Search results for Russian | Breaking Cybersecurity News | The Hacker News

Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware. Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware. According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC. The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader. Backdoor On NSA Worker's PC May Have Helped Other Hackers Steal Classi

Last month, it was reported that the European Commission is planning to impose a record antitrust fine of about 3 BILLION euros ( US$3.4 Billion ) on Google for violating antitrust laws. Not just Europe, Google also lost an anti-monopoly appeal in Russia two months back against ruling for violating its dominant position with the help of its Android mobile OS by forcing its own apps and services like Google Map, Youtube, and others, on users — reducing competition. Now to put an end to the monopoly of major mobile Operating System, Russians are developing their own mobile operating system to compete with Android, iOS, and Windows mobile OS. The Minister of Russian Communication Ministry, Nikolai Nikiforov tweeted last month about the initiative to develop a new Russian mobile operating system, for which the Russian company Open Mobile Platform (Открытая Мобильная Платформа) is hiring developers, testers and security engineers. Open Mobile Platform is developing a Linux-ba

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

After being threatened with a ban in Russia , end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost. Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors. The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram 's app to communicate and plot attacks. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.  "And to officially send it to Roskomnadzor to include this data in the registry of organizers

Russian Group of Hackers reportedly cracked into the Kazan-based Energobank and messed up with the Ruble-Dollar exchange rates. In Feb 2015, a hacking group, known by the name METEL , successfully breached into the Russian Regional Bank for just 14 minutes and caused the exchange rate to fluctuate between 55 and 66 rubles per dollar, which finally resulted in the increment of Ruble's value. Here's how they did it: According to Russian security firm, Group-IB, who investigated the incident, the Metel Hacking group infected Kazan-based Energobank with a virus known as the Corkow Trojan and placed more than $500 million in orders at non-market rates. " This is the first documented attack using this virus, and it has the potential to do much more damage ," Dmitry Volkov, the head of Group-IB's cyber intelligence department, told Bloomberg . The hackers had taken the advantage of Spear Phishing Technique, which appears to come from a legit source. A single click

A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name  TAG-53 , and is broadly known by the cybersecurity community as Blue Callisto , Callisto, COLDRIVER, SEABORGIUM, and TA446. "Based on historical public reporting on overlapping TAG-53 campaigns, it is likely that this credential harvesting activity is enabled in part through phishing," Recorded Future's Insikt Group  said  in a report published this week. The cybersecurity firm said it discovered 38 domains, nine of which contained references to companies like UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability (CIJA), and the Russian Ministry of Internal Affairs. It's suspected that the t

Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there's no solid evidence yet available, an article published by WSJ claims  that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky Lab. Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky. "As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight," Kaspersky said in a statement. The NSA contractor working with the American intelligence agency, whose identity has not yet been disclosed, reportedly do

Two days ago when infosec bods claimed to have uncovered what's believed to be the first case of a SCADA network (a water utility) infected with cryptocurrency-mining malware, a batch of journalists accused other authors of making fear-mongering headlines, taunting that the next headline could be about cryptocurrency-miner detected in a nuclear plant. It seems that now they have to run a story themselves with such headlines on their website because Russian Interfax News Agency yesterday reported that several scientists at Russia's top nuclear research facility had been arrested for mining cryptocurrency with "office computing resources." The suspects work as engineers at the Russian Federation Nuclear Center facility—also known as the All-Russian Research Institute of Experimental Physics—which works on developing nuclear weapons. The center is located in Sarov, Sarov is still a restricted area with high security. It is also the birthplace of the Soviet Uni

Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, an anonymous security researcher using the Twitter handle @ContiLeaks has leaked the syndicate's internal chats. The file dump, published by malware research group  VX-Underground , is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated ransomware group from June 2020 to February 2022, in a move that's expected to offer  unprecedented   insight  into the criminal enterprise's inner workings. "Glory to Ukraine," the leaker said in their message. The shared conversations show that Conti used fake front companies to attempt to schedule product demos with security firms like CarbonBlack and Sophos to obtain code signing certificates, with the operators working in scrum sprints to complete the software development tasks. Additionally, the messages  confirm  the  shu

The Russian government is offering almost 4 million ruble which is approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor , an encrypted anonymizing network used by online users in order to hide their activities from law enforcement, government censors, and others. The Russian Ministry of Internal Affairs (MVD) issued a notice on its official procurement website, originally posted on July 11, under the title " шифр «ТОР (Флот)» " ;which translates as " cipher 'TOR' (Navy) " an open call for Tor-cracking proposals whose winner will be chosen by August 20. The MIA specifically wants researchers to " study the possibility of obtaining technical information about users and users' equipment on the Tor anonymous network, " according to a translated version of the Russian government's proposal. Only Russian nationals and companies are allowed to take part in the competition " in o

The cold cyber war has just turned hot. According to a story published  today by the New York Times, Israeli government hackers hacked into Kaspersky's network in 2015 and caught Russian government hackers red-handed hacking US government hackers with the help of Kaspersky. In other words — Russia spying on America, Israel spying on Russia and America spying on everyone. What the F^#% is going around? It is like one is blaming another for doing exactly the same thing it is doing against someone else. Wow! Well, the fact that everyone is spying on everyone is neither new nor any secret. However, somehow now Kaspersky Labs is at the centre of this international espionage tale for its alleged devil role. Just last week, the Wall Street Journal, an American media agency, published a story against the Kaspersky, a Russian antivirus provider, claiming that the Russian government hackers stole highly classified NSA documents and hacking tools in 2015 from a staffer's home

The Computer Emergency Response Team of Ukraine (CERT-UA) has  cautioned  of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap. Follina ( CVE-2022-30190 , CVSS score: 7.8), which concerns a case of remote code execution affecting the Windows Support Diagnostic Tool (MSDT), was addressed by Microsoft on June 14, as part of its Patch Tuesday updates , but not before it was subjected to widespread zero-day exploit activity by numerous threat actors. According to an independent report published by Malwarebytes,  CredoMap  is a variant of the .NET-based credenti

Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016, marking a staggering 624% year-over-year jump over a three-year period from 2018 to 2020. "Further buoying Hydra's growth is its ability—or its good fortune—to remain running and unscathed against competitor attacks or  law enforcement scrutiny ; its only downtime of note occurred during a short time period at the beginning of the COVID-19 global pandemic in late March 2020," threat intelligence firm Flashpoint  said  in a report jointly published with blockchain analysis firm Chainalysis. Active since 2015, Hydra opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily facilitating narcotics trade, before becoming a bazaar for all things criminal, including offering BTC cash-out services and peddling stolen credit cards, SIM cards, document

Ukraine's biggest telecom operator Kyivstar has  become  the victim of a " powerful hacker attack ," disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues to restore connectivity," NetBlocks  said  in a series of posts on X (formerly Twitter). Kyivstar, which is owned by Dutch-domiciled multinational telecommunication services company VEON,  serves  nearly 25 million mobile subscribers and more than 1 million home internet customers. The company said the attack was "a result of" the war with Russia and that it has notified law enforcement and special state services. While Kyivstar is working to restore the services, the internet watchdog noted that the telco is largely offline. That said, Kyivstar has yet t

UPDATE — It Turns out that the Russian Hacker arrested by the FBI is responsible for 2012 LinkedIn Data Breach. ( Read latest update here ) Czech police, in cooperation with the FBI, has arrested a Russian citizen in Prague suspected of participating in conducting cyber-attacks against the United States. Czech police announced the arrest on its official website Tuesday evening, without giving any further details about the man and for what he is wanted for. Yevgeniy N , 29-year-old, alleged Russian Hacker, was arrested after Interpol issued a warrant. Police detained the individual at a hotel in the city's center 12 hours after receiving the order. Officials say he was living in the country with his girlfriend and enjoying a lavish lifestyle, driving expensive cars. Neither the Czech police nor the FBI has issued any details on the charges that led to the arrest of the suspect. "Czech police carried out a successful joint operation with the US Federal Bureau of

As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and sporting organizations around the world. The attacks are originating from the 'Strontium' Russian hacking group, widely known as Fancy Bear or APT28, and are believed to be linked to the upcoming 2020 Summer Olympics in Tokyo. The Fancy Bear hacking group, also known as APT28, Sofacy, X-agent , Sednit , Sandworm , and Pawn Storm, is believed to be linked to Russian military intelligence agency GRU and has been in operation since at least 2007. Over these past three decades, the group has been credited to many high profile hacking incidents, like hacking the US presidential elections

Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes surrounding the ongoing war in Ukraine. "The largest and most complex Russian operation we've disrupted since the war in Ukraine began, it ran a sprawling network of over 60 websites impersonating news organizations, as well as accounts on Facebook, Instagram, YouTube, Telegram, Twitter, Change.org and Avaaz, and even LiveJournal," the social media behemoth  said . The sophisticated Russian activity, which commenced in May 2022, impersonated mainstream European news outlets like Der Spiegel, The Guardian, and Bild, not to mention build credibility by creating fake accounts across

Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name  Storm-1359 . "These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools," the tech giant  said  in a post on Friday. Storm-#### (previously DEV-####) is a temporary designation the Windows maker assigns to unknown, emerging, or developing groups whose identity or affiliation hasn't been definitively established yet. While there is no evidence that any customer data was accessed or compromised, the company noted the attacks "temporarily impacted availability" of some services. Redmond said it further observed the threat actor launching  layer 7 DDoS attacks  from multiple cloud services and open proxy infrastructures. This includes HTTP(S) flood attacks, which bombard the target services with a