ALL POSTS

Key Findings Russian Intelligence Services-linked actors are conducting phishing campaigns targeting Signal and WhatsApp accounts of high-value targets including U.S. government officials, military personnel, politicians, and journalists Thousands of accounts have already been compromised worldwide through these operations Attackers bypass encryption by hijacking accounts rather than breaking encryption itself, using phishing to trick users into sharing verification codes or

Key Findings APT28, a Russian state-sponsored hacking group, has been observed using a pair of custom malware implants called BEARDSHELL and COVENANT for long-term surveillance of Ukrainian military personnel since April 2024. The malware families showcase the group's continued capabilities in developing advanced custom tools for espionage operations. BEARDSHELL is a C++ backdoor that downloads and executes PowerShell scripts, sending results via the Icedrive cloud storage se

Key Findings: Evgenii Ptitsyn, a 43-year-old Russian national, pleaded guilty to wire fraud conspiracy for his role in the Phobos ransomware operation. Ptitsyn was a high-level administrator of the Phobos ransomware-as-a-service (RaaS) operation. The Phobos ransomware operation targeted over 1,000 public and private entities worldwide, extorting more than $16 million in ransom payments. Ptitsyn and his co-conspirators used a RaaS model to distribute Phobos ransomware to a net

Key Findings: Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 (CVSS 8.8) before Microsoft patched it in February 2026 The vulnerability is an Internet Explorer security control bypass that can lead to code execution when a victim opens a malicious HTML page or LNK file Akamai researchers found a malicious sample uploaded to VirusTotal on January 2026 tied to infrastructure linked to APT28 The exploit relies on nested iframes and multiple DOM contexts t

Key Findings Google Threat Intelligence Group (GTIG) has identified a previously undocumented threat actor, possibly affiliated with Russian intelligence services, that has been targeting Ukrainian organizations with the CANFAIL malware. The threat actor has primarily targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments, but has also shown growing interest in aerospace, manufacturing with military/drone ties,

Key Findings The UK's National Cyber Security Centre (NCSC) has issued an alert regarding the persistent targeting of UK organizations by Russia-linked hacktivist groups. These groups, such as NoName057(16), are carrying out Distributed Denial of Service (DDoS) attacks to disrupt networks, take websites offline, and disable services. The attacks are ideologically motivated, reflecting an evolution in the threat landscape that now increasingly targets operational technology (O

Key Findings: Germany summoned Russia's ambassador over alleged cyberattacks on its air traffic control authority and a disinformation campaign ahead of national elections. The German government has clear evidence linking an August 2024 cyberattack on Deutsche Flugsicherung, the country's air traffic control authority, to the Russia-nexus group APT28 (aka Fancy Bear). Germany also accused Moscow of attempting to influence and destabilize Germany's federal election through a d

Key Findings The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer Timothy G. Brown. The SEC alleged in 2023 that SolarWinds and Brown had misled investors about the security practices that led to the 2020 supply chain attack, which was attributed to a Russian state-sponsored threat actor. However, in July 2024, many of these allegations were thrown out by the U.S. District Court for the South