Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [...]
Coverage of cybersecurity incidents, policy, privacy, public services, advisories, and regional developments connected to Russia.
Search across headline titles and summaries.
Background for this topic.
Russia covers cybersecurity and information-security developments connected to Russia, including incidents, policy, privacy, advisories, research, and news affecting organizations, public services, and digital systems in the area.
For practitioners, the tag provides geographic context for developments involving Russia's organizations, services, partners, and users. Individual articles provide the specific technologies, threats, sectors, and operational implications relevant to each development.
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [...]
Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their authentication tokens, granting access to emails, cloud data, and other sensitive information.…
Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024
Russian, Iranian and Chinese APTs Among Most Active Ransomware CollaboratorsSecurity researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities.
Also: Complaint Against Trump, Melania MemecoinsThis week's stories include sentencing in a $37 million theft, $9 million zkLend theft, Tornado Cash developer's pretrial detention release, guilty plea in SEC hack, an update on a crypto-using murderer, case against Trump memecoin, and a prisoner exchange involving a Russian Bitcoin fraud suspect.
Microsoft found that Russian state actor Seashell Blizzard has deployed an initial access subgroup to gain persistent access in a range of high-value global targets
US, UK and Australia Target Zservers for Supporting LockBit, Other Cybercrime GroupsA Russian bulletproof hosting service used by cybercriminals including the LockBit ransomware group has been sanctioned by Australian, British and American agencies. Zservers has been advertised in criminal forums as an aid to avoid law enforcement investigations and takedowns.
US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.
Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data Feature Ransomware gangsters and state-sponsored online spies fall on opposite ends of the cyber-crime spectrum.…
Russia, China, Iran and North Korea Tapping Cybercrime Services, Google SaysThe cybercrime-as-a-service economy continues to power ransomware and other criminal enterprises, as well as serve as "an accelerant for state-sponsored hacking," collectively posing an increasing risk to Western national security, cybersecurity researchers warn.
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe
'Near-global' initial access campaign active since 2021 An initial-access subgroup of Russia's Sandworm last year wriggled its way into networks within the US, UK, Canada and Australia, stealing credentials and data from "a limited number of organizations," according to Microsoft.…
A subgroup of the Russian state-sponsored hacking group APT44, also known as 'Seashell Blizzard' and 'Sandworm', has been targeting critical organizations and governments in a multi-year campaign dubbed 'BadPilot.' [...]
Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.
Detained Russians Accused of Phobos Ransomware Attacks Against 1,000 OrganizationsThai police have arrested four suspected members of the 8Base ransomware-wielding gang, which authorities say has extorted $16 million in ransom payments through attacks against mostly smaller players. The four men were taken into custody in a coordinated, international law enforcement operation.
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. [...]
The United States, Australia, and the United Kingdom have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) services provider, for supplying essential attack infrastructure for the LockBit ransomware gang. [...]
The US and its allies have sanctioned Russian bulletproof hoster Zservers for abetting ransomware attacks