CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A newly released joint advisory has exposed a long-running espionage campaign by Russia’s GRU targeting Western logistics companies and technology firms critical to aid delivery in Ukraine. The effort, attributed to GRU Unit 26165, widely tracked as APT28 or the name Fancy Bear, has exploited corporate infrastructure using credential attacks, spear phishing, and malware to …
The post Russian GRU Cyber Campaign Targets Western Logistics and Tech Firms appeared first on CyberInsider.
May 21st, 2025 (23 days ago)
|
|
Description: Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies.
This advisory details a Russian state-sponsored cyber espionage-oriented campaign targeting technology companies and logistics entities, including those involved in the coordination, transport, and delivery of foreign assistance to Ukraine.
Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165 cyber actors are using a mix of previously disclosed tactics, techniques, and procedures (TTPs) and are likely connected to these actors’ widescale targeting of IP cameras in Ukraine and bordering NATO nations.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of until 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise, and posture network defenses with a presumption of targeting. For more information on Russian state-sponsored threat actor activity, see CISA’s Russia Cyber Threat Overview and Advisories page.
May 21st, 2025 (23 days ago)
|
CVE-2023-23397 |
Description: Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Secur...
CVSS: CRITICAL (9.8)
May 21st, 2025 (23 days ago)
|
|
Description: Republican Rep. Don Bacon said that a pause in U.S. offensive cyber operations against Russia earlier this year lasted only one day as part of the Trump administration's negotiations with the Kremlin on ending the war in Ukraine.
May 16th, 2025 (28 days ago)
|
|
Description: Authorities in the republic of Chuvashia confirmed attackers targeted software used to manage patient records and medical histories.
May 16th, 2025 (28 days ago)
|
|
Description: About a third of the case file archive of Pravosudiye — Russia's national electronic court filing system — was deleted in a previously reported cyberattack, auditors said.
A pro-Ukrainian group has claimed the intrusion.
May 15th, 2025 (29 days ago)
|
|
Description: Russia-linked hackers known as APT28 mainly targeted entities in Ukraine, Bulgaria and Romania, but governments in Africa, South America and other parts of Europe were also affected.
May 15th, 2025 (29 days ago)
|
|
Description: The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. [...]
May 13th, 2025 (about 1 month ago)
|
|
Description: The latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint.
May 13th, 2025 (about 1 month ago)
|
|
Description: The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia.
Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion."
"The group's interest in Ukraine follows historical targeting
May 13th, 2025 (about 1 month ago)
|