February 17, 2024 at 07:59AM The FBI dismantled a botnet of SOHO routers used by Russia’s GRU for cyber espionage. This network, controlled by GRU Military Unit 26165, targeted US and foreign governments, military entities, and organizations. The FBI remotely accessed the routers through “Operation Dying Ember” to delete stolen data, disable Moobot malware, and … Read more
February 17, 2024 at 03:07AM Winter Vivern, a Russia-aligned threat group, exploited cross-site scripting vulnerabilities in Roundcube webmail servers across Europe, primarily targeting government, military, and national infrastructure in Georgia, Poland, and Ukraine. Using social engineering techniques and a zero-day exploit, they gained unauthorized access to mail servers, potentially for cyber-espionage serving the interests of … Read more
February 16, 2024 at 02:03AM The U.S. government disrupted a botnet using SOHO routers linked to APT28 for cyber-espionage against U.S. and foreign targets. The botnet, dubbed MooBot, allowed threat actors to harvest credentials and conceal their location. The operation, known as Dying Ember, involved deleting stolen data and modifying firewall rules to block access. … Read more
February 15, 2024 at 03:50PM The Department of Justice disrupted a botnet operated by Russian military intelligence, Fancy Bear. The botnet was built on existing malware installed on Ubiquiti Edge OS routers with default passwords, allowing the GRU to launch cybercrimes. US law enforcement removed malicious files and urged router users to reset and update … Read more
February 15, 2024 at 02:45PM The US government has neutralized a Russian cyber espionage platform by disrupting a botnet of hundreds of Ubiquiti Edge OS routers controlled by the APT28 group. The routers were initially infected with ‘Moobot’ malware by cybercriminals and subsequently hijacked by the Russian group. The operation involved deleting stolen data and … Read more
February 15, 2024 at 01:07PM The FBI dismantled a botnet of SOHO routers used by Russia’s GRU for cyberattacks on the US and allies. GRU repurposed the botnet using Moobot malware, possibly originating from cybercriminals. FBI remotely accessed and wiped the malware, blocking GRU access. APT28, known for previous cyber-attacks, was identified. This marks the … Read more
February 15, 2024 at 10:52AM The Russia-sponsored APT group Turla launched a cyberespionage campaign targeting Polish NGOs, using a new backdoor named “TinyTurla-NG” with modular capabilities. The backdoor allows execution of PowerShell and Windows Command Line Interface commands, and a new implant, TurlaPower-NG, for exfiltrating files. Turla also employs old tactics like compromised WordPress-based websites … Read more
February 15, 2024 at 10:18AM Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck. … Read more
February 15, 2024 at 10:03AM Security researchers discovered new malware known as TinyTurla-NG and TurlaPower-NG, being used by the Russian hacker group Turla. The group exploits vulnerable WordPress websites for command and control purposes. Targeting organizations across various sectors, they aim to steal sensitive data using custom tools and malware. The malware’s purpose is to … Read more
February 12, 2024 at 09:03AM A cyberespionage campaign, possibly linked to China, has been using a custom backdoor since at least 2021. The campaign remained undiscovered for two years, highlighting its stealthy nature. Source: SecurityWeek. Based on the meeting notes, it seems that there is a discussion about a cyberespionage campaign linked to China, utilizing … Read more