Malware & Threats How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations. Ryan NaraineFebruary 19, 2025
Nation-State Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence. Ionut ArghireFebruary 12, 2025
Malware & Threats Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy. Kevin TownsendApril 17, 2024
Nation-State Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44 Mandiant summarizes some of the latest operations of Russia’s notorious Sandworm group, which it now tracks as APT44. Eduard KovacsApril 17, 2024
Cyberwarfare Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes Mandiant says Russia's Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across... Ryan NaraineNovember 9, 2023
Cybercrime Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw Google says it is still catching government-backed groups linked to China and Russia launching WinRAR exploits in targeted attacks. Ryan NaraineOctober 18, 2023
Cloud Security AWS Using MadPot Decoy System to Disrupt APTs, Botnets AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. Ryan NaraineSeptember 29, 2023