Russian Intelligence Services Continue to Target Commercial Messaging Applications


The FBI and CISA are issuing this update to the , Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ransomware gang attacking NAS devices taken down in major police operation

    July 18, 2025

    A 44-year-old Romanian national has been arrested during a law enforcement operation to dismantle a ransomware campaign called “Diskstation”. Diskstation usually targets Synology Network-Attached Storage (NAS) devices, often used in an enterprise environment for centralized file storage and sharing, data backup and recovery, and general content hosting. The group was first spotted in 2021, and has ...

  • British spies and SAS named in Afghan data breach

    July 17, 2025

    The identities of more than 100 British officials, including members of the special forces and MI6, were compromised in a data breach that also put thousands of Afghans at risk of reprisal, it can be reported. The latest fallout from the breach was kept secret by an injunction until Thursday, when the order was lifted in ...

  • Hackers are trying to steal passwords and sensitive data from users of Signal clone

    July 17, 2025

    Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users’ private data, according to security researchers and a U.S. government agency. TeleMessage, which earlier this year was revealed to be used by high-ranking officials in the Trump administration, already experienced at least one data breach in May. ...

  • GhostContainer backdoor: Malware compromising Exchange servers of high-value organizations in Asia

    July 17, 2025

    In a recent incident response (IR) case, Kaspersky researchers discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Kaspersky in-depth analysis of the malware revealed a sophisticated, multi-functional backdoor that can be dynamically ...

  • Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor

    July 16, 2025

    Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. GTIG assesses with high confidence that UNC6148 is leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access ...

  • Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting

    July 16, 2025

    Analyst note: Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have not been observed for long enough to receive a numerical TA designation. China-aligned threat actors have routinely targeted the semiconductor industry for many years. This activity likely aligns with China’s internal strategic economic priorities, which have increasingly emphasized ...