Lightnews — Scholar-powered news

CyberWatchers @cyberwatchers.bsky.social · 4d

Looks like this is the original post...
hackforums.net/showthread.p...

Links back to the okenit-hackers github repositories.
github.com/okenit-hackers

1

CyberWatchers @cyberwatchers.bsky.social · 4d

"This leak could expose the tools, techniques, and infrastructure used in state-sponsored information warfare and cyber-espionage campaigns."

#Russia #GRU #hack

www.brinztech.com/breach-alert...

Hacker Claims Breach of GRU-Linked Russian Firm, Leaks Malware and 'Troll Farm' Data

Meta Description: A hacker has claimed to have breached a Russian firm allegedly working for the GRU, exfiltrating and leaking sensitive data including custom malware and a "troll farm management syst...

www.brinztech.com

1

CyberWatchers @cyberwatchers.bsky.social · 9d

The Evolution of Russian Physical-Cyber Espionage - GRU hackers 'APT28, have long combined digital intrusions with physical tradecraft and human assets.'

www.trellix.com/blogs/resear...

www.trellix.com

CyberWatchers @cyberwatchers.bsky.social · 18d

Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia.
unit42.paloaltonetworks.com/phantom-taur...

Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite

Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group's distinctive toolset lead to uncovering their existence.

unit42.paloaltonetworks.com

CyberWatchers @cyberwatchers.bsky.social · 18d

Two Dutch teens were allegedly contacted by pro-Russian hackers on Telegram. It was reported that the two were arrested “on suspicions that are linked to government-sponsored interference.”
thecyberexpress.com/wifi-sniffer...

WiFi Sniffer Leads to Russian Spying Charges for Dutch Teens

Two teenagers in the Netherlands face charges that they allegedly spied for pro-Russia hackers. The 17-year-old boys were reportedly arrested

thecyberexpress.com

CyberWatchers @cyberwatchers.bsky.social · 24d

thehackernews.com/2025/09/unc5...

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

UNC5221 uses BRICKSTORM malware to maintain 393-day stealthy access to U.S. SaaS, legal, and tech sectors.

thehackernews.com

CyberWatchers @cyberwatchers.bsky.social · 24d

ThreatLabz discovered a multi-stage ClickFix campaign that is likely affiliated with the nation-state threat group known as COLDRIVER, a Russia-linked APT group that has mainly targeted dissidents and their supporters through phishing campaigns.
www.zscaler.com/blogs/securi...

COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz

The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.

www.zscaler.com

Reposted by CyberWatchers

Jessica Lyons @jessicalyons.bsky.social · 25d

SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated attacker to run commands on a host machine.

SolarWinds patches critical RCE - for the third time

: Or maybe 3 strikes, you're out?

www.theregister.com

3 9

Reposted by CyberWatchers

Marcus Hutchins @malwaretech.com · 25d

Putting the Secret Service's nonsense framing aside, it's a pretty cool discovery. Those black boxes are SIM gateways which you plug sim cards into and they act like virtual cell phones. They then route the access over the internet so people can use the sim cards from anywhere in the world.🧵
1/3

6 54 210

Reposted by CyberWatchers

Euromaidan Press @euromaidanpress.bsky.social · 25d

A former Florida police officer now runs a Kremlin-backed troll empire, an investigation found

Using AI tools like Llama 3, the network churns out fabricated news and deepfakes to undermine Ukraine's aid and meddle in elections in the West
euromaidanpress.com/2025/09/23/f...

Former Florida cop turned Kremlin operative, spreading Russian propaganda through over 200 fake news websites

John Mark Dougan fled to Moscow in 2016 after facing charges in Florida, then received political asylum and now coordinates GRU-funded servers running AI models.

euromaidanpress.com

4 36 90

Reposted by CyberWatchers

Catalin Cimpanu @campuscodi.risky.biz · 25d

-US raids SIM farm in New York
-EU airport disruptions caused by ransomware
-Thieves steal gold from French museum after cyberattack
-SonicWall firmware update removes rootkit
-Jaguar ransomware incident extends to October

Podcast: risky.biz/RBNEWS482/
Newsletter: news.risky.biz/risky-bullet...

2 18 57

Reposted by CyberWatchers

InfoSec @infosec.skyfleet.blue · 25d

U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Disabling Cell Phone Towers

cybersecuritynews.com

3 9 35

CyberWatchers @cyberwatchers.bsky.social · Sep 16

Sekoia.io’s Threat Detection and Response (TDR) team closely monitors APT28 as one of its highest-priority threat actors.
https://blog.sekoia.io/apt28-operation-phantom-net-voxel/

APT28 Operation Phantom Net Voxel

APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.

blog.sekoia.io

CyberWatchers @cyberwatchers.bsky.social · Jul 8

"a comprehensive exploration of Russia’s integrated cyber warfare doctrine, where digital intrusion, kinetic disruption, and state-controlled defense architecture operate in concert."
treadstone71.com/index.php/un...

Treadstone 71 - Unit 29155 - APT28 - GosSOPKA

Three linked intelligence reports reveal how APT28, GRU Unit 29155, and GosSOPKA form the offensive and defensive pillars of Russia’s cyber warfare doctrine.

treadstone71.com

CyberWatchers @cyberwatchers.bsky.social · Jul 7

"the cost of ransomware isn't just in ransom paid, but in days or weeks of downtime, regulatory penalties, and reputation loss. The cost of building an IRE is less than a breach, and the peace of mind it offers is far greater."

cloud.google.com/blog/topics/...

Isolated Recovery Environments: A Critical Layer in Modern Cyber Resilience | Google Cloud Blog

How isolated recovery environments differ from traditional disaster recovery strategies, and how to implement them.

cloud.google.com

CyberWatchers @cyberwatchers.bsky.social · Jul 7

thehackernews.com/2025/07/tag-...

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

TAG-140 targets Indian government sectors with DRAT V2, evolving malware and tactics for greater persistence

thehackernews.com

CyberWatchers @cyberwatchers.bsky.social · Jul 7

www.infosecurity-magazine.com/news/hundred...

Hundreds of Malicious Domains Registered Ahead of Prime Day

Check Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day

www.infosecurity-magazine.com

CyberWatchers @cyberwatchers.bsky.social · Jul 4

cepa.org/article/russ...

Russia’s Cyber Warriors Assail NATO-Linked Private Companies

The West’s private sector has still not understood the threat posed by Russian cyber intelligence groups. That’s foolish.

cepa.org

CyberWatchers @cyberwatchers.bsky.social · Jul 2

www.securityweek.com/iranian-hack...

Iranian Hackers' Preferred ICS Targets Left Open Amid Fresh US Attack Warning

The US government is again warning about potential Iranian cyberattacks as researchers find that hackers’ favorite ICS targets remain exposed.

www.securityweek.com

CyberWatchers @cyberwatchers.bsky.social · Jul 2

www.fdd.org/analysis/202...

Chinese Scholars Probe for Weaknesses in Western Electricity Grids

Chinese academics are taking a keen interest in the vulnerabilities of America’s energy grid. On June 19, the Czech Technical University in Prague published a paper revealing that Chinese scholars are...

www.fdd.org

CyberWatchers @cyberwatchers.bsky.social · May 29

From phishing to privilege escalation, this ongoing campaign targets critical infrastructure, government entities, and NATO-aligned organizations, particularly those supporting Ukraine.
socradar.io/gru-backed-a...

How GRU-Backed APT28 is Waging Cyber War on NATO’s Digital Frontlines - SOCRadar® Cyber Intelligence Inc.

In a world increasingly defined by digital borders, one adversary continues to test the cyber resilience of the West — Russia’s GRU-backed APT28, also known

socradar.io

CyberWatchers @cyberwatchers.bsky.social · May 29

Evidence of DanaBot's alignment with Russian state interests emerged shortly after Russia's full-scale invasion of Ukraine.
www.crowdstrike.com/en-us/blog/c...

CrowdStrike Partners with DOJ to Disrupt DanaBot Malware Operators

The DOJ unsealed an indictment against Russian nationals behind DanaBot malware, exposing key details of a modern eCrime malware-as-a-service (MaaS) operation.

www.crowdstrike.com

CyberWatchers @cyberwatchers.bsky.social · May 28

www.scworld.com/news/mandian...

Mandiant finds more than 30 fake AI websites spreading malware

Thousands of social media ads promoted sites impersonating legitimate GenAI tools.

www.scworld.com

CyberWatchers @cyberwatchers.bsky.social · May 13

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability in the messaging app Output Messenger.
www.microsoft.com/en-us/securi...

Marbled Dust leverages zero-day in Output Messenger for regional espionage | Microsoft Security Blog

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-202...

www.microsoft.com

CyberWatchers @cyberwatchers.bsky.social · May 8

Google Threat Intelligence Group (GTIG) has identified a new piece of malware called LOSTKEYS, attributed to the Russian government-backed threat group COLDRIVER (also known as UNC4057, Star Blizzard, and Callisto).

cloud.google.com/blog/topics/...

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs | Google Cloud Blog

Russian government-backed group COLDRIVER is using LOSTKEYS malware to steal files and system information from NGOs and western targets.

cloud.google.com