Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russia. Show all posts
Russia
aviation Cyber Security European Commission GPS Jamming GPS Spoofing Russia

Russia’s Widespread GPS Jamming Raises Concerns for Air and Sea Safety

 


A recent incident involving the European Commission President’s aircraft has drawn attention to a growing risk in international travel: deliberate interference with satellite navigation systems. The plane, flying into Plovdiv, Bulgaria, temporarily lost its GPS signal due to electronic jamming but landed without issue. Bulgarian authorities later said the disruption was not unusual, describing such interference as a side effect of the ongoing war in Ukraine.

This case is not isolated. Aviation and maritime authorities across Europe have reported an increasing number of GPS disruptions since Russia’s invasion of Ukraine in 2022. Analysts estimate there have been dozens of such events in recent years, affecting flights, shipping routes, and even small private aircraft. Nordic and Baltic nations, in particular, have issued repeated warnings about interference originating near Russian borders.


How GPS jamming works

Satellite navigation relies on faint signals transmitted from orbit. Devices such as aircraft systems, cars, ships, and even smartphones calculate their exact location by comparing timing signals from multiple satellites. These signals, however, are fragile.

Jamming overwhelms the receiver with stronger radio noise, making it impossible to lock onto satellites. Spoofing takes it further by transmitting fake signals that mimic satellites, tricking receivers into reporting false positions. Both techniques have long been used in military operations. For instance, jamming can block incoming drones or missiles, while spoofing can disguise troop or aircraft movements. Experts say such technology has been used not only in Ukraine but also in other conflicts, such as alleged Israeli operations against Iranian air defenses.


Rising incidents across Europe

Countries bordering Russia report sharp increases in interference. Latvia’s communications authority documented more than 800 cases of satellite disruption in 2024, compared with only a few dozen two years earlier. Finland’s national airline even suspended flights to the Estonian city of Tartu after two aircraft struggled to land due to lost GPS guidance. Similarly, Britain’s defense secretary experienced jamming while flying near Russian territory.

The interference is not limited to aviation. Sweden has received reports of ships in the Baltic Sea losing signal, prompting officials to advise sailors to fall back on radar and landmarks. In one case, two German tourists accidentally crossed into Russian airspace in a light aircraft and had to be escorted back. Such episodes underline how civilian safety is affected by what many governments see as deliberate Russian tactics.


Risks and responses

Experts emphasize that aircraft and ships are equipped with backup systems, including radio beacons and inertial navigation, meaning total reliance on satellites is unnecessary. Yet the danger lies in moments of confusion or equipment failure, when loss of GPS could tip a situation into crisis.

Authorities are responding by restricting drone flights near interference hotspots, training crews to operate without GPS, and pressing international organizations to address the issue. While Russia dismisses complaints as political, analysts warn that disruptions serve a dual purpose: defending Russian airspace while sowing uncertainty among its neighbors.

As incidents multiply, the concern is that one miscalculation could lead to a major accident, particularly at sea, where heavy reliance on GPS has become the norm.


Read more »
Technology
MAX messaging app Online Privacy Russia Technology

Russia’s New MAX Messaging App Sparks Spying Fears

 

From first September, Russia’s new state-backed messaging app MAX will come pre-installed on every smartphone and tablet sold in the country, igniting strong concerns over data privacy and state monitoring. Built by VK, the company behind Mail.ru and VKnote, the platform launched in March 2025 and has already drawn 18 million users, according to Interfax. Much like China’s WeChat, MAX blends private messaging with access to official government services.

Concerns Over Security 

Independent analyses commissioned by Forbes reveal that MAX includes aggressive tracking functions, weak security protections, and no end-to-end encryption, a combination that could leave conversations exposed to real-time monitoring. Researchers argue this places Russian users at greater risk than those relying on WhatsApp or Telegram. 

Digital rights advocates at Roskomsvoboda acknowledged that MAX requests fewer device permissions than its rivals, but warned that all communications are routed through state-controlled servers, making surveillance far easier. 

“MAX has enormous surveillance potential, as every piece of data within it can be accessed instantly by intelligence agencies,” said Ilya Perevalov, technical expert at Roskomsvoboda and RKS Global. 

He also cautioned that integrating payment systems could heighten risks of data breaches and fraud. 

WhatsApp Faces Crackdown 

At present, WhatsApp remains the most widely used messaging service in Russia, but its days may be numbered. Authorities have confirmed plans to block the app, and by mid-August, restrictions were already applied to voice calls on both Telegram and WhatsApp, citing counterterrorism concerns. The push comes alongside new laws punishing online searches for “extremist content” and imposing harsher penalties on VPN use, reducing citizens’ ability to bypass government restrictions. 

Privacy Under Pressure

Officials insist MAX collects less personal information than foreign competitors. Yet analysts argue the real issue is not the number of permissions but the direct pipeline of data to state agencies. With WhatsApp on the verge of a ban and VPN access under growing pressure, Russian users may soon be left with MAX as their only reliable option, a development critics warn could tighten government control over digital freedoms and reshape the country’s online communications landscape.
Read more »
WhatsApp
Russia Social Media Technology Telegram WhatsApp

Russia launches messenger app "Max" that could replace WhatsApp

Russia launches messenger app "Max" that could replace WhatsApp

Russia is planning to make a “national messenger” as an alternative to social media apps like WhatsApp and Telegram. Max, a messenger app released earlier this year by the tech giant VK and supported by state media campaigns, seems to be the basis of this service. 

WhatsApp may face a ban in Russia as the Kremlin seeks to exert greater control over the online sphere. This blog explains about Max and what is likely to happen in Russia with the new changes.

About Max

The app was launched in March 2025. It has features similar to those of WhatsApp and Telegram. Max supports business accounts while also trying to become more than just a messaging app. "Friends, hello! I recently downloaded the Max app. And you know what, I was just amazed," said Russian influencer and singer Instasamka in a promotional video. 

Max is promoted as a digital “super app”- a single platform for government and commercial services. The Russian bank has already started using a digital banking platform for customers to book via the travel wing of e-commerce giant Ozon.

Other national apps

Russia’s portal for public services, “Gosuslugi,” will be launched in 2026 with added access to the Central Bank’s Fast Payment System. “Several Asian countries have national or quasi-official messengers: China’s WeChat, Japan’s Line, South Korea’s KakaoTalk, Vietnam’s Zalo, and India’s Sandes,” according to the BBC.

Russian media has termed the app as “the Russian WeChat,” hinting at the Chinese state-backed application that is known as a tool of social control. Max is yet to prove its potential. According to VK, a million people have registered already. Both VK and Telegram have monthly Russian users of around 100 million, according to MediaScope. The app has mixed reviews. It currently has a 4.2 rating on the App Store and 2.4 on Google Play.

According to BBC, “Max is owned by a firm called “Communication Platform,” located in the same Moscow business center as VK. Russian business paper Vedomosti has reported that the two companies are affiliated. VK is ultimately controlled by state energy giant Gazprom.”

Read more »
Ukraine
Cyber Attacks Drone Hacking Russia Ukraine

Ukrainian Hackers Claim Major Cyberattack on Russian Drone Manufacturer



In an unsettling development in the ongoing cyber conflict linked to the Russia-Ukraine war, Ukrainian-aligned hacking groups have claimed responsibility for a large-scale cyberattack targeting a major Russian drone manufacturing company.

The targeted firm, identified as Gaskar Group, is believed to play a key role in supplying unmanned aerial vehicles (UAVs) to Russian forces. Two pro-Ukrainian hacker collectives, the BO Team and the Ukrainian Cyber Alliance, reportedly carried out the operation in collaboration with Ukraine’s military intelligence service.

The BO Team, a group known for supporting Ukraine through cyber operations, shared news of the breach on a Telegram channel on July 14. According to their statement, the team successfully gained full access to the internal network, servers, and data systems of the drone company. This breach reportedly allowed them to obtain sensitive technical details about existing and upcoming UAV models.

Following the infiltration, the hackers claimed they deleted a massive volume of data approximately 47 terabytes, which included 10 terabytes of backup files. They also say they disabled the company’s operational and support systems, potentially disrupting production and delaying the deployment of drones to the battlefield.

Ukrainian media sources have reported that Ukraine’s military intelligence has acknowledged the incident. In addition, some of the stolen data has allegedly been made public by the Ukrainian Cyber Alliance. These developments suggest that the cyberattack may have had a tangible impact on Russia’s drone supply chain.

While drone warfare has existed for years, the ongoing conflict has brought about a new level of reliance on smaller, low-cost drones for surveillance, attacks, and tactical missions. Both Ukraine and Russia have used these devices extensively on the frontlines, with drones proving to be a powerful asset in modern combat.

A March 2024 investigation by Reuters highlighted how drone use in Ukraine has grown to an unprecedented scale. First-person view (FPV) drones — often modified from commercial models have become especially important due to their low cost and versatility in hostile zones, where traditional aircraft are often vulnerable to air defense systems.

In June, drones were central to a Ukrainian strike known as "Operation Spiderweb," which reportedly resulted in major damage to Russian air assets.

In response to the latest incident, Gaskar Group has denied that the cyberattack caused serious damage. However, if the claims made by the hacking groups are proven true, the breach could significantly affect Russia’s ability to supply drones in the short term.

As cyber warfare continues to play a larger role in the ongoing conflict, incidents like these reflect how digital attacks are becoming just as critical as physical operations in today’s battles. 

Read more »
Russia
Bitcoin Crypto Mining Cyber Crime electricity Russia

Hidden Crypto Mining Operation Found in Truck Tied to Village Power Supply

 


In a surprising discovery, officials in Russia uncovered a secret cryptocurrency mining setup hidden inside a Kamaz truck parked near a village in the Buryatia region. The vehicle wasn’t just a regular truck, it was loaded with 95 mining machines and its own transformer, all connected to a nearby power line powerful enough to supply an entire community.


What Is Crypto Mining, and Why Is It Controversial?

Cryptocurrency mining is the process of creating digital coins and verifying transactions through a network called a blockchain — a digital ledger that can’t be altered. Computers solve complex calculations to keep this system running smoothly. However, this process demands huge amounts of electricity. For example, mining the popular coin Bitcoin consumes more power in a year than some entire countries.


Why Was This Setup a Problem?

While mining can help boost local economies and create tech jobs, it also brings risks, especially when done illegally. In this case, the truck was using electricity intended for homes without permission. The unauthorized connection reportedly caused power issues like low voltage, grid overload, and blackouts for local residents.

The illegal setup was discovered during a routine check by power inspectors in the Pribaikalsky District. Before law enforcement could step in, two people suspected of operating the mining rig escaped in a vehicle.


Not the First Incident

This wasn’t an isolated case. Authorities report that this is the sixth time this year such theft has occurred in Buryatia. Due to frequent power shortages, crypto mining is banned in most parts of the region from November through March. Even when allowed, only approved companies can operate in designated areas.


Wider Energy and Security Impacts

Crypto mining operations run 24/7 and demand a steady flow of electricity. This constant use strains power networks, increases local energy costs, and can cause outages when grids can’t handle the load. Because of this, similar mining restrictions have been put in place in other regions, including Irkutsk and Dagestan.

Beyond electricity theft, crypto mining also has ties to cybercrime. Security researchers have reported that some hacking groups secretly install mining software on infected computers. These programs run quietly, often at night, using stolen power and system resources without the owner’s knowledge. They can also steal passwords and disable antivirus tools to remain undetected.


The Environmental Cost

Mining doesn’t just hurt power grids — it also affects the environment. Many mining operations use electricity from fossil fuels, which contributes to pollution and climate change. Although a study from the University of Cambridge found that over half of Bitcoin mining now uses cleaner sources like wind, nuclear, or hydro power, a significant portion still relies on coal and gas.

Some companies are working to make mining cleaner. For example, projects in Texas and Bhutan are using renewable energy to reduce the environmental impact. But the challenge remains, crypto mining’s hunger for energy has far-reaching consequences.

Read more »
Russia
Cyber Crime ICC Israel Justice Russia

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

Swift discovery helped the ICC

Last week, the International Criminal Court (ICC) announced that it had discovered a new advanced and targeted cybersecurity incident. Its response mechanism and prompt discovery helped to contain the attack. 

The ICC did not provide details about the attackers’ intentions, any data leaks, or other compromises. According to the statement, the ICC, which is headquartered in The Hague, the Netherlands, is conducting a threat evaluation after the attack and taking measures to address any injuries. Details about the impact were not provided. 

Collective effort against threat actors

The constant support of nations that have ratified the Rome Statute helps the ICC in ensuring its capacity to enforce its mandate and commitment, a responsibility shared by all States Parties. “The Court considers it essential to inform the public and its States Parties about such incidents as well as efforts to address them, and calls for continued support in the face of such challenges,” ICC said. 

The ICC was founded in 2002 through the Rome Statute, an international treaty, by a coalition of sovereign states, aimed to create an international court that would prosecute individuals for international crimes– war crimes, genocide, terrorism, and crimes against humanity. The ICC works as a separate body from the U.N. International Court of Justice, the latter brings cases against countries but not individuals.

Similar attack in 2023

In 2023, the ICC reported another cybersecurity incident. The attack was said to be an act of espionage and aimed at undermining the Court’s mandate. The incident had caused it to disconnect its system from the internet. 

In the past, the ICC has said that it had experienced increased security concerns as threats against its various elected officials rose. “The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court's mandate," ICC said. 

The recent notable arrests issued by the ICC include Russian President Vladimir Putin and Israeli Prime Minister Benjamin Netanyahu.

Read more »
Russia links
Cloud Cyber Security Data Safety User Data data security FSB IP Address Messaging Apps Russia Russia links

Telegram’s Alleged Ties to Russian Intelligence Raise Global Surveillance Fears

 

A new investigation by Russian media outlet Important Stories, in collaboration with the Organized Crime and Corruption Reporting Project (OCCRP), has sparked fresh scrutiny over Telegram’s connections to Russia’s intelligence services. The popular messaging platform, long regarded for its privacy features, may have indirect links to the Russian Federal Security Service (FSB), raising significant concerns for users worldwide.

At the center of the probe is a company called Global Network Management (GNM), which plays a critical role in routing Telegram’s messages. Although GNM is officially incorporated in the Caribbean nation of Antigua and Barbuda, it operates primarily from Russia. Its owner, Vladimir Vedeneev, is a Russian engineer with long-standing ties to Telegram founder Pavel Durov. Legal filings show that Vedeneev is the only individual authorized to manage certain Telegram servers, including those based in the U.S. 

Vedeneev also runs other firms—such as Globalnet and Electrontelecom—that reportedly supply telecommunications infrastructure to various Russian state entities, including the FSB. These companies have been linked to classified government projects involving surveillance and defense. 

The IP addresses used by Telegram used to be owned by Russian firms with FSB affiliations. These IPs still appear to be registered in Russia, and might be responsible for allowing user activity to be traced back through Russian-controlled networks. Telegram users typically rely on regular cloud chats, which—unlike its secret chats—are not end-to-end encrypted and are stored on Telegram’s servers. Security analysts warn that if Vedeneev’s companies manage routing systems and network infrastructure, they could potentially access user metadata, including IP addresses, device IDs, and location data. 

Though message content may remain encrypted, this metadata could still be exploited for surveillance. Moreover, Telegram transmits unique device identifiers in an unencrypted format, creating additional vulnerability. Experts caution that Russian intelligence could leverage this data to monitor users, particularly dissidents, journalists, or foreign nationals viewed as threats. Telegram has refuted the claims, stating that it has no employees or servers in Russia and that its infrastructure remains fully under the control of its internal teams. 

The company maintains that no third party, including vendors, can access confidential user data or systems. However, Telegram has yet to directly address the investigation’s core claims regarding GNM, Vedeneev, or the related infrastructure providers. The platform also hasn’t explained how it protects users if server operators have potential intelligence ties or why certain data is still sent without encryption. 

The issue is especially relevant in Ukraine, where Telegram has over 10 million users and is a major source of news and official communication. While President Volodymyr Zelensky’s administration uses the app for public updates, growing concerns around disinformation and espionage have prompted discussions about its continued use. 

As the investigation raises critical questions about the app’s security, the broader implications for global digital privacy and national security remain in sharp focus.
Read more »
Ukraine
Cyber Attacks EU Fake news Information War propaganda Russia Ukraine

EU Sanctions Actors Involved in Russian Hybrid Warfare


EU takes action against Russian propaganda

The European Union (EU) announced sweeping new sanctions against 21 individuals and 6 entities involved in Russia’s destabilizing activities abroad, marking a significant escalation in the bloc’s response to hybrid warfare threats.

European Union announced huge sanctions against 6 entities and 21 individuals linked to Russia’s destabilizing activities overseas, highlighting the EU’s efforts to address hybrid warfare threats. 

The Council’s decision widens the scope of regulations to include tangible assets and brings new powers to block Russian media broadcasting licenses, showcasing the EU’s commitment to counter Moscow’s invading campaigns. The new approach now allows taking action against actors targeting vessels, real estate, aircraft, and physical components of digital networks and communications. 

Financial organizations and firms giving crypto-asset services that allow Russian disruption operations also fall under the new framework. 

The new step addresses systematic Russian media control and manipulation, the EU is taking authority to cancel the broadcasting licenses of Russian media houses run by the Kremlin and block their content distribution within EU countries. 

Experts describe this Russian tactic as an international campaign of media manipulation and fake news aimed at disrupting neighboring nations and the EU. 

Interestingly, the ban aligns with the Charter of Fundamental Rights, allowing select media outlets to do non-broadcasting activities such as interviews and research within the EU. 

Propaganda and Tech Companies

The EU has also taken action against StarkIndustries, a web hosting network. The company is said to have assisted various Russian state-sponsored players to do suspicious activities such as information manipulation, interference ops, and cyber attacks against the Union and third-world countries. 

The sanctions also affect Viktor Medvedchuk, an ex-Ukranian politician and businessman, who is said to control Ukranian media outlets to distribute pro-Russian propaganda. 

Hybrid Threats Framework

The sections are built upon a 2024 framework to address Russian interference actions compromising EU fundamental values, stability, independence, integrity, and stability. 

Designated entities and individuals face asset freezes, whereas neutral individuals will face travel bans blocking entry and transit through EU nations. This displays the EU’s commitment to combat hybrid warfare via sustained, proportionate actions.

Read more »
Russia
Cyber Attacks Europe hybrid attacks Russia

Russia Accused of Carrying Out Over 50 Secret Operations Across Europe

 



In the last few years since the war in Ukraine began, several European countries have experienced unusual and suspicious activities. These events include online attacks, spying, fires, and efforts to spread false information. Investigations suggest that many of these actions may be linked to Russia or groups working in its interest.

According to a report studied by journalists from a global news agency, at least 59 such incidents have taken place. These actions are believed to be part of a broader strategy known as "hybrid attacks" which mix cybercrime, sabotage, and misinformation to confuse or harm other countries without direct warfare.

Some of these incidents involved hackers breaking into politicians' accounts or important systems. In other cases, there were attempts to cause damage through arson or even plans to smuggle explosives onto cargo flights. These activities have raised serious concerns among security agencies.

Officials from NATO believe these attacks serve two purposes: to create political tension within countries and to reduce international support for Ukraine. Nations that have supported Ukraine the most— like Poland, Finland, Estonia, and Latvia—have been targeted more often.

In the Baltic Sea, mysterious shipping activity has raised suspicions of Russian involvement in damaging undersea cables and pipelines. On land, authorities in some countries have accused Russia and its close ally Belarus of creating border tensions by pushing migrants toward their borders. Fires in Lithuania and Poland have also been publicly connected to these efforts.

When asked for a response, Russian officials denied all the accusations and claimed there was no solid proof of their involvement.

In a separate investigation, journalists from a European media alliance managed to secretly join an online group linked to Russian hackers. The journalist, after gaining the group's trust, was asked to perform tasks such as putting anti-West stickers in European cities and gathering personal data about people and groups.

This group was also linked to cyberattacks targeting vital infrastructure in European and NATO member countries. They appear to be part of a growing number of hacker collectives that act on behalf of Russian interests.

A European Union representative described these operations as an invisible form of war that is becoming more common across the continent— not just in countries near Russia.

Security experts say Russian intelligence may be hiring short-term agents through online channels to carry out small-scale missions. Because these people work anonymously and are hard to trace, it's difficult to hold anyone directly responsible.

According to the Czech foreign minister, there have been around 500 suspicious cases across Europe. Of these, about 100 have been officially blamed on Russia. He added that such attacks are happening more frequently now.


Read more »
Youtube
Blackmail Internet malware Russia SilentCryptominer Social Media Youtube

SilentCryptominer Threatens YouTubers to Post Malware in Videos

SilentCryptominer Threatens YouTubers to Post Malware in Videos

Experts have discovered an advanced malware campaign that exploits the rising popularity of Windows Packet Divert drivers to escape internet checks.

Malware targets YouTubers 

Hackers are spreading SilentCryptominer malware hidden as genuine software. It has impacted over 2000 victims in Russia alone. The attack vector involves tricking YouTubers with a large follower base into spreading malicious links. 

“Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,” reports Secure List. This helps threat actors by “allowing them to persist in an unprotected system without the risk of detection. 

Innocent YouTubers Turned into victims

Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency.” Few commonly found malware in the distribution scheme are: Phemedrone, DCRat NJRat, and XWorm.

In one incident, a YouTuber with 60k subscribers had put videos containing malicious links to infected archives, gaining over 400k views. The malicious links were hosted on gitrock[.]com, along with download counter crossing 40,000. 

The malicious files were hosted on gitrok[.]com, with the download counter exceeding 40,000.

Blackmail and distributing malware

Threat actors have started using a new distribution plan where they send copyright strikes to content creators and influencers and blackmail them to shut down channels if they do not post videos containing malicious links. The scare strategy misuses the fame of the popular YouTubers to distribute malware to a larger base. 

The infection chain starts with a manipulated start script that employs an additional executable file via PowerShell. 

As per the Secure List Report, the loader (written in Python) is deployed with PyInstaller and gets the next-stage payload from hardcoded domains.  The second-stage loader runs environment checks, adds “AppData directory to Microsoft Defender exclusions” and downloads the final payload “SilentCryptominer.”

The infamous SilentCryptoMiner

The SilentCryptoMiner is known for mining multiple cryptocurrencies via different algorithms. It uses process hollowing techniques to deploy miner code into PCs for stealth.

The malware can escape security checks, like stopping mining when processes are running and scanning for virtual environment indicators. 

Read more »
Russia cyber threats
Cyber Defence Cyber Security Cyber Warfare FBI Russia Russia cyber threats

U.S. Pauses Offensive Cyberoperations Against Russia Amid Security Concerns

 

Defense Secretary Pete Hegseth has paused offensive cyberoperations against Russia by U.S. Cyber Command, rolling back some efforts to contend with a key adversary even as national security experts call for the U.S. to expand those capabilities. A U.S. official, speaking on condition of anonymity to discuss sensitive operations, on Monday confirmed the pause. 

Hegseth’s decision does not affect cyberoperations conducted by other agencies, including the CIA and the Cybersecurity and Infrastructure Security Agency. But the Trump administration also has rolled back other efforts at the FBI and other agencies related to countering digital and cyber threats. The Pentagon decision, which was first reported by The Record, comes as many national security and cybersecurity experts have urged greater investments in cyber defense and offense, particularly as China and Russia have sought to interfere with the nation’s economy, elections and security. 

Republican lawmakers and national security experts have all called for a greater offensive posture. During his Senate confirmation hearing this year, CIA Director John Ratcliffe said America’s rivals have shown that they believe cyberespionage — retrieving sensitive information and disrupting American business and infrastructure — to be an essential weapon of the modern arsenal. “I want us to have all of the tools necessary to go on offense against our adversaries in the cyber community,” Ratcliffe said. Cyber Command oversees and coordinates the Pentagon’s cybersecurity work and is known as America’s first line of defense in cyberspace. It also plans offensive cyberoperations for potential use against adversaries. 

Hegseth’s directive arrived before Friday’s dustup between President Donald Trump and Ukrainian President Volodymyr Zelenskyy in the Oval Office. It wasn’t clear if the pause was tied to any negotiating tactic by the Trump administration to push Moscow into a peace deal with Ukraine. Trump has vowed to end the war that began when Russia invaded Ukraine three years ago, and on Monday he slammed Zelenskyy for suggesting the end to the conflict was “far away.” 

The White House did not immediately respond to questions about Hegseth's order. Cyber warfare is cheaper than traditional military force, can be carried out covertly and doesn’t carry the same risk of escalation or retaliation, making it an increasingly popular tool for nations that want to contend with the U.S. but lack the traditional economic or military might, according to Snehal Antani, CEO of Horizon3.ai, a San Francisco-based cybersecurity firm founded by former national security officers. Cyberespionage can allow adversaries to steal competitive secrets from American companies, obtain sensitive intelligence or disrupt supply chains or the systems that manage dams, water plants, traffic systems, private companies, governments and hospitals. The internet has created new battlefields, too, as nations like Russia and China use disinformation and propaganda to undermine their opponents. 

Artificial intelligence now makes it easier and cheaper than ever for anyone — be it a foreign nation like Russia, China or North Korea or criminal networks — to step up their cybergame at scale, Antani said. Fixing code, translating disinformation or identifying network vulnerabilities once required a human — now AI can do much of it faster. “We are entering this era of cyber-enabled economic warfare that is at the nation-state level,” Antani said. “We’re in this really challenging era where offense is significantly better than defense, and it’s going to take a while for defense to catch up.” Meanwhile, Attorney General Pam Bondi also has disbanded an FBI task force focused on foreign influence campaigns, like those Russia used to target U.S. elections in the past. And more than a dozen people who worked on election security at the Cybersecurity and Infrastructure Security Agency were put on leave. 

These actions are leaving the U.S. vulnerable despite years of evidence that Russia is committed to continuing and expanding its cyber efforts, according to Liana Keesing, campaigns manager for technology reform at Issue One, a nonprofit that has studied technology’s impact on democracy. “Instead of confronting this threat, the Trump administration has actively taken steps to make it easier for the Kremlin to interfere in our electoral processes,” Keesing said.
Read more »
Russia cyber threats
Cyber Security Cybersecurity Russia Russia cyber threats

Trump Administration Halts Offensive Cyber Operations Against Russia Amid Ukraine War Talks

 

The Trump administration has issued orders to suspend U.S. offensive cyber operations targeting Russia, a move reportedly aimed at encouraging Russian President Vladimir Putin to engage in diplomatic discussions over the war in Ukraine. According to The Record, U.S. Defense Secretary Pete Hegseth directed the halt, which is expected to remain in place indefinitely. 

This decision comes in the wake of a heated Oval Office dispute on Friday between President Donald Trump, Vice President JD Vance, and Ukrainian President Volodymyr Zelensky over continued U.S. financial and military support for Ukraine. The previous Biden administration had strongly backed Ukraine, committing billions of dollars in aid and weaponry to counter Russian aggression. 

However, the Trump administration’s shift in stance has raised uncertainty regarding America’s future role in the conflict. Meanwhile, British Prime Minister Keir Starmer announced on Sunday that European nations would establish a “coalition of the willing” to continue providing support to Ukraine. 

The extent of the U.S. cyber operations suspension remains unclear, but officials stress that understanding Russia’s objectives in Ukraine is crucial for assessing Moscow’s broader geopolitical strategy, particularly in the realm of cyber espionage. 

Hegseth’s directive is reportedly part of a larger reassessment of Washington’s involvement in the war and its broader operations against Russia. While intelligence-gathering activities remain unaffected, the decision to halt offensive cyber operations is seen as a calculated risk. Trump has previously blamed Ukraine for the war and has labeled Zelensky a “dictator” who, in his view, is “not ready for peace.”
Read more »
Russia
Aerospace Cyber Attacks Europe Poland Russia

Poland’s Space Agency Investigates Cyberattack, Works On Security Measures

 



Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website was still offline.  


Government and Cybersecurity Teams Take Action

Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, confirmed that cybersecurity experts detected unauthorized access to POLSA’s systems. Security specialists have since secured the affected infrastructure and are now working to determine who was behind the attack. However, officials have not yet shared whether the hackers were financially motivated cybercriminals or politically driven groups. The method used to infiltrate the agency’s network also remains undisclosed.  


Why Hackers Target Space Agencies

Organizations involved in space research and technology are often appealing targets for cybercriminals. Many of these agencies collaborate with defense and intelligence sectors, making them vulnerable to attacks that could expose confidential projects, satellite communications, and security-related data. A cyberattack on such an agency could disrupt critical operations, leak classified research, or even interfere with national security.  


Poland Faces a Surge in Cyberattacks

Poland has become one of the most frequently targeted countries in the European Union when it comes to cyber threats. Earlier this year, Gawkowski stated that the country experiences more cyber incidents than any other EU nation, with most attacks believed to be linked to Russian actors. Poland’s strong support for Ukraine, both in military assistance and humanitarian aid, has likely contributed to this rise in cyber threats.  

The number of cyberattacks against Poland has increased drastically in recent years. Reports indicate that attacks doubled in 2023 compared to previous years, with over 400,000 cybersecurity incidents recorded in just the first half of the year. In response, the Polish government introduced a cybersecurity initiative in June, allocating $760 million to strengthen the country’s digital defenses.  


Other Space Agencies Have Also Been Targeted

This is not the first time a space agency has fallen victim to cyberattacks. Japan’s space agency, JAXA, has faced multiple breaches in the past. In 2016, reports suggested that JAXA was among 200 Japanese organizations targeted by suspected Chinese military hackers. In 2023, unknown attackers infiltrated the agency’s network, raising concerns that sensitive communications with private companies, such as Toyota, may have been exposed.  

As space technology continues to advance, protecting space agencies from cyber threats has become more crucial than ever. These organizations handle valuable and often classified information, making them prime targets for espionage, sabotage, and financial cybercrime. If hackers manage to breach their systems, the consequences could be severe, ranging from stolen research data to disruptions in satellite operations and defense communications.  

POLSA’s ongoing investigation will likely uncover more details about the cyberattack in the coming weeks. For now, the incident highlights the increasing need for governments and space organizations to invest in stronger cybersecurity measures to protect critical infrastructure.

Read more »
Telecom
Beeline Cyber Attacks DDOS Attacks Internet Russia Telecom

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Internet outage in, telecom provider attacked

Users in Russia faced an internet outage in a targeted DDoS attack on Russian telecom company Beeline. This is the second major attack on the Moscow-based company in recent weeks; the provider has over 44 million subscribers.

After several user complaints and reports from outage-tracking services, Beeline confirmed the attack to local media.

According to Record Media, internet monitoring service Downdetector’s data suggests “most Beeline users in Russia faced difficulties accessing the company’s mobile app, while some also reported website outages, notification failures and internet disruptions.” 

Impact on Beeline

Beeline informed about the attack on its Telegram channel, stressing that the hacker did not gain unauthorized access to consumer data. Currently, the internet provider is restoring all impacted systems and improving its cybersecurity policies to avoid future attacks. Mobile services are active, but users have cited issues using a few online services and account management features.

Rise of threat in Russia

The targeted attack on Beeline is part of a wider trend of cyberattacks in Russia; in September 2024, VTB, Russia’s second-largest bank, faced similar issues due to an attack on its infrastructure. 

These attacks highlight the rising threats posed by cyberattacks cherry-picking critical infrastructures in Russia and worldwide.

Experts have been warning about the rise in intensity and advanced techniques of such cyberattacks, damaging not only critical businesses but also essential industries that support millions of Russian citizens. 

Telecom companies in Russia targeted

How Beeline responds to the attack and recovers will be closely observed by both the telecom industry and regulators. The Beeline incident is similar to the attack on Russian telecom giant Megafon, another large-scale DDoS attack happened earlier this year. 

According to a cybersecurity source reported by Forbes Russia, the Beeline attack in February and the Megafon incident in January are the top hacktivist cyberattacks aiming at telecom sectors in 2025. 

According to the conversation with Forbes, the source said, “Both attacks were multi-vector and large-scale. The volume of malicious traffic was identical, but MegaFon faced an attack from 3,300 IP addresses, while Beeline was targeted via 1,600, resulting in a higher load per IP address.”

Read more »
Trojan
Cyber Security Google AMP Phishing Attacks RATs Russia TikTok Trojan

Hackers Use Russian Domains for Phishing Attacks

Hackers Use Russian Domains for Phishing Attacks

The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam. The blog covers the latest attack tactics threat actors are using.

Malicious email escapes SEGs

Daily, at least one suspicious email escapes Secure Email Getaways (SEGs), like Powerpoint and Microsoft, every 45 seconds, showing a significant rise from last year’s attack rate of one of every 57 seconds, according to the insights from Cofense Intelligence’s third-quarter report.

A sudden increase in the use of remote access Trojans (RATs) allows hackers to gain illegal access to the target’s system, which leads to further abuse, theft, and data exploitation.

Increase in Remote Access Trojan (RAT) use

Remcos RAT, a frequently used tool among hackers, is a key factor contributing to the surge in RAT attacks. It allows the attacker to remotely manipulate infected systems, exfiltrate data, deploy other malware, and obtain persistent access to vulnerable networks.

According to the data, the use of open redirects in phishing attempts has increased by 627%. These attacks use legitimate website functionality to redirect users to malicious URLs, frequently disguised as well-known and reputable domains.

Using TikTok and Google AMP

TikTok and Google AMP are frequently used to carry out these attacks, leveraging their worldwide reach and widespread use by unknowing users.

The use of malicious Office documents, particularly those in.docx format, increased by roughly 600%. These documents frequently include phishing links or QR codes that lead people to malicious websites.

Microsoft Office documents are an important attack vector due to their extensive use in commercial contexts, making them perfect for targeting enterprises via spear-phishing operations.

Furthermore, there has been a substantial shift in data exfiltration strategies, with a rise in the use of.ru and.su top-level domains (TLDs). Domains with the.ru (Russia) and.su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it more difficult for victims and security teams to track data theft activities.

Read more »
SQL
Cyber Attacks Data Security Tiktok Election Security Elections Infrastructure Romania Russia Security Breaches SQL

Romania Annuls Elections After TikTok Campaign and Cyberattacks Linked to Russia

 


Romania’s Constitutional Court (CCR) has annulled the first round of its recent presidential elections after intelligence reports revealed extensive foreign interference. Cyberattacks and influence campaigns have raised serious concerns, prompting authorities to reschedule elections while addressing security vulnerabilities. 
  
Cyberattacks on Election Infrastructure

The Romanian Intelligence Service (SRI) uncovered relentless cyberattacks targeting key election systems between November 19th and November 25th. Attackers exploited vulnerabilities to compromise platforms such as:
  • Bec.ro: Central Election Bureau system.
  • Registrulelectoral.ro: Voter registration platform.
Key findings include:
  • Methods Used: SQL injection and cross-site scripting (XSS) exploited to infiltrate systems.
  • Leaked Credentials: Stolen login details shared on Russian cybercrime forums.
  • Server Breach: A compromised server linked to mapping data allowed access to sensitive election infrastructure.
  • Origin: Attacks traced to devices in over 33 countries, suggesting state-level backing.
While the SRI has not explicitly named Russia, the attack methods strongly indicate state-level involvement. TikTok Influence Campaign Beyond cyberattacks, a coordinated TikTok influence campaign sought to sway public opinion in favor of presidential candidate Calin Georgescu:
  • Influencers: Over 100 influencers with a combined 8 million followers participated.
  • Payments: Ranged from $100 for smaller influencers to substantial sums for those with larger followings.
  • Impact: Pro-Georgescu content peaked on November 26th, ranking 9th among TikTok’s top trending videos.
  • Activity Pattern: Many accounts involved were dormant since 2016 but became active weeks before the election.
Romania’s Ministry of Internal Affairs (MAI) noted parallels between Georgescu’s messaging and narratives supporting pro-Russian candidates in Moldova, further tying the campaign to Russian influence efforts. Geopolitical Implications Romania’s Foreign Intelligence Service (SIE) linked these actions to a broader Russian strategy to destabilize NATO-aligned countries:

Goals: Undermine democratic processes and promote eurosceptic narratives.

Target: Romania’s significant NATO presence makes it a critical focus of Russian propaganda and disinformation campaigns.

Election Annulment and Future Challenges 
 
On November 6th, the CCR annulled the election’s first round, citing security breaches and highlighting vulnerabilities in Romania’s electoral infrastructure. Moving forward:
  • Cybersecurity Enhancements: Authorities face mounting pressure to strengthen defenses against similar attacks.
  • Disinformation Countermeasures: Efforts to combat influence campaigns are essential to safeguarding future elections.
  • Warning from SRI: Election system vulnerabilities remain exploitable, raising concerns about upcoming elections.
The incidents in Romania underscore the rising threat of cyberattacks and influence operations on democratic processes worldwide, emphasizing the urgent need for robust security measures to protect electoral integrity.
Read more »
Russia
Attack Campaign Cyber Attacks Data Leak Election Romania Russia

Romania's Election System Hit by Over 85,000 Cyberattacks, Russian Links Suspected


Romania’s intelligence service in its declassified report disclosed the country’s election systems were hit by over 85,000 cyberattacks. Attackers have also stolen login credentials for election-related sites and posted the information on a Russian hacker forum just before the first presidential election round. 

Data leaked on Russian site

The data was likely stolen from attacking authentic users and exploiting legitimate training servers. Russia has denied any involvement in Romania’s election campaign.

The Romanian Intelligence Service (SRI) said, “The attacks continued intensively including on election day and the night after elections. The operating mode and the amplitude of the campaign lead us to conclude the attacker has considerable resources specific to an attacking state."

About the attack

SRI says the IT infrastructure of Romania’s Permanent Electoral Authority (AEP) was targeted on 19th November. Threat actors disrupted a server containing mapping data (gis.registrulelectoral.ro) that was connected with the public web as well as AEP’s internal network.

After the attack, log in details of Romanian election websites- bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration), were posted on a Russian cybercrime platform.

Motives for the attack

SRI believes the attacks 85,000 attacks lasted till November 25th, the motive was to gain access to election infrastructure and disrupt the systems to compromise election information for the public and restrict access to the systems. The declassified report mentions the attacker attempted to compromise the systems by exploiting SQL injection and cross-site scripting (XSS) flaws from devices in 33 countries. 

Romanian agency has warned that bugs are still affecting the election infrastructure and could be abused to move within the network and build a presence.

SRI notes in the declassified report that the threat actor tried to breach the systems by exploiting SQL injection and cross-site scripting (XSS) vulnerabilities from devices in more than 33 countries.

Influence campaign on elections

SRI believes Russia orchestrated the attacks as a part of a larger plan to disrupt democratic elections in Eastern Europe. The agency says Moscow perceives Romania as an ‘enemy nation’ because the latter supports NATO and Ukraine. The influence campaign tactics include disinformation, propaganda, and supporting European agendas shaping public opinion. 

Romania’s Foreign Intelligence Service (SIE) believes Russia targeted the country as part of broader efforts to influence democratic elections in Eastern Europe. Moscow views Romania as an “enemy state” due to its support for NATO and Ukraine. These influence operations include propaganda, disinformation, and support for eurosceptic agendas, aiming to shape public opinion favoring Russia. 

While there is no concrete proof showing Russia’s direct involvement in Romanian elections, the declassified document suggests Russia’s history of election meddling in other places.

Read more »
Russia
China Cyber Attacks Hacking Netherlands Russia

Russia and China Up Their Cyberattacks on Dutch Infrastructure, Security Report Warns

 


Dutch security authorities have recorded growing cyber threats from state-affiliated Russian and Chinese hackers targeting organisations in the country. The attacks, mostly to gain access to the critical infrastructure, are seen as preparations for future sabotage and for gathering sensitive information, according to a recent report by the Dutch National Coordinator for Security and Counterterrorism (NCTV).


Rise of Non-State Hackers in Support of Government Agendas

The report says cyber attacks can no longer be considered the preserve of state actors: in fact, it turns out that non-state hackers in Russia and China increasingly are joining in. Of course, Russia: for some of the past year's cyber espionage and sabotage, hacktivists--independent hacking groups not officially communicating with the government are said to have conducted parts of this past year. At times, Russian state cyber actors work in conjunction with them, sometimes using their cover for their own operations, sometimes directing them to fit state goals.

China's cyber operations often combine state intelligence resources with academic and corporate collaborations. Sometimes, persons are performing dual roles: conducting research or scientific duties coupled with pushing forward China's intelligence goals. Such close cooperation treads the fine line between private and state operations, introducing an element of complexity to China's cyber strategy.


China's Advancing Sabotage Capabilities

For some years now, Chinese cyber campaigns focused on espionage, particularly those targeting the Netherlands and other allies, have been well known. Recent developments over the past year, however, have found China's cyber strategies getting broader in scope and quite sophisticated. The recent "Volt Typhoon" campaign, attributed to China, was an example of shifting toward actual sabotage, where critical U.S. infrastructure is the chief target. Although Europe is not currently under such threats from Volt Typhoon, the Netherlands remains vigilant based on China's rapid advancements in its cyber capabilities, which will potentially be implemented globally at a later stage.


Cyber/Disinformation Combined Threat

In the Netherlands, there is a national coordinator for security and counterterrorism, Pieter-Jaap Aalbersberg, who underscored that cyber threats frequently act as part of an integrated approach, which includes information operations. Coordinated actions are riskier because the cyber attack and digital influence operation come together to compromise security. Aalbersberg indicated that risks need to be balanced collectively, both from direct cyber threats and other consequences.


Recent Breach in Dutch Police Forces Concerns

Earlier this month, the Dutch national police announced a breach into officers' personal contact details with thousands of officers being involved, including names, telephone numbers, and email. The attackers behind this breach are unknown, although it is believed that this incident is "very likely" to be carried out by a state-sponsored group. Still, no country was indicated.

The Dutch government views such heightened cyber hostility as pushing a stronger defensive response from its measures about the cybersecurity fields, particularly since the threats from Russians and Chinese are still multiplying. This scenario now presents strong appeal in asking for added fortifications at international cooperation and greater action in stopping these mounting operations of said aggressive expansions through cyber warfare.


Read more »
Social Media
Cyber Fraud disinformation campaign Doppelgänger Fraudulent Sites Meta Russia Social Media

Russian Disinformation Network Struggles to Survive Crackdown


 

The Russian disinformation network, known as Doppelgänger, is facing difficulties as it attempts to secure its operations in response to increased efforts to shut it down. According to a recent report by the Bavarian State Office for the Protection of the Constitution (BayLfV), the network has been scrambling to protect its systems and data after its activities were exposed.

Doppelgänger’s Activities and Challenges

Doppelgänger has been active in spreading false information across Europe since at least May 2022. The network has created numerous fake social media accounts, fraudulent websites posing as reputable news sources, and its own fake news platforms. These activities have primarily targeted Germany, France, the United States, Ukraine, and Israel, aiming to mislead the public and spread disinformation.

BayLfV’s report indicates that Doppelgänger’s operators were forced to take immediate action to back up their systems and secure their operations after it was revealed that European hosting companies were unknowingly providing services to the network. The German agency monitored the network closely and discovered details about the working patterns of those involved, noting that they operated during Russian office hours and took breaks on Russian holidays.

Connections to Russia

Further investigation by BayLfV uncovered clear links between Doppelgänger and Russia. The network used Russian IP addresses and the Cyrillic alphabet in its operations, reinforcing its connection to the Kremlin. The network's activities were timed with Moscow and St. Petersburg working hours, further suggesting coordination with Russian time zones.

This crackdown comes after a joint investigation by digital rights groups Qurium and EU DisinfoLab, which exposed Doppelgänger's infrastructure spread across at least ten European countries. Although German authorities were aware of the network’s activities, they had not taken proper action until recently.

Social Media Giant Meta's Response

Facebook’s parent company, Meta, has been actively working to combat Doppelgänger’s influence on its platforms. Meta reported that the network has been forced to change its tactics due to ongoing enforcement efforts. Since May, Meta has removed over 5,000 accounts and pages linked to Doppelgänger, disrupting its operations.

In an attempt to avoid detection, Doppelgänger has shifted its focus to spoofing websites of nonpolitical and entertainment news outlets, such as Cosmopolitan and The New Yorker. However, Meta noted that most of these efforts are being caught quickly, either before they go live or shortly afterward, indicating that the network is struggling to maintain its previous level of influence.

Impact on Doppelgänger’s Operations

The pressure from law enforcement and social media platforms is clearly affecting Doppelgänger’s ability to operate. Meta highlighted that the quality of the network’s disinformation campaigns has declined as it struggles to adapt to the persistent enforcement. The goal is to continue increasing the cost of these operations for Doppelgänger, making it more difficult for the network to continue spreading false information.

This ongoing crackdown on Doppelgänger demonstrates the challenges in combating disinformation and the importance of coordinated efforts to protect the integrity of information in today’s digital environment


Read more »
Spear Phishing
Cyber Crime cyber espionage Hackers Russia Spear Phishing

Inside the Espionage: How Nobelium Targets French Diplomatic Staff


Cybersecurity threats have become increasingly sophisticated, and state-sponsored actors continue to target government institutions and diplomatic entities. One such incident involves a Russian threat actor known as “Nobelium,” which has been launching spear phishing attacks against French diplomats.

ANSSI Issued an Alert

France's cybersecurity agency, ANSSI, has issued a notice outlining a Russian spear phishing attempt aimed at French diplomats, the Record writes. The CIA connects the campaign to "Nobelium," a threat actor linked to Russia's Foreign Intelligence Service (SVR).

The Campaign

Nobelium, believed to have ties to Russia’s Foreign Intelligence Service (the SVR), primarily uses compromised legitimate email accounts belonging to diplomatic staff to conduct these attacks. The goal is to exfiltrate valuable intelligence and gain insights into French diplomatic activities.

Compromising Email Accounts of French Ministers

These events included the penetration of email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion, but according to ANSSI, the hackers were unable to access any elements of those networks other than the compromised inboxes.

However, the hackers subsequently used those email addresses to target other organizations, including France's Ministry of Foreign Affairs. ANSSI stated that Nobelium attempted to acquire remote access to the network by installing Cobalt Strike, a penetration testing system infamous for being abused by bad actors, but was unsuccessful.

Other occurrences reported by ANSSI included the use of a French diplomat's stolen email account to send a malicious message falsely proclaiming the closure of the French Embassy in South Africa due to an alleged terror assault.

Tactics and Techniques

Nobelium’s spear phishing campaigns are highly targeted. They craft convincing lure documents tailored to specific individuals within diplomatic institutions, embassies, and consulates. Here are some tactics and techniques they employ:

Email Spoofing: Nobelium impersonates trusted senders, often using official-looking email addresses. This makes it challenging for recipients to discern the malicious intent.

Lure Documents: The threat actor attaches seemingly innocuous files (such as PDFs or Word documents) to their emails. These files contain hidden malware or exploit vulnerabilities in software applications.

Social Engineering: Nobelium leverages social engineering techniques to manipulate recipients into opening the attachments. They might use urgent language, reference official matters, or create a sense of curiosity.

Credential Harvesting: Once the recipient opens the attachment, the malware may attempt to steal login credentials or gain unauthorized access to sensitive systems.

Read more »
Subscribe to: Posts (Atom)