Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russia. Show all posts
Ukraine
Cyber Attacks Drone Hacking Russia Ukraine

Ukrainian Hackers Claim Major Cyberattack on Russian Drone Manufacturer



In an unsettling development in the ongoing cyber conflict linked to the Russia-Ukraine war, Ukrainian-aligned hacking groups have claimed responsibility for a large-scale cyberattack targeting a major Russian drone manufacturing company.

The targeted firm, identified as Gaskar Group, is believed to play a key role in supplying unmanned aerial vehicles (UAVs) to Russian forces. Two pro-Ukrainian hacker collectives, the BO Team and the Ukrainian Cyber Alliance, reportedly carried out the operation in collaboration with Ukraine’s military intelligence service.

The BO Team, a group known for supporting Ukraine through cyber operations, shared news of the breach on a Telegram channel on July 14. According to their statement, the team successfully gained full access to the internal network, servers, and data systems of the drone company. This breach reportedly allowed them to obtain sensitive technical details about existing and upcoming UAV models.

Following the infiltration, the hackers claimed they deleted a massive volume of data approximately 47 terabytes, which included 10 terabytes of backup files. They also say they disabled the company’s operational and support systems, potentially disrupting production and delaying the deployment of drones to the battlefield.

Ukrainian media sources have reported that Ukraine’s military intelligence has acknowledged the incident. In addition, some of the stolen data has allegedly been made public by the Ukrainian Cyber Alliance. These developments suggest that the cyberattack may have had a tangible impact on Russia’s drone supply chain.

While drone warfare has existed for years, the ongoing conflict has brought about a new level of reliance on smaller, low-cost drones for surveillance, attacks, and tactical missions. Both Ukraine and Russia have used these devices extensively on the frontlines, with drones proving to be a powerful asset in modern combat.

A March 2024 investigation by Reuters highlighted how drone use in Ukraine has grown to an unprecedented scale. First-person view (FPV) drones — often modified from commercial models have become especially important due to their low cost and versatility in hostile zones, where traditional aircraft are often vulnerable to air defense systems.

In June, drones were central to a Ukrainian strike known as "Operation Spiderweb," which reportedly resulted in major damage to Russian air assets.

In response to the latest incident, Gaskar Group has denied that the cyberattack caused serious damage. However, if the claims made by the hacking groups are proven true, the breach could significantly affect Russia’s ability to supply drones in the short term.

As cyber warfare continues to play a larger role in the ongoing conflict, incidents like these reflect how digital attacks are becoming just as critical as physical operations in today’s battles. 

Read more »
Russia
Bitcoin Crypto Mining Cyber Crime electricity Russia

Hidden Crypto Mining Operation Found in Truck Tied to Village Power Supply

 


In a surprising discovery, officials in Russia uncovered a secret cryptocurrency mining setup hidden inside a Kamaz truck parked near a village in the Buryatia region. The vehicle wasn’t just a regular truck, it was loaded with 95 mining machines and its own transformer, all connected to a nearby power line powerful enough to supply an entire community.


What Is Crypto Mining, and Why Is It Controversial?

Cryptocurrency mining is the process of creating digital coins and verifying transactions through a network called a blockchain — a digital ledger that can’t be altered. Computers solve complex calculations to keep this system running smoothly. However, this process demands huge amounts of electricity. For example, mining the popular coin Bitcoin consumes more power in a year than some entire countries.


Why Was This Setup a Problem?

While mining can help boost local economies and create tech jobs, it also brings risks, especially when done illegally. In this case, the truck was using electricity intended for homes without permission. The unauthorized connection reportedly caused power issues like low voltage, grid overload, and blackouts for local residents.

The illegal setup was discovered during a routine check by power inspectors in the Pribaikalsky District. Before law enforcement could step in, two people suspected of operating the mining rig escaped in a vehicle.


Not the First Incident

This wasn’t an isolated case. Authorities report that this is the sixth time this year such theft has occurred in Buryatia. Due to frequent power shortages, crypto mining is banned in most parts of the region from November through March. Even when allowed, only approved companies can operate in designated areas.


Wider Energy and Security Impacts

Crypto mining operations run 24/7 and demand a steady flow of electricity. This constant use strains power networks, increases local energy costs, and can cause outages when grids can’t handle the load. Because of this, similar mining restrictions have been put in place in other regions, including Irkutsk and Dagestan.

Beyond electricity theft, crypto mining also has ties to cybercrime. Security researchers have reported that some hacking groups secretly install mining software on infected computers. These programs run quietly, often at night, using stolen power and system resources without the owner’s knowledge. They can also steal passwords and disable antivirus tools to remain undetected.


The Environmental Cost

Mining doesn’t just hurt power grids — it also affects the environment. Many mining operations use electricity from fossil fuels, which contributes to pollution and climate change. Although a study from the University of Cambridge found that over half of Bitcoin mining now uses cleaner sources like wind, nuclear, or hydro power, a significant portion still relies on coal and gas.

Some companies are working to make mining cleaner. For example, projects in Texas and Bhutan are using renewable energy to reduce the environmental impact. But the challenge remains, crypto mining’s hunger for energy has far-reaching consequences.

Read more »
Russia
Cyber Crime ICC Israel Justice Russia

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

Swift discovery helped the ICC

Last week, the International Criminal Court (ICC) announced that it had discovered a new advanced and targeted cybersecurity incident. Its response mechanism and prompt discovery helped to contain the attack. 

The ICC did not provide details about the attackers’ intentions, any data leaks, or other compromises. According to the statement, the ICC, which is headquartered in The Hague, the Netherlands, is conducting a threat evaluation after the attack and taking measures to address any injuries. Details about the impact were not provided. 

Collective effort against threat actors

The constant support of nations that have ratified the Rome Statute helps the ICC in ensuring its capacity to enforce its mandate and commitment, a responsibility shared by all States Parties. “The Court considers it essential to inform the public and its States Parties about such incidents as well as efforts to address them, and calls for continued support in the face of such challenges,” ICC said. 

The ICC was founded in 2002 through the Rome Statute, an international treaty, by a coalition of sovereign states, aimed to create an international court that would prosecute individuals for international crimes– war crimes, genocide, terrorism, and crimes against humanity. The ICC works as a separate body from the U.N. International Court of Justice, the latter brings cases against countries but not individuals.

Similar attack in 2023

In 2023, the ICC reported another cybersecurity incident. The attack was said to be an act of espionage and aimed at undermining the Court’s mandate. The incident had caused it to disconnect its system from the internet. 

In the past, the ICC has said that it had experienced increased security concerns as threats against its various elected officials rose. “The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court's mandate," ICC said. 

The recent notable arrests issued by the ICC include Russian President Vladimir Putin and Israeli Prime Minister Benjamin Netanyahu.

Read more »
Russia links
Cloud Cyber Security Data Safety User Data data security FSB IP Address Messaging Apps Russia Russia links

Telegram’s Alleged Ties to Russian Intelligence Raise Global Surveillance Fears

 

A new investigation by Russian media outlet Important Stories, in collaboration with the Organized Crime and Corruption Reporting Project (OCCRP), has sparked fresh scrutiny over Telegram’s connections to Russia’s intelligence services. The popular messaging platform, long regarded for its privacy features, may have indirect links to the Russian Federal Security Service (FSB), raising significant concerns for users worldwide.

At the center of the probe is a company called Global Network Management (GNM), which plays a critical role in routing Telegram’s messages. Although GNM is officially incorporated in the Caribbean nation of Antigua and Barbuda, it operates primarily from Russia. Its owner, Vladimir Vedeneev, is a Russian engineer with long-standing ties to Telegram founder Pavel Durov. Legal filings show that Vedeneev is the only individual authorized to manage certain Telegram servers, including those based in the U.S. 

Vedeneev also runs other firms—such as Globalnet and Electrontelecom—that reportedly supply telecommunications infrastructure to various Russian state entities, including the FSB. These companies have been linked to classified government projects involving surveillance and defense. 

The IP addresses used by Telegram used to be owned by Russian firms with FSB affiliations. These IPs still appear to be registered in Russia, and might be responsible for allowing user activity to be traced back through Russian-controlled networks. Telegram users typically rely on regular cloud chats, which—unlike its secret chats—are not end-to-end encrypted and are stored on Telegram’s servers. Security analysts warn that if Vedeneev’s companies manage routing systems and network infrastructure, they could potentially access user metadata, including IP addresses, device IDs, and location data. 

Though message content may remain encrypted, this metadata could still be exploited for surveillance. Moreover, Telegram transmits unique device identifiers in an unencrypted format, creating additional vulnerability. Experts caution that Russian intelligence could leverage this data to monitor users, particularly dissidents, journalists, or foreign nationals viewed as threats. Telegram has refuted the claims, stating that it has no employees or servers in Russia and that its infrastructure remains fully under the control of its internal teams. 

The company maintains that no third party, including vendors, can access confidential user data or systems. However, Telegram has yet to directly address the investigation’s core claims regarding GNM, Vedeneev, or the related infrastructure providers. The platform also hasn’t explained how it protects users if server operators have potential intelligence ties or why certain data is still sent without encryption. 

The issue is especially relevant in Ukraine, where Telegram has over 10 million users and is a major source of news and official communication. While President Volodymyr Zelensky’s administration uses the app for public updates, growing concerns around disinformation and espionage have prompted discussions about its continued use. 

As the investigation raises critical questions about the app’s security, the broader implications for global digital privacy and national security remain in sharp focus.
Read more »
Ukraine
Cyber Attacks EU Fake news Information War propaganda Russia Ukraine

EU Sanctions Actors Involved in Russian Hybrid Warfare


EU takes action against Russian propaganda

The European Union (EU) announced sweeping new sanctions against 21 individuals and 6 entities involved in Russia’s destabilizing activities abroad, marking a significant escalation in the bloc’s response to hybrid warfare threats.

European Union announced huge sanctions against 6 entities and 21 individuals linked to Russia’s destabilizing activities overseas, highlighting the EU’s efforts to address hybrid warfare threats. 

The Council’s decision widens the scope of regulations to include tangible assets and brings new powers to block Russian media broadcasting licenses, showcasing the EU’s commitment to counter Moscow’s invading campaigns. The new approach now allows taking action against actors targeting vessels, real estate, aircraft, and physical components of digital networks and communications. 

Financial organizations and firms giving crypto-asset services that allow Russian disruption operations also fall under the new framework. 

The new step addresses systematic Russian media control and manipulation, the EU is taking authority to cancel the broadcasting licenses of Russian media houses run by the Kremlin and block their content distribution within EU countries. 

Experts describe this Russian tactic as an international campaign of media manipulation and fake news aimed at disrupting neighboring nations and the EU. 

Interestingly, the ban aligns with the Charter of Fundamental Rights, allowing select media outlets to do non-broadcasting activities such as interviews and research within the EU. 

Propaganda and Tech Companies

The EU has also taken action against StarkIndustries, a web hosting network. The company is said to have assisted various Russian state-sponsored players to do suspicious activities such as information manipulation, interference ops, and cyber attacks against the Union and third-world countries. 

The sanctions also affect Viktor Medvedchuk, an ex-Ukranian politician and businessman, who is said to control Ukranian media outlets to distribute pro-Russian propaganda. 

Hybrid Threats Framework

The sections are built upon a 2024 framework to address Russian interference actions compromising EU fundamental values, stability, independence, integrity, and stability. 

Designated entities and individuals face asset freezes, whereas neutral individuals will face travel bans blocking entry and transit through EU nations. This displays the EU’s commitment to combat hybrid warfare via sustained, proportionate actions.

Read more »
Russia
Cyber Attacks Europe hybrid attacks Russia

Russia Accused of Carrying Out Over 50 Secret Operations Across Europe

 



In the last few years since the war in Ukraine began, several European countries have experienced unusual and suspicious activities. These events include online attacks, spying, fires, and efforts to spread false information. Investigations suggest that many of these actions may be linked to Russia or groups working in its interest.

According to a report studied by journalists from a global news agency, at least 59 such incidents have taken place. These actions are believed to be part of a broader strategy known as "hybrid attacks" which mix cybercrime, sabotage, and misinformation to confuse or harm other countries without direct warfare.

Some of these incidents involved hackers breaking into politicians' accounts or important systems. In other cases, there were attempts to cause damage through arson or even plans to smuggle explosives onto cargo flights. These activities have raised serious concerns among security agencies.

Officials from NATO believe these attacks serve two purposes: to create political tension within countries and to reduce international support for Ukraine. Nations that have supported Ukraine the most— like Poland, Finland, Estonia, and Latvia—have been targeted more often.

In the Baltic Sea, mysterious shipping activity has raised suspicions of Russian involvement in damaging undersea cables and pipelines. On land, authorities in some countries have accused Russia and its close ally Belarus of creating border tensions by pushing migrants toward their borders. Fires in Lithuania and Poland have also been publicly connected to these efforts.

When asked for a response, Russian officials denied all the accusations and claimed there was no solid proof of their involvement.

In a separate investigation, journalists from a European media alliance managed to secretly join an online group linked to Russian hackers. The journalist, after gaining the group's trust, was asked to perform tasks such as putting anti-West stickers in European cities and gathering personal data about people and groups.

This group was also linked to cyberattacks targeting vital infrastructure in European and NATO member countries. They appear to be part of a growing number of hacker collectives that act on behalf of Russian interests.

A European Union representative described these operations as an invisible form of war that is becoming more common across the continent— not just in countries near Russia.

Security experts say Russian intelligence may be hiring short-term agents through online channels to carry out small-scale missions. Because these people work anonymously and are hard to trace, it's difficult to hold anyone directly responsible.

According to the Czech foreign minister, there have been around 500 suspicious cases across Europe. Of these, about 100 have been officially blamed on Russia. He added that such attacks are happening more frequently now.


Read more »
Youtube
Blackmail Internet malware Russia SilentCryptominer Social Media Youtube

SilentCryptominer Threatens YouTubers to Post Malware in Videos

SilentCryptominer Threatens YouTubers to Post Malware in Videos

Experts have discovered an advanced malware campaign that exploits the rising popularity of Windows Packet Divert drivers to escape internet checks.

Malware targets YouTubers 

Hackers are spreading SilentCryptominer malware hidden as genuine software. It has impacted over 2000 victims in Russia alone. The attack vector involves tricking YouTubers with a large follower base into spreading malicious links. 

“Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,” reports Secure List. This helps threat actors by “allowing them to persist in an unprotected system without the risk of detection. 

Innocent YouTubers Turned into victims

Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency.” Few commonly found malware in the distribution scheme are: Phemedrone, DCRat NJRat, and XWorm.

In one incident, a YouTuber with 60k subscribers had put videos containing malicious links to infected archives, gaining over 400k views. The malicious links were hosted on gitrock[.]com, along with download counter crossing 40,000. 

The malicious files were hosted on gitrok[.]com, with the download counter exceeding 40,000.

Blackmail and distributing malware

Threat actors have started using a new distribution plan where they send copyright strikes to content creators and influencers and blackmail them to shut down channels if they do not post videos containing malicious links. The scare strategy misuses the fame of the popular YouTubers to distribute malware to a larger base. 

The infection chain starts with a manipulated start script that employs an additional executable file via PowerShell. 

As per the Secure List Report, the loader (written in Python) is deployed with PyInstaller and gets the next-stage payload from hardcoded domains.  The second-stage loader runs environment checks, adds “AppData directory to Microsoft Defender exclusions” and downloads the final payload “SilentCryptominer.”

The infamous SilentCryptoMiner

The SilentCryptoMiner is known for mining multiple cryptocurrencies via different algorithms. It uses process hollowing techniques to deploy miner code into PCs for stealth.

The malware can escape security checks, like stopping mining when processes are running and scanning for virtual environment indicators. 

Read more »
Russia cyber threats
Cyber Defence Cyber Security Cyber Warfare FBI Russia Russia cyber threats

U.S. Pauses Offensive Cyberoperations Against Russia Amid Security Concerns

 

Defense Secretary Pete Hegseth has paused offensive cyberoperations against Russia by U.S. Cyber Command, rolling back some efforts to contend with a key adversary even as national security experts call for the U.S. to expand those capabilities. A U.S. official, speaking on condition of anonymity to discuss sensitive operations, on Monday confirmed the pause. 

Hegseth’s decision does not affect cyberoperations conducted by other agencies, including the CIA and the Cybersecurity and Infrastructure Security Agency. But the Trump administration also has rolled back other efforts at the FBI and other agencies related to countering digital and cyber threats. The Pentagon decision, which was first reported by The Record, comes as many national security and cybersecurity experts have urged greater investments in cyber defense and offense, particularly as China and Russia have sought to interfere with the nation’s economy, elections and security. 

Republican lawmakers and national security experts have all called for a greater offensive posture. During his Senate confirmation hearing this year, CIA Director John Ratcliffe said America’s rivals have shown that they believe cyberespionage — retrieving sensitive information and disrupting American business and infrastructure — to be an essential weapon of the modern arsenal. “I want us to have all of the tools necessary to go on offense against our adversaries in the cyber community,” Ratcliffe said. Cyber Command oversees and coordinates the Pentagon’s cybersecurity work and is known as America’s first line of defense in cyberspace. It also plans offensive cyberoperations for potential use against adversaries. 

Hegseth’s directive arrived before Friday’s dustup between President Donald Trump and Ukrainian President Volodymyr Zelenskyy in the Oval Office. It wasn’t clear if the pause was tied to any negotiating tactic by the Trump administration to push Moscow into a peace deal with Ukraine. Trump has vowed to end the war that began when Russia invaded Ukraine three years ago, and on Monday he slammed Zelenskyy for suggesting the end to the conflict was “far away.” 

The White House did not immediately respond to questions about Hegseth's order. Cyber warfare is cheaper than traditional military force, can be carried out covertly and doesn’t carry the same risk of escalation or retaliation, making it an increasingly popular tool for nations that want to contend with the U.S. but lack the traditional economic or military might, according to Snehal Antani, CEO of Horizon3.ai, a San Francisco-based cybersecurity firm founded by former national security officers. Cyberespionage can allow adversaries to steal competitive secrets from American companies, obtain sensitive intelligence or disrupt supply chains or the systems that manage dams, water plants, traffic systems, private companies, governments and hospitals. The internet has created new battlefields, too, as nations like Russia and China use disinformation and propaganda to undermine their opponents. 

Artificial intelligence now makes it easier and cheaper than ever for anyone — be it a foreign nation like Russia, China or North Korea or criminal networks — to step up their cybergame at scale, Antani said. Fixing code, translating disinformation or identifying network vulnerabilities once required a human — now AI can do much of it faster. “We are entering this era of cyber-enabled economic warfare that is at the nation-state level,” Antani said. “We’re in this really challenging era where offense is significantly better than defense, and it’s going to take a while for defense to catch up.” Meanwhile, Attorney General Pam Bondi also has disbanded an FBI task force focused on foreign influence campaigns, like those Russia used to target U.S. elections in the past. And more than a dozen people who worked on election security at the Cybersecurity and Infrastructure Security Agency were put on leave. 

These actions are leaving the U.S. vulnerable despite years of evidence that Russia is committed to continuing and expanding its cyber efforts, according to Liana Keesing, campaigns manager for technology reform at Issue One, a nonprofit that has studied technology’s impact on democracy. “Instead of confronting this threat, the Trump administration has actively taken steps to make it easier for the Kremlin to interfere in our electoral processes,” Keesing said.
Read more »
Subscribe to: Posts (Atom)