Russian Intelligence Services Continue to Target Commercial Messaging Applications


The FBI and CISA are issuing this update to the , Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets

    April 14, 2025

    The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, Trend Micro researchers covered how BPFDoor and BPF-enabled malware work. BPFDoor has been active for at least four years, with a report by ...

  • Fortinet Releases Security Updates for FortiOS and FortiGate

    April 11, 2025

    Fortinet has released security updates for FortiOS to mitigate novel post-exploitation activity observed against FortiGate devices. The disclosure details a new persistence technique used by an attacker, in conjunction with known vulnerabilities, to maintain read-only access to FortiGate devices through the use of symbolic links even after the initial access vector has been remediated. Fortinet has ...

  • Suspected Kimsuky (APT-Q-2) attacks South Korean companies

    April 11, 2025

    Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks has been South Korea, involving defense, education, energy, government, healthcare, and think tanks, with a focus ...

  • Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs

    April 11, 2025

    Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal. The extensions, which so far number at least 35, use the same code patterns, connect to some of the same ...

  • GOFFEE continues to attack organizations in Russia

    April 10, 2025

    GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of 2023, GOFFEE deployed modified Owowa (malicious IIS module) in ...

  • Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

    April 10, 2025

    In September 2024, NVIDIA released several updates to address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were advised to update their affected software immediately. Further research, however, uncovered that the patch was incomplete. ...