Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. [...]
April 10th, 2025 (7 days ago)
|
|
Description: The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.
The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on
April 10th, 2025 (7 days ago)
|
|
Description: British police arrested a 38-year-old Romanian man suspected of connections to a fire at a DHL warehouse that appeared to be part of a larger sabotage campaign attributed to Russian intelligence.
April 10th, 2025 (7 days ago)
|
|
Description: Researchers at Symantec said the Russia-linked group known as Gamaredon appears to have departed from its usual email phishing tactics in hacking a Western military mission in Ukraine.
April 10th, 2025 (7 days ago)
|
|
Description: The German Association for Eastern European Studies (DGO) said the attack at the end of March targeted email systems, bypassing security measures put in place after another recent breach with suspected Russian links.
April 9th, 2025 (8 days ago)
|
|
Description: The hackers have targeted Ukraine’s armed forces, law enforcement agencies and local government bodies — especially those near the country’s eastern border, which is close to Russia.
April 7th, 2025 (10 days ago)
|
|
Description: Written by: Rohit Nambiar
Executive Summary
In October 2024, Google Threat Intelligence Group (GTIG) observed a novel phishing campaign targeting European government and military organizations that was attributed to a suspected Russia-nexus espionage actor we track as UNC5837. The campaign employed signed .rdp file attachments to establish Remote Desktop Protocol (RDP) connections from victims' machines. Unlike typical RDP attacks focused on interactive sessions, this campaign creatively leveraged resource redirection (mapping victim file systems to the attacker servers) and RemoteApps (presenting attacker-controlled applications to victims). Evidence suggests this campaign may have involved the use of an RDP proxy tool like PyRDP to automate malicious activities like file exfiltration and clipboard capture. This technique has been previously dubbed as “Rogue RDP.”
The campaign likely enabled attackers to read victim drives, steal files, capture clipboard data (including passwords), and obtain victim environment variables. While we did not observe direct command execution on victim machines, the attackers could present deceptive applications for phishing or further compromise. The primary objective of the campaign appears to be espionage and file theft, though the full extent of the attacker's capabilities remains uncertain. This campaign serves as a stark reminder of the security risks associated with obscure RDP functionalities, underscoring the importance of vigilance ...
April 7th, 2025 (10 days ago)
|
|
Description: A Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company.
April 4th, 2025 (13 days ago)
|
|
Description: Ransomware gangs and Russian government hackers are increasingly turning to an old tactic called “fast flux” to hide the location of infrastructure used in cyberattacks.
April 3rd, 2025 (14 days ago)
|
|
Description: Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.
"More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.
Triada is the
April 3rd, 2025 (15 days ago)
|