Russian State-Sponsored Hacking Extends Worldwide

A Russian cyber-espionage campaign has been hitting human rights groups, private security companies and educational institutions in Central Asia, East Asia, and Europe.

Now, based on the latest statements from its government, it is evident that Russia is ready to carry out cyber attacks on Britain and NATO allies in and effort to intimidate them and  to weaken support for Ukraine.

This week, a senior British government minister, Pat McFadden -  whose role includes responsibility for national security - told a NATO meeting that Russia could target the electric grid and and leave millions of consumers and businesses without power. 

This is the latest in a series of warnings about the cyber-warfare capabilities of Russia, which McFadden called a "hidden war" being waged against Ukraine. McFadden referred to Russian hacking group connected to the GRU military spy agency, known as Unit 29155, which the  says has carried out a number of attacks in the UK and Europe. 

Recorded Future’s Insikt Group has attributed other attacks TAG-110, another Russian threat actor, also  likely linked to the Russian cyber-espionage group APT28, which is also known as Fancy Bear.  

Fancy Bear is believed to act on the orders of the GRU and is thought to be behind several major attacks on Ukraine and its allies in recent years. In 2023 the group hacked the German Social Democratic Party, and was also responsible for large-scale disruption targeting the Polish government

Insikt Group has identified 62 unique TAG-110 victims, primarily in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan since July 2024. According to Insikt Group, these victims  were infected with the group’s custom malware, including the Hatvibe loader and the Cherryspy  backdoor.

The group used malicious Microsoft Word email attachments to deliver these tools against  targeted systems and exploit vulnerable web-facing services. 

TAG-110 allegedly has been spying for the Russian state since at least 2021, primarily targeting entities in Central Asia, Insikt Group said. The group has also targeted victims in India, Israel, Mongolia and Ukraine. Inskit Group researchers think that TAG-110’s campaigns will continue and likely focusing on post-Soviet Central Asian states, Ukraine and its allies.

The likely objective is to reinforce Russia’s military efforts in Ukraine and gather insights into geopolitical events in neighbouring countries, especially as Moscow’s relations with these nations have suffered following its failed invasion of Ukraine.   

NCSC   |   Recorded Future  |    Recorded Future   |    TEISS  |   Record  |   BBC  |   Guardian  |   

Hacker News    |    Infosecurity Magazine   

Image: Leestat

You Might Also Read: 

The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible






 

« Meta Deletes 2 Million Fake Social Media Accounts 
From Credentials To Identity: Understanding Digital Identity & Access »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

SISSDEN

SISSDEN

SISSDEN will improve cybersecurity through the development of increased awareness and the effective sharing of actionable threat information.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Qasky

Qasky

Anhui Qasky Quantum Technology Co. Ltd. (Qasky) is a new high-tech enterprise engaged in quantum information technology industrialization in China.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

ArmorCode

ArmorCode

ArmorCode's intelligent application security platform gives us unified visibility into AppSec postures and automates complex DevSecOps workflows.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Longbow Security

Longbow Security

Longbow automates root cause for your application and cloud risks, enabling teams with intelligent remediation actions that reduce the most risk with the least effort.