
archive.org

Recent Western government revelations about EvilCorp flesh out how Russian ransomware actors and the Russian government use each other to navigate a world they perceive as dangerous.

Note added April 30 2025:

Originally posted October 16, 2024 in a very different global geopolitical context, this analysis remains relevant today. Subsequent revelations, especially a set of leaked messages from the Black Basta group – a successor to the Conti group – reaffirm the complexity of relations between Russian ransomware actors and security officials. (The Natto Team discussed the value of leaks here). The Black Basta leaks show that group's members as:

 Receiving Protection: Black Basta chief “Tramp” – who chose as his moniker the Russian version of the current US president’s name – boasted of receiving high-level help from Russian authorities after Armenian officials arrested him in June 2024.   

But Still Vulnerable: Tramp speculated in July 2024 that someone from their circle had snitched on him, “tempted” by the rewards the US State Department has offered for information on Tramp. He also received tipoffs from criminal acquaintances and from “my law enforcement people,” telling him that Russian officials faced international pressure to crack down on Russian cybercriminals: “those who get paid by Interpol here will start making our lives hell.” In September 2024, Black Basta coder “YY” told Tramp that Russian officials had raided YY's home, impounded his car, and “marinated” him in custody for a time. 

 Under Pressure to Work for the Russian State: ​​In a November 14 2022 chat, “Tramp” said, “I have guys in Lubyanka [FSB headquarters] and the GRU [military intelligence agency] – I have been “feeding” them for a long time. They only want to take people on to work for them. They won’t even talk about [prison] sentences or anything. You can go in to work every day at 8 am and leave at 6 pm, just like in a ‘white’ [legitimate] job.” 

 Tracking Geopolitics: In May 2024, after Black Basta paralyzed IT systems at US-based Ascension Healthcare, Black Basta ransom negotiator “Tinker” pondered the group's extortion strategy in light of US election-year politics. He mused that, if anyone died as a result of the group’s attack on a healthcare entity – particularly a Christian hospital system like Ascension – US citizens would demand that their government do whatever it took to induce Russia to crack down on the criminals. Tinker speculated that the Joe Biden administration might make serious concessions to Russia, such as reducing military aid to Ukraine, in return for Russia’s cracking down on the criminals. 

For the Natto Team’s own assessment of Russian-US “ransomware diplomacy,” see here and here.

It will be interesting to observe how Russian cybercriminals interpret recent developments in US-Russian relations.

nattothoughts EN 2025 Russia leaks Black Black-Basta FSB Tramp
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US) https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html
27/04/2025 10:29:08
QRCode
archive.org
thumbnail
  • Trend Research has identified multiple IP address ranges in Russia that are being used for cybercrime activities aligned with North Korea. These activities are associated with a cluster of campaigns related to the Void Dokkaebi intrusion set, also known as Famous Chollima.
  • The Russian IP address ranges, which are concealed by a large anonymization network that uses commercial VPN services, proxy servers, and numerous VPS servers with RDP, are assigned to two companies in Khasan and Khabarovsk. Khasan is a mile from the North Korea-Russia border, and Khabarovsk is known for its economic and cultural ties with North Korea.
  • Trend Research assesses that North Korea deployed IT workers who connect back to their home country through two IP addresses in the Russian IP ranges and two IP addresses in North Korea. Trend Micro’s telemetry strongly suggests these DPRK aligned IT workers work from China, Russia and Pakistan, among others.
  • Based on Trend Research’s assessment, North Korea-aligned actors use the Russian IP ranges to connect to dozens of VPS servers over RDP, then perform tasks like interacting on job recruitment sites and accessing cryptocurrency-related services. Some servers involved in their brute-force activity to crack cryptocurrency wallet passwords fall within one of the Russian IP ranges.
  • Instructional videos have also been found with what it looks like non-native English text, detailing how to set up a Beavertail malware command-and-control server and how to crack cryptocurrency wallet passwords. This makes it plausible that North Korea is also working with foreign conspirators.
  • IT professionals in Ukraine, US, and Germany have been targeted in these campaigns by fictitious companies that lure them into fraudulent job interviews. Trend Research assesses that the primary focus of Void Dokkaebi is to steal cryptocurrency from software professionals interested in cryptocurrency, Web3, and blockchain technologies.
  • Trend Vision One™ detects and blocks the IOCs discussed in this blog. Trend Vision One customers can also access hunting queries, threat insights, and threat intelligence reports to gain rich context and the latest updates on Void Dokkaebi.
trendmicro EN 2025 Russia North-Korea network research infrastructure IoCs
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/
23/04/2025 08:14:24
QRCode
archive.org
thumbnail

Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted individuals. This activity comes on the heels of attacks Volexity reported on back in February 2025, where Russian threat actors were discovered targeting users and organizations through Device Code Authentication phishing...

volexity 2025 EN Russia M365 Microsoft365 phishing NGO OAuth UTA0352 login.microsoftonline.com
The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground | Trend Micro (US) https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-ever-evolving-threat-of-the-russian-speaking-cybercriminal-underground
16/04/2025 13:49:12
QRCode
archive.org
thumbnail

We dive into one of the most sophisticated and impactful ecosystems within the global cybercrime landscape. Our research looks at tools and techniques, specialized forums, popular services, plus a deeply ingrained culture of secrecy and collaboration.

trendmicro EN 2025 Research Russia Russian-Speaking cybercrime landscape
Gamaredon's Evolving Cyber Threats: A Closer Look https://thedefendopsdiaries.com/gamaredons-evolving-cyber-threats-a-closer-look/
13/04/2025 10:47:36
QRCode
archive.org
thumbnail

The Russian hacking group known as Gamaredon, or “Shuckworm,” has been making headlines with its sophisticated cyberattacks targeting Western military missions. This group has evolved its tactics, techniques, and procedures (TTPs) to enhance stealth and effectiveness, transitioning from Visual Basic Script (VBS) to PowerShell-based tools. PowerShell is a task automation framework from Microsoft, often used by attackers to execute commands and scripts on Windows systems. This shift, as reported by Symantec, highlights their strategic move to obfuscate, or hide, payloads and leverage legitimate services for evasion. Gamaredon’s recent campaigns have notably involved the use of malicious removable drives, targeting Western military missions in Ukraine with .LNK files that initiate infections upon execution. These developments underscore the group’s persistent threat to geopolitical entities, particularly those related to the Ukrainian military.

thedefendopsdiaries EN 2025 Gamaredon Russia Shuckworm TTPs
Germany suspects Russian cyber attack on research group https://www.dw.com/en/germany-suspects-russian-cyber-attack-on-research-group/a-72175406
11/04/2025 10:21:47
QRCode
archive.org
thumbnail

German intelligence services have said they are investigating a suspected Russian cyberattack against a Berlin-based research network.

DW EN 2025 Germany Russia Cyberattack DGO APT29
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign https://therecord.media/doppelganger-ceo-arrests-russia-tech
07/04/2025 21:19:47
QRCode
archive.org
thumbnail

Two other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure.

therecord.media EN 2025 Doppelgänger Azea Russia arrested
Doppelgänger: New disinformation campaigns spreading on social media through Russian networks https://www.intrinsec.com/doppelganger-new-disinformation-campaigns-spreading-on-social-media-through-russian-networks/?cn-reloaded=1
03/03/2025 11:20:47
QRCode
archive.org

This report presents:

  • The intrusion set commonly known as Doppelgänger continues to spread disinformation narratives on social medias such as X, through bot accounts specifically made for such campaigns.
  • As for its previous campaigns, Doppelgänger pushes its anti-western narrative on pages spoofing the medias of the targeted countries, such as France, Germany, Italy, Ukraine, and Israel. The disinformation campaign aims to manipulate public opinion by exploiting sensitive issues and exacerbating social and geopolitical divisions.
  • The linguistic characteristics of the articles suggest that some of them were translated from Russian or edited by Russian natives, reinforcing the hypothesis that they are of Russian origin.
  • In order to bypass both manual and automatic moderation on social media platforms, Doppelgänger continues to leverage Kehr[.]io, a redirection provider advertised on Russian speaking underground forums. This service hosts its infrastructure on IPs announced by English companies managed by Ukrainian and Belarusian individuals that we could connect with a high level of confidence to bulletproof network hosting solutions.
  • The disinformation campaigns remain ongoing.
intrinsec EN 2025 Doppelgänger Russia disifnormation campaigns
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning
01/03/2025 08:17:37
QRCode
archive.org
thumbnail

The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.

therecord.media EN 2025 Russia CISA US stand-down
Trump administration retreats in fight against Russian cyber threats https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security
01/03/2025 08:17:20
QRCode
archive.org
thumbnail

Recent incidents indicate US is no longer characterizing Russia as a cybersecurity threat, marking a radical departure: ‘Putin is on the inside now’

theguardian EN 2025 Trump US Russia CISA threat
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger?hl=en
26/02/2025 11:06:58
QRCode
archive.org
thumbnail

Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.

google EN Signal QRcode GTIG Russia Ukraine Messenger
German election targeted by Russian disinformation, security services warn | The Record from Recorded Future News https://therecord.media/german-election-targeted-by-russian-disinformation
21/02/2025 16:56:11
QRCode
archive.org
thumbnail

Germany’s security services warned on Friday that fake videos circulating online purporting to reveal ballot manipulation in the country’s upcoming federal elections were part of a Russian information operation.

therecord.media EN 2024 Germany disinformation Russia election
Storm-2372 conducts device code phishing campaign https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/#Update-February-14
16/02/2025 14:34:05
QRCode
archive.org
thumbnail

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.

microsoft EN 2025 Storm-2372 phishing campaign Russia
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/
14/02/2025 08:28:11
QRCode
archive.org
thumbnail

Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal.Through its investigations, Volexity discovered that Russian threat actors were impersonating a variety of individuals

volexity EN 2025 Russia spearphishing M365 social-engineering
New UK sanctions target Russian cybercrime network https://www.gov.uk/government/news/new-uk-sanctions-target-russian-cybercrime-network?ref=metacurity.com
11/02/2025 17:16:11
QRCode
archive.org
thumbnail

A key Russian cybercrime syndicate responsible for aiding merciless ransomware attacks around the world has been targeted by new UK sanctions.

gov.uk EN 2025 Russia cybercrime syndicate sanctions LockBit Zservers
page 1 / 9
4372 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio