Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware

The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to Read More …

Update on cyber activity in Eastern Europe

Google’s Threat Analysis Group (TAG) has been closely monitoring the cybersecurity activity in Eastern Europe with regard to the war in Ukraine. Since our last update, TAG has observed a continuously growing number of threat actors using the war as Read More …

NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

FORT MEADE, Md. – The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities by Russian military Read More …

New SkinnyBoy malware used by Russian hackers to breach sensitive orgs

Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. The threat actor, also known as Fancy Bear, Sednit, Sofacy, Strontium, or PwnStorm, used SkinnyBoy in attacks Read More …

Elizabethan England has nothing on modern-day Russia

The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We believe this is no longer the case. In today’s Read More …

Norway: Russian APT28 state hackers likely behind Parliament attack

Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament (Stortinget) email accounts on August 24, 2020, according to the Norwegian Police Security Service (PST, short for Politiets Sikkerhetstjeneste). Attackers gained access to a limited number of Stortinget email accounts Read More …

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be Read More …

CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat (APT) actor Turla. In Read More …