GTIG’s STOCKSTAY research shows how Turla blends modular .NET malware, WebSocket C2, and diplomatic targeting. Here are the defensive lessons for SMBs and government contractors.
Microsoft reports that Kazuar, attributed to Russian state actor Secret Blizzard, has evolved into a modular P2P botnet. Here is what SMBs and government contractors should take from it defensively.
A pro-Ukrainian hacking group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since January 2025, with recent operations deploying a proprietary Windows ransomware strain called GenieLocker, according to research from Russian security vendor F6 via The Hacker News. Dual-Purpose Operations Bearlyfy (also known as Labubu) operates with dual objectives:…
Google Threat Intelligence Group (GTIG), iVerify, and Lookout have jointly uncovered DarkSword, a sophisticated iOS exploit kit that enables complete device compromise with minimal user interaction. The kit, operational since at least November 2025, has been deployed by suspected Russian state-sponsored actors targeting Ukrainian users, as well as commercial surveillance vendors across multiple countries. Six…
A year-long malware campaign targets HR departments through weaponized resume files, deploying the previously undocumented BlackSanta EDR killer that disables endpoint security tools at the kernel level.
Security researchers from ClearSky have uncovered a sophisticated Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware strains with distinctly playful names: BadPaw and MeowMeow. Despite their whimsical naming, these tools represent a serious threat designed for stealth, persistence, and evasion. The Attack Chain: From Phishing to Persistent Backdoor The campaign begins with…
Russia’s state-sponsored threat actor APT28 (also known as Fancy Bear) has been linked to active exploitation of CVE-2026-21513, a high-severity MSHTML zero-day vulnerability, before Microsoft released its patch in February 2026. This finding comes from new research published by Akamai, highlighting the sophisticated tradecraft employed by Russian intelligence operations. Vulnerability Details CVE-2026-21513 carries a CVSS…
Russian cyberattacks targeting Ukraine’s energy infrastructure have shifted focus from immediate disruption to intelligence gathering for guiding missile strikes, Ukrainian cybersecurity officials revealed at the Kyiv International Cyber Resilience Forum. Strategic Shift in Attack Methodology Oleksandr Potii, head of Ukraine’s State Service of Special Communications and Information Protection, confirmed that attackers are now prioritizing reconnaissance…
A Russian-linked cybercrime group dubbed Diesel Vortex has been systematically targeting the global freight and logistics industry, stealing over 1,600 unique login credentials from users of major logistics platforms in a sophisticated phishing campaign that ran from September 2025 through February 2026. Campaign Overview Security researchers at Have I Been Squatted, in collaboration with Ctrl-Alt-Intel,…
Russia-linked APT28 (also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has launched a sophisticated espionage campaign targeting entities across Western and Central Europe. The operation, codenamed Operation MacroMaze by S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. Campaign Overview Operation MacroMaze demonstrates that simplicity…
