Russian State-Sponsored Hacking Extends Worldwide

Uploaded on 2024-11-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--International, FREE TO VIEW

A Russian cyber-espionage campaign has been hitting human rights groups, private security companies and educational institutions in Central Asia, East Asia, and Europe.

Now, based on the latest statements from its government, it is evident that Russia is ready to carry out cyber attacks on Britain and NATO allies in and effort to intimidate them and  to weaken support for Ukraine.

This week, a senior British government minister, Pat McFadden -  whose role includes responsibility for national security - told a NATO meeting that Russia could target the electric grid and and leave millions of consumers and businesses without power. 

This is the latest in a series of warnings about the cyber-warfare capabilities of Russia, which McFadden called a "hidden war" being waged against Ukraine. McFadden referred to Russian hacking group connected to the GRU military spy agency, known as Unit 29155, which the  says has carried out a number of attacks in the UK and Europe. 

Recorded Future’s Insikt Group has attributed other attacks TAG-110, another Russian threat actor, also  likely linked to the Russian cyber-espionage group APT28, which is also known as Fancy Bear.  

Fancy Bear is believed to act on the orders of the GRU and is thought to be behind several major attacks on Ukraine and its allies in recent years. In 2023 the group hacked the German Social Democratic Party, and was also responsible for large-scale disruption targeting the Polish government

Insikt Group has identified 62 unique TAG-110 victims, primarily in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan since July 2024. According to Insikt Group, these victims  were infected with the group’s custom malware, including the Hatvibe loader and the Cherryspy  backdoor.

The group used malicious Microsoft Word email attachments to deliver these tools against  targeted systems and exploit vulnerable web-facing services. 

TAG-110 allegedly has been spying for the Russian state since at least 2021, primarily targeting entities in Central Asia, Insikt Group said. The group has also targeted victims in India, Israel, Mongolia and Ukraine. Inskit Group researchers think that TAG-110’s campaigns will continue and likely focusing on post-Soviet Central Asian states, Ukraine and its allies.

The likely objective is to reinforce Russia’s military efforts in Ukraine and gather insights into geopolitical events in neighbouring countries, especially as Moscow’s relations with these nations have suffered following its failed invasion of Ukraine.   

NCSC   |   Recorded Future  |    Recorded Future   |    TEISS  |   Record  |   BBC  |   Guardian  |   

Hacker News    |    Infosecurity Magazine   

Image: Leestat

You Might Also Read: 

The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« Meta Deletes 2 Million Fake Social Media Accounts 
From Credentials To Identity: Understanding Digital Identity & Access »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

CyberGuru

CyberGuru

CyberGuru is a service provided by CyberSecurity Malaysia specializing in cyber security professional training and development.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.

TeamSystem

TeamSystem

TeamSystem is a leading tech company in the market for digital business management solutions for companies and professionals.

NVT Phybridge

NVT Phybridge

NVT Phybridge is a global leader in Power over Ethernet (PoE) switches and extender solutions.