CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	LockBit Ransomware Developer Arrested in Israel Description: Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins. Source: Dark Reading December 20th, 2024 (6 months ago)
	US charges Russian-Israeli as suspected LockBit ransomware coder Description: The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. [...] Source: BleepingComputer December 20th, 2024 (6 months ago)
	Russian hackers use RDP proxies to steal data in MiTM attacks Description: The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [...] Source: BleepingComputer December 18th, 2024 (6 months ago)
	Recorded Future: Russia's 'Undesirable' Designation Is a Compliment Description: The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime. Source: Dark Reading December 18th, 2024 (6 months ago)
	Recorded Future CEO applauds "undesirable" designation by Russia Description: Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an "undesirable" organization. [...] Source: BleepingComputer December 18th, 2024 (6 months ago)
	Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes Description: The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency, Source: TheHackerNews December 18th, 2024 (6 months ago)
	APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP Description: The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously Source: TheHackerNews December 18th, 2024 (6 months ago)
	Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets Description: The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. Source: Dark Reading December 18th, 2024 (6 months ago)
	Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States Description: The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both Source: TheHackerNews December 12th, 2024 (6 months ago)
	Russian Turla hackers hit Starlink-connected devices in Ukraine Description: Russian cyber-espionage group Turla, aka "Secret Blizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink. [...] Source: BleepingComputer December 11th, 2024 (6 months ago)