Geek-Guy.com

Tag: Russian

AI, Apps, Exploits, Global Security News, malware, Russia

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then…

Read more →

AI, Apps, Global Security News, Government & Policy, malware, Network Security, Russia

Russia-aligned crime group Greyvibe extensively uses AI in attacks

Researchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the goal of intelligence gathering for the ongoing war. Dubbed Greyvibe by researchers from WithSecure,…

Read more →

Cybersecurity, Global Security News, Russia

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB)

Read more →

AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Russia

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

Suspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies on deception rather than technical exploits. Recent investigations by German authorities point to a large-scale phishing campaign conducted via…

Read more →

AI, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Russia

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber official Brett Leatherman told CyberScoop. Researchers, along with U.S. and foreign government agencies, revealed details of the campaign this week by which APT28 — also known as Forest Blizzard or…

Read more →

AI, Global Security News, malware, Russia

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. “PRISMEX combines advanced steganography, component object model (COM) hijacking, and legitimate cloud service abuse for command-and-control,” Trend Micro

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia

Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Russian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-the-middle (AiTM) attacks on Transport Layer Security (TLS) connections, targeting Microsoft Outlook on the web domains, according to a Microsoft…

Read more →

AI, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia

Feds quash widespread Russia-backed espionage network spanning 18,000 devices

Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before it was recently neutralized, researchers and authorities said Tuesday. Forest Blizzard, also known as APT28 and Fancy Bear, exploited known vulnerabilities to steal credentials for thousands of TP-Link…

Read more →

AI, Global Security News, Government & Policy, Network Security, Russia

Major outage cripples Russian banking apps and metro payments nationwide

A major outage hit Russian banking apps and payments, blocking card use, cash withdrawals, and mobile access for hours. A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks,…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware, Network Security, Russia

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across…

Read more →

AI, Data Breaches, Global Security News, malware, Russia

Russian authorities arrest alleged LeakBase admin behind stolen data marketplace

Russian authorities arrested the alleged LeakBase admin for running a marketplace selling stolen data since 2021. Russian law enforcement has arrested the suspected administrator of LeakBase, a cybercrime forum used to trade stolen personal data. The suspect, from Taganrog, is accused of running the platform since 2021. During a search of his home, authorities seized…

Read more →

AI, Exploits, Global Security News, malware, Network Security, Russia

Russian access broker sentenced to over 6 years in prison for ransomware schemes

A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other…

Read more →

AI, Global Security News, Network Security, Russia

Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months

A Russian citizen, Aleksei Volkov, was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in actual losses and over $24 million in intended losses, after being arrested in Italy and extradited to the United States where he pleaded guilty. According to prosecutors, Volkov was an initial…

Read more →

AI, Exploits, Global Security News, malware, Network Security, Russia

81-month sentence for Russian hacker behind major ransomware campaigns

U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang. He helped carry out dozens of attacks, causing over $9M in losses. Arrested in Italy in 2024…

Read more →

AI, Global Security News, Russia

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware…

Read more →

AI, Apps, Exploits, Global Security News, Government & Policy, Russia

Russian hackers go after high-value targets through Signal

Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications. It is believed that the campaign has compromised thousands of commercial messaging applications accounts. People who use…

Read more →

AI, Apps, Cybersecurity, Global Security News, Russia

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. “The campaign

Read more →

AI, Apps, Cybersecurity, Global Security News, Government & Policy, Risk Management, Russia

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

Russian intelligence-affiliated hackers have gained access to thousands of users’ messaging apps with a global phishing campaign, the FBI and the Cybersecurity and Infrastructure Security Agency warned in a public service announcement on Friday. The high-value targets they’re pursuing include current and former U.S. government officials, political figures, military personnel and journalists, the two agencies…

Read more →

AI, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, Russia

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine.…

Read more →

AI, Exploits, Global Security News, Government & Policy, Russia

Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools

Researchers have discovered a second instance of suspected Russian hackers repurposing iOS exploits believed to originally be made on behalf of the U.S. government, pointing to what they say are several foreboding trends. iVerify, Lookout and Google collaborated on the research published Wednesday, a follow-up to earlier revelations about a similar exploit kit, Coruna. While…

Read more →

AI, Exploits, Global Security News, Government & Policy, Russia

Russian hackers crack into officials’ Signal and WhatsApp accounts

Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies warned. They believe journalists and other people who attract attention from Moscow may also be affected. Investigators reported attackers attempt to trick users into revealing verification codes and PINs that protect…

Read more →

AI, Global Security News, Network Security, Russia

Phobos ransomware leader pleads guilty, faces up to 20 years in prison

Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday. Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He…

Read more →

AI, Global Security News, Government & Policy, malware, Russia

Russian APT targets Ukraine with BadPaw and MeowMeow malware

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…

Read more →

AI, Cybersecurity, Global Security News, malware, Russia

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning…

Read more →

AI, Apps, Best Practices, Endpoint, Europe, Exploits, Global Security News, Network Security, Risk Management, Russia, Security Blog, Security, Identity, & Compliance, Technical How-to, Thought Leadership

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure

As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. This tactical adaptation enables the same…

Read more →