Skip to content
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Category Archive

Russian Cyber Threat Intelligence

27 reports · All intelligence

Russian state-sponsored and criminal cyber operations — the actors, malware, and infrastructure we track, and how their targeting shifts.

Chinese Cyber Threat Intelligence
Water Systems Are Becoming Nation-State Pressure Points
Chinese Cyber Threat Intelligence·

Water Systems Are Becoming Nation-State Pressure Points

Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.

Cyber Security Blog
Turla’s STOCKSTAY Backdoor Shows Why Espionage Defense Needs Egress Visibility
Cyber Security Blog·

Turla’s STOCKSTAY Backdoor Shows Why Espionage Defense Needs Egress Visibility

GTIG’s STOCKSTAY research shows how Turla blends modular .NET malware, WebSocket C2, and diplomatic targeting. Here are the defensive lessons for SMBs and government contractors.

Cyber Security Blog
Kazuar Shows Russian Espionage Malware Is Engineering for Resilience
Cyber Security Blog·

Kazuar Shows Russian Espionage Malware Is Engineering for Resilience

Microsoft reports that Kazuar, attributed to Russian state actor Secret Blizzard, has evolved into a modular P2P botnet. Here is what SMBs and government contractors should take from it defensively.

Russian Cyber Threat Intelligence
Pro-Ukraine Bearlyfy Group Deploys Custom GenieLocker Ransomware Against 70+ Russian Companies
Russian Cyber Threat Intelligence·

Pro-Ukraine Bearlyfy Group Deploys Custom GenieLocker Ransomware Against 70+ Russian Companies

A pro-Ukrainian hacking group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since January 2025, with recent operations deploying a proprietary Windows ransomware strain called GenieLocker, according to research from Russian security

Malware
DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover
Malware·

DarkSword iOS Exploit Kit: Russian Hackers Weaponize Six Vulnerabilities for Full iPhone Takeover

Google Threat Intelligence Group (GTIG), iVerify, and Lookout have jointly uncovered DarkSword, a sophisticated iOS exploit kit that enables complete device compromise with minimal user interaction. The kit, operational since at least November 2025, has been deployed by suspected

Russian Cyber Threat Intelligence
BlackSanta EDR Killer Campaign Targets HR Departments Through Weaponized Resume Files
Russian Cyber Threat Intelligence·

BlackSanta EDR Killer Campaign Targets HR Departments Through Weaponized Resume Files

A year-long malware campaign targets HR departments through weaponized resume files, deploying the previously undocumented BlackSanta EDR killer that disables endpoint security tools at the kernel level.

Russian Cyber Threat Intelligence
Russian APT Deploys Cat-Themed BadPaw and MeowMeow Malware to Target Ukraine
Russian Cyber Threat Intelligence·

Russian APT Deploys Cat-Themed BadPaw and MeowMeow Malware to Target Ukraine

Security researchers from ClearSky have uncovered a sophisticated Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware strains with distinctly playful names: BadPaw and MeowMeow. Despite their whimsical naming, these tools represent a seri

Russian Cyber Threat Intelligence
APT28 Exploited CVE-2026-21513 MSHTML Zero-Day as Attack Vector Before February Patch Tuesday
Russian Cyber Threat Intelligence·

APT28 Exploited CVE-2026-21513 MSHTML Zero-Day as Attack Vector Before February Patch Tuesday

Russia’s state-sponsored threat actor APT28 (also known as Fancy Bear) has been linked to active exploitation of CVE-2026-21513, a high-severity MSHTML zero-day vulnerability, before Microsoft released its patch in February 2026. This finding comes from new research published by

Operational Technology (OT)
Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid
Operational Technology (OT)·

Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid

Russian cyberattacks targeting Ukraine’s energy infrastructure have shifted focus from immediate disruption to intelligence gathering for guiding missile strikes, Ukrainian cybersecurity officials revealed at the Kyiv International Cyber Resilience Forum. Strategic Shift in Attac

Russian Cyber Threat Intelligence
Diesel Vortex: Russian Cybercrime Group Steals 1,600+ Credentials From Global Logistics Sector
Russian Cyber Threat Intelligence·

Diesel Vortex: Russian Cybercrime Group Steals 1,600+ Credentials From Global Logistics Sector

A Russian-linked cybercrime group dubbed Diesel Vortex has been systematically targeting the global freight and logistics industry, stealing over 1,600 unique login credentials from users of major logistics platforms in a sophisticated phishing campaign that ran from September 20

Russian Cyber Threat Intelligence
APT28 Deploys Operation MacroMaze: Webhook-Based Macro Malware Targets European Entities
Russian Cyber Threat Intelligence·

APT28 Deploys Operation MacroMaze: Webhook-Based Macro Malware Targets European Entities

Russia-linked APT28 (also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has launched a sophisticated espionage campaign targeting entities across Western and Central Europe. The operation, codenamed Operation MacroMaze by S2 Grupo’s LAB52 threat

Russian Cyber Threat Intelligence
AI-Augmented Attack: Russian-Speaking Cybercriminals Compromise 600+ FortiGate Firewalls
Russian Cyber Threat Intelligence·

AI-Augmented Attack: Russian-Speaking Cybercriminals Compromise 600+ FortiGate Firewalls

A Russian-speaking cybercrime group has compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, leveraging off-the-shelf generative AI tools to automate and scale their operations, according to a new incident report from AWS. Attac

General CTI
APT28 Targets European Entities with Operation MacroMaze Webhook Malware Campaign
General CTI·

APT28 Targets European Entities with Operation MacroMaze Webhook Malware Campaign

Russia’s notorious state-sponsored threat actor APT28 (also known as Fancy Bear) has been attributed to a sophisticated new campaign targeting organizations across Western and Central Europe. According to S2 Grupo’s LAB52 threat intelligence team, the campaign—codenamed Operation

Malware
Russian Threat Actor Deploys CANFAIL Malware Against Ukrainian Organizations
Malware·

Russian Threat Actor Deploys CANFAIL Malware Against Ukrainian Organizations

Google Threat Intelligence Group (GTIG) has uncovered a new threat actor possibly affiliated with Russian intelligence services that has been systematically targeting Ukrainian organizations with a sophisticated malware strain known as CANFAIL. Target Profile The threat group has

Russian Cyber Threat Intelligence
APT28 Exploits CVE-2026-21509 in Operation Neusploit: Stealing Emails with MiniDoor Backdoor
Russian Cyber Threat Intelligence·

APT28 Exploits CVE-2026-21509 in Operation Neusploit: Stealing Emails with MiniDoor Backdoor

Russia’s infamous APT28 (Fancy Bear/Forest Blizzard) threat group has weaponized a recently patched Microsoft Office vulnerability in just three days, launching a sophisticated espionage campaign dubbed Operation Neusploit targeting government and diplomatic entities across Centr

Russian Cyber Threat Intelligence
Russian Legion Hacker Alliance Launches OpDenmark Campaign Against Danish Critical Infrastructure
Russian Cyber Threat Intelligence·

Russian Legion Hacker Alliance Launches OpDenmark Campaign Against Danish Critical Infrastructure

A newly formed Russian hacktivist alliance called Russian Legion has launched OpDenmark, a coordinated cyberattack campaign against Danish critical infrastructure in retaliation for the country’s 1.5 billion DKK military aid package to Ukraine.

Russian Cyber Threat Intelligence
Russian Hackers Launch Coordinated Cyberattacks on Poland’s Renewable Energy Infrastructure
Russian Cyber Threat Intelligence·

Russian Hackers Launch Coordinated Cyberattacks on Poland’s Renewable Energy Infrastructure

Russian state-sponsored threat actors launched coordinated cyberattacks against Poland’s energy sector on December 29, 2025, targeting over 30 wind and solar farms, a manufacturing company, and a major combined heat and power (CHP) plant that serves nearly 500,000 people, accordi

Russian Cyber Threat Intelligence
Poland Thwarts Russian Sandworm Wiper Attack on Power Plants
Russian Cyber Threat Intelligence·

Poland Thwarts Russian Sandworm Wiper Attack on Power Plants

Russian APT group Sandworm attempted to deploy destructive DynoWiper malware against Polish power plants in late December 2025. The attack was thwarted, but highlights ongoing threats to critical infrastructure from state-sponsored actors.

Malware
Poland Thwarts Russian Wiper Malware Attack on Power Plants
Malware·

Poland Thwarts Russian Wiper Malware Attack on Power Plants

Source: Hackread | Author: Deeba Ahmed Poland has narrowly avoided a massive energy crisis following what officials are calling the largest cyberattack on the country in years. Between 29 and 30 December 2025, hackers attempted to break into the nation’s energy infrastructure, sp

Russian Cyber Threat Intelligence
“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years
Russian Cyber Threat Intelligence·

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

By Jonathan Munshaw READ ARTICLE Whether you want to call them “catfishing,” “pig butchering” or just good ‘old-fashioned “social engineering,” romance scams have been around forever. I was first introduced to them through the MTV show “Catfish,” but recently they seem to be maki

Russian Cyber Threat Intelligence
New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine
Russian Cyber Threat Intelligence·

New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine

READ ARTICLE By: Kevin Poireault Reporter, Infosecurity Magazine A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs. AcidRain is destructive wiper malware attributed to Russian military intel

Russian Cyber Threat Intelligence
Fancy Bear: Espionage group expands global phishing campaign
Russian Cyber Threat Intelligence·

Fancy Bear: Espionage group expands global phishing campaign

Source Russia-linked threat actor Fancy Bear is conducting a wave of phishing campaigns impersonating entities across Europe, Americas, and Asia, focusing on Ukraine-related targets. IBM X-Force has identified an ongoing phishing campaign conducted by ITG05, a Russia state-sponso

Global Cyber Threat Intelligence
Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL
Global Cyber Threat Intelligence·

Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL

Read Article Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32 Carbanak (Anunak) Vulnerability: Named Pi

Russian Cyber Threat Intelligence
Which type of malware resides only in RAM? Explaining fileless malware
Russian Cyber Threat Intelligence·

Which type of malware resides only in RAM? Explaining fileless malware

Read Article Explaining malware which resides only in RAM Unlike traditional malware, which typically involves downloading and running an executable file, fileless malware operates in the system’s memory (RAM) and often exploits legitimate tools (like PowerShell, WMI, or Windows

Russian Cyber Threat Intelligence
NoName on Rampage! Claims DDoS Attacks on Ukrainian Government Sites
Russian Cyber Threat Intelligence·

NoName on Rampage! Claims DDoS Attacks on Ukrainian Government Sites

Read Article NoName ransomware group has allegedly targeted multiple Ukrainian government websites. The latest victims of the alleged NoName ransomware attack on Ukraine include Accordbank, Zaporizhzhya Titanium-Magnesium Plant, State Tax Service, Central Interregional Tax Admini

Russian Cyber Threat Intelligence
Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant
Russian Cyber Threat Intelligence·

Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

https://www.cysecurity.news/2024/01/prior-to-cyber-attack-russian-attackers.html Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. How? Russian hackers br

Russian Cyber Threat Intelligence
Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
Russian Cyber Threat Intelligence·

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months