Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Description: Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple
Source: TheHackerNews
February 19th, 2025 (about 2 months ago)
A Threat Actor Claims to have Leaked The Unified State Register of Real Estate of the Russian Federation
Description: A Threat Actor Claims to have Leaked The Unified State Register of Real Estate of the Russian Federation
Source: DarkWebInformer
February 19th, 2025 (about 2 months ago)
Written by: Dan Black Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to...
Description: Written by: Dan Black Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal's popularity among common targets of surveillance and espionage activity—such as military personnel, politicians, journalists, activists, and other at-risk communities—has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are g...
Source: Google Threat Intelligence
February 19th, 2025 (about 2 months ago)
Russian phishing campaigns exploit Signal's device-linking feature
Description: Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest. [...]
Source: BleepingComputer
February 19th, 2025 (about 2 months ago)
Russian Hackers Exploit Signal’s Linked Devices to Spy on Users
Description: Google’s Threat Intelligence Group (GTIG) has uncovered a series of cyber-espionage campaigns by Russian state-aligned hackers targeting Signal Messenger accounts. These operations, attributed to groups such as APT44 (Sandworm), UNC5792, UNC4221, and Turla, aim to compromise secure communications used by military personnel, politicians, and activists. By abusing Signal’s “linked devices” feature, these actors gain persistent … The post Russian Hackers Exploit Signal’s Linked Devices to Spy on Users appeared first on CyberInsider.
Source: CyberInsider
February 19th, 2025 (about 2 months ago)
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Description: Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and
Source: TheHackerNews
February 19th, 2025 (about 2 months ago)
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Description: Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis
Source: TheHackerNews
February 17th, 2025 (2 months ago)
Microsoft: Hackers steal emails in device code phishing attacks
Description: An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. [...]
Source: BleepingComputer
February 15th, 2025 (2 months ago)
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Source: TheRegister
February 15th, 2025 (2 months ago)
Hackers Use Device Code Phishing to Hijack Microsoft 365 Accounts
Description: A newly discovered phishing campaign targeting Microsoft 365 accounts has been attributed to Russian-linked threat actors, leveraging an advanced technique known as device code authentication phishing. Reports from both Microsoft and cybersecurity firm Volexity indicate that multiple groups have been exploiting this method since mid-2024, targeting government agencies, NGOs, defense organizations, and private companies across … The post Hackers Use Device Code Phishing to Hijack Microsoft 365 Accounts appeared first on CyberInsider.
Source: CyberInsider
February 14th, 2025 (2 months ago)