November 25, 2024 at 01:29PM Russian APT group Fancy Bear employed a novel “Nearest Neighbor” cyber-espionage technique during the Russia-Ukraine war, infiltrating a US organization by compromising nearby Wi-Fi networks. This remote attack underscores the security risks of proximity and emphasizes the need for stronger defenses against Wi-Fi vulnerabilities and enhanced monitoring practices. ### Meeting … Read more
November 24, 2024 at 08:37PM Volexity reported a “nearest neighbor attack” by Kremlin-backed hackers APT28, compromising networks via neighboring organizations’ Wi-Fi without MFA. Cisco warns of an expiring internal certificate risking device management. Microsoft seized 240 phishing sites linked to a suspect. Helldown ransomware targets Linux, and Jupyter Notebooks are hijacked for illegal sports streaming. … Read more
November 22, 2024 at 02:34PM Russian state hackers APT28 breached a U.S. company by executing a “nearest neighbor attack” via its enterprise WiFi, compromising nearby organizations first. Discovered on February 4, 2022, the incident involved credential theft and sophisticated lateral movement within the target network. Enhanced WiFi security is necessary to mitigate such risks. ### … Read more
November 22, 2024 at 07:02AM A Russia-linked cyberespionage group, TAG-110, has targeted over 60 victims across Asia and Europe, mainly in government and education, since at least 2021. Utilizing malware like HatVibe and CherrySpy, the group’s activities align with Russian geopolitical interests, particularly in Central Asia, impacting multiple sectors and national institutions. ### Meeting Takeaways … Read more
August 5, 2024 at 07:47AM Fighting Ursa, a prolific Russian cyber threat group, is targeting diplomats with a used car sale phishing scheme, distributing HeadLace backdoor malware. The attack, which involves disguising executables as image files, aims to establish persistent access for data theft and surveillance. The group has a history of high-profile cyber offensives … Read more
July 23, 2024 at 06:28AM CERT-UA warned of a cyber espionage campaign targeting a Ukrainian research institution with HATVIBE and CHERRYSPY malware. The attack leverages a compromised email account to distribute macro-laced Microsoft Word attachments, leading to the execution of the malware. A Russia-linked group, APT28, and UAC-0063 are attributed to the attack, with similar … Read more
May 31, 2024 at 06:57AM APT28, a Russian GRU-backed threat actor, has conducted cyber attacks across Europe using the HeadLace malware and credential-harvesting web pages. Operating with stealth and sophistication, they utilized legitimate internet services to conceal their operations. Their main targets included entities with military significance and services like Yahoo! and UKR[.]net. Key takeaways … Read more
May 9, 2024 at 07:18PM Poland warns of state-backed Russian threat group targeting its government institutions. Russian APT28 hackers used a phishing campaign to trick officials into clicking malicious links, compromising their devices. This aligns with previous APT28 operations targeting NATO and EU members. APT28’s history includes hacking the DNC, DCCC, and the German Bundestag. … Read more
May 9, 2024 at 11:48AM Russian APT28 orchestrates a malware campaign targeting Polish government institutions. The attack involves tricking victims into downloading malicious files via redirection to legitimate sites. APT28’s use of legitimate services aims to avoid detection by security software. The group has also expanded its activities to target iOS devices. NATO countries recently … Read more
May 5, 2024 at 10:39PM German officials have attributed a spate of cyberattacks on government agencies and private industry to APT28, a Russian threat actor linked to the GRU intelligence service. The attacks were reportedly in response to Germany’s decision to send tanks to Ukraine. The US has joined Germany in condemning the attacks and … Read more