GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian,…
Tag: Russialinked
AI, Cybersecurity, Data Breaches, Endpoint, Europe, Global Security News, Government & Policy, malware, Network Security, Russia
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
AI, Exploits, Global Security News, Russia
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed
AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
Russia-linked actors target WhatsApp and Signal in phishing campaign
Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services are running phishing campaigns to hijack high-value accounts on messaging apps like WhatsApp and Signal, the FBI warns. “The FBI has identified cyber actors associated with Russian Intelligence Services targeting…
AI, Global Security News, malware, Russia
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
Russia-linked hackers target Signal, WhatsApp of officials globally
Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intelligence agencies (MIVD and AIVD) warn of a global campaign by Russia-linked threat actors aiming to compromise Signal and WhatsApp accounts. The operation targets government officials, civil servants, and military personnel, highlighting growing cyber risks to sensitive…
AI, Exploits, Global Security News, Russia
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code…
AI, Exploits, Global Security News, Russia
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. “Protection mechanism failure in MSHTML Framework allows an unauthorized
AI, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Russia
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration
Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data…
AI, Europe, Exploits, Global Security News, Russia
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation…
AI, Apps, Global Security News, Government & Policy, malware, Russia
Suspected Russian hackers deploy CANFAIL malware against Ukraine
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…