ALL POSTS

Key Findings Google Threat Intelligence Group (GTIG) has identified a previously undocumented threat actor, possibly affiliated with Russian intelligence services, that has been targeting Ukrainian organizations with the CANFAIL malware. The threat actor has primarily targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments, but has also shown growing interest in aerospace, manufacturing with military/drone ties,

Key Findings Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement issued an international wanted notice for the group's alleged Russian ringleader, Oleg Nefedov. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, impacting over 500 organizations worldwide and causing hundreds of millions of dollars in damage. The cybercrime group has infected over 329 victims, i

Key Findings Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. The group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists. The accused individuals specialized in technical hacking, including credential theft and "has

Key Findings The Russia-aligned threat actor known as UAC-0184 (also tracked as Hive0156) has been targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. The attack campaign involves using Viber to distribute malicious ZIP files disguised as official Ukrainian parliamentary documents and military casualty data. The ZIP archives contain Windows shortcut (LNK) files posing as Microsoft Word and Excel do