russia - AlphaHunt

romcom

RomCom’s WinRAR Exploit: Persistent Startup Folder Attacks and Encrypted C2 Exfiltration Targeting Critical Sectors

Russian-linked RomCom is abusing a critical WinRAR bug to quietly persist in networks, move laterally, and siphon data over encrypted channels — hitting government, finance, and telecom sectors hard. Patch lag is keeping doors wide open.

darkwatchman

DarkWatchMan and Hive0117: Fileless Malware Evolution Targeting Russian Critical Infrastructure

DarkWatchMan is a fileless, modular malware family first observed in late 2021 and attributed to the financially motivated Hive0117 group. The malware is primarily delivered via spear-phishing emails containing password-protected archives, targeting Russian critical infrastructure (energy, etc).

sandworm

Sandworm’s Evolving Playbook: Destructive Malware, BadPilot Subgroup, and the Escalating Threat to Global Critical Infrastructure

Sandworm, a Russian GRU-affiliated cyber threat group (Unit 74455), continues to escalate its offensive cyber operations, with a primary focus on Ukraine and Western allies. The group is notorious for high-impact attacks such as the 2015-2016 Ukrainian power grid blackouts...

void-blizzard

Void Blizzard: Russian State-Backed Cloud Espionage, AitM Phishing, and LOTL Tactics Targeting NATO and Allies

Void Blizzard, a Russian state-sponsored APT attributed to the GRU and tracked as Laundry Bear by Dutch intelligence, has rapidly emerged as a major cyber espionage threat since April 2024. The group targets government, defense, telecommunications, NGOs, and critical infrastructure across NATO...

russia

LOSTKEYS: COLDRIVER’s Next-Gen Social Engineering Malware and the Evolution of Russian State Espionage Tactics

LOSTKEYS, first observed in early 2025, marks a significant evolution in Russian cyber-espionage, attributed to the FSB-backed COLDRIVER group. Unlike traditional spear-phishing, LOSTKEYS employs a sophisticated multi-stage infection chain initiated by fake CAPTCHA lure websites (ClickFix)...

apt

Strategic Cyber Threats: Chinese, Russian, and North Korean APTs.. How are they different?

Recent trends indicate a shared interest among these state-sponsored groups in exploiting vulnerabilities and utilizing AI tools like Google's Gemini to improve their cyberattack capabilities.

apt28

GruesomeLarch: Unveiling the Sophisticated Cyber-Espionage Tactics of a Russian Nation-State Actor

The threat actor known as "GruesomeLarch," also publicly recognized as Fancy Bear (APT28), has been identified as a sophisticated Russian nation-state group involved in cyber-espionage activities.

midnight-blizzard

Midnight Blizzard: Unmasking the Espionage Tactics of Russia's Elite Cyber Threat Actor -- What's Next?

Midnight Blizzard, a cyber threat actor linked to Russia's Foreign Intelligence Service (SVR), has been a persistent menace in the cyber espionage landscape, targeting sectors such as government, defense, academia, and non-governmental organizations.

apt

THREAT-ACTOR - FIN7: A Persistent Cyber Threat with Evolving Tactics

Their primary motivation is financial gain, focusing on sectors rich in valuable data and assets...

threat-actors

RESEARCH: Bear Eats TeamViewer..

This breach is significant due to TeamViewer's widespread use in remote access and management, making it a critical target for cyber threats. The breach has been attributed to APT29, a state-sponsored threat actor associated with...