Tag: nationstate
100 articles

NCSC Warns of Russia's Ongoing Router Exploits
Russia's notorious hackers, Fancy Bear, are exploiting routers to steal passwords and sensitive information, compromising the security of countless individuals and organisations. With around 5,000 devices and 200 organisations already affected, experts warn that this latest threat is one to take seriously.

APT28 Hijacks Routers to Steal Credentials via Malicious DNS Servers
Beware of invisible hands rerouting your online traffic: a state-linked Russian hacking group, APT28, has been hijacking routers to intercept credentials by manipulating DNS servers, putting your online security at risk. This stealthy tactic allows them to capture user authentication data, compromising your digital identity.

Law Enforcement Disrupts APT28's Router DNS Hijack Operation
In a major breakthrough, an international coalition of law enforcement authorities and private companies has successfully disrupted a sneaky DNS hijack operation by APT28, known as FrostArmada, that targeted home network routers to steal Microsoft account credentials. This operation thwarted the hackers' plan to intercept traffic and harvest cloud account keys, protecting countless individuals from potential cyber threats.

China-Linked Storm-1175 Weaponizes Zero-Days to Fuel Medusa Ransomware Blitz
Medusa ransomware attacks are happening at alarming speed, thanks to a China-linked threat actor called Storm-1175 that is exploiting a potent mix of zero-day and known vulnerabilities to rapidly infect exposed systems. This high-velocity campaign is a stark reminder of the evolving ransomware threat landscape.

Germany Names REvil, GandCrab Ransomware Leaders
German federal police have identified two Russian nationals as the masterminds behind the notorious REvil and GandCrab ransomware operations, shedding light on the elusive leaders of a global extortion network. This breakthrough has significant implications that extend far beyond a single investigation.

White House Proposes Sharp Cut to Cyber Defense Agency CISA
Can a cyber defense agency with a sharply reduced budget safeguard a nation that's more connected - and vulnerable - than ever? The White House's FY2027 budget proposal takes a concerning step back, slashing $707 million from CISA, the agency tasked with protecting against rising nation-state cyberthreats.

Iranian Hackers Launch Sustained Password-Spraying Attack on Israeli Microsoft 365 Users
Iranian hackers have launched a relentless password-spraying attack on hundreds of Israeli Microsoft 365 users, sparking urgent concerns about the security of cloud inboxes in the midst of a regional conflict. This ongoing campaign, attributed to an Iran-linked threat actor, has already targeted over 300 organizations in Israel and the UAE.

DPRK Hackers Exploit GitHub in Multi-Stage Attacks on South Korea
DPRK hackers have cleverly repurposed GitHub as a secret command center to launch multi-stage attacks on organizations in South Korea. This sneaky tactic starts with obfuscated Windows shortcut files, highlighting the growing creativity of North Korean threat actors.

Drift Protocol Hack Unfolds from Months-Long Insider Operation
The Drift Protocol hack, which resulted in a staggering $280 million loss, was not a quick exploit, but a meticulously planned six-month operation where attackers built a hidden presence within the ecosystem. This unprecedented breach reveals a shocking level of insider involvement, taking the attack far beyond a simple code vulnerability.

Germany Identifies Head of REvil, GandCrab Ransomware Gangs
Meet Daniil Maksimovich Shchukin, the 31-year-old Russian allegedly behind the notorious REvil and GandCrab ransomware gangs, whose online alias "UNKN" has finally been unmasked by German authorities. Shchukin's digital ghost has been tied to a wave of ransomware attacks targeting victims across Germany.

BKA Unmasks REvil Ransomware Leaders Behind 130 German Attacks
Germany's Federal Criminal Police Office has made a major breakthrough, unmasking the leaders behind the notorious REvil ransomware operation, responsible for 130 devastating attacks on companies, hospitals, and municipalities across the country. The culprits, once hidden behind aliases, have finally been exposed.

DPRK Exploits Solana Exchange in $285 Million Heist
In a shocking turn of events, a sophisticated social engineering operation by the DPRK culminated in a single-day heist of $285 million from Drift, a Solana-based decentralized exchange, on April 1, 2026. The attack was the result of a six-month campaign of persuasion that left users, engineers, and policymakers stunned.

Stryker Restores Manufacturing Systems After Iranian Hacktivist Attack
Stryker has successfully restored its manufacturing systems after a devastating cyberattack by an Iranian hacktivist group caused a global outage, and is now operating at full capacity across its global network. The company is still investigating the incident, but is reassuring customers that all is back to normal.

Vendor Breaches Spotlight Healthcare's Cyber Vulnerability
Recent vendor breaches have exposed healthcare's alarming cyber vulnerability, raising critical questions about who bears the cost - and the consequences - when a vendor's systems fail. As the threat landscape evolves, one thing is clear: the healthcare industry must rethink its approach to cybersecurity and vendor risk management.

European Commission Cloud Hack Compromises 30 EU Entities
A massive cloud hack has struck the European Commission, compromising the data of at least 30 EU entities, including the Commission itself, at the hands of the notorious threat group TeamPCP. This alarming breach raises critical questions about who holds the keys to the EU's cloud and what happens when they fall into the wrong hands.

Drift Protocol Exploited for $280 Million by North Korean Hackers
In a shocking and sophisticated attack, North Korean hackers seized control of the Drift Protocol's Security Council, resulting in a staggering loss of at least $280 million. This brazen exploit raises serious questions about the security of even the most trusted blockchain platforms.

FBI System Breach Exposes Sensitive Data
A major breach of an FBI system has sent shockwaves through the cybersecurity landscape, leaving organizations and individuals wondering if they're prepared for the worst. This alarming incident is just the latest in a string of high-profile hacks, including a data leak affecting 450,000 Lloyds records and a breach at the Dutch treasury.

Iowa AG Targets Change Healthcare Over Ransomware Lapses
Iowa's attorney general is taking a stand against UnitedHealth Group, seeking financial damages and major security overhauls after a devastating 2024 ransomware attack on its Change Healthcare unit. The bold move aims to hold the healthcare giant accountable and prevent similar cyberattacks in the future.

Drift Protocol Compromised in $280 Million Heist
In a shocking, high-stakes heist, a sophisticated threat actor exploited a vulnerability in Drift Protocol's governance, seizing control of its Security Council and making off with at least $280 million in a single, precision strike. This brazen breach serves as a stark reminder of the devastating consequences of compromised governance controls.

UK Warns of Targeted Attacks on WhatsApp and Signal Accounts
The UK's cybersecurity agency has issued a warning about hackers targeting WhatsApp and Signal accounts, specifically using social engineering tactics to gain access to private conversations. To stay safe, "high-risk" individuals can take steps to protect themselves from these types of cyber-attacks.

Google Exposes Sophisticated iPhone Hacking Tool Likely Tied to US Government
Imagine a single website visit being all it takes to secretly install malware on your iPhone, bypassing every defense along the way - that's the alarming reality uncovered by Google's security researchers. They've discovered a sophisticated hacking tool, dubbed Coruna, that exploits 23 iOS vulnerabilities to silently compromise devices.

WhatsApp Exposes Italian Users to Spyware via Fake iOS App
WhatsApp has alerted around 200 users, mostly in Italy, about a sneaky spyware attack that hit them after they downloaded a fake version of the app for iOS. This alarming incident raises a crucial question: how can you trust that the app on your phone is genuine?

Horabot Malware Targets Latin America, Europe in Sophisticated Phishing Drive
Beware of the sneaky Horabot malware that's targeting businesses and users in Latin America and Europe with cleverly disguised PDF attachments that deliver a devastating banking trojan. This sophisticated phishing campaign, linked to a notorious Brazilian cybercrime group, could be the ultimate cyber threat to your financial security.

Chinese Hackers Revive European Espionage Push
Chinese hackers, specifically the state-backed group TA416, appear to have hit the pause button on their European espionage operations - but don't take a sigh of relief just yet, as the silence in cyberspace can be deceiving. A cybersecurity firm, Proofpoint, has tracked the group's sudden absence since 2023, leaving defenders wondering if this is a temporary lull or a permanent win.