Skip to main content

Tag: nationstate

100 articles

Worn router on a desk surrounded by candles with a looming Russian shadow.

NCSC Warns of Russia's Ongoing Router Exploits

Russia's notorious hackers, Fancy Bear, are exploiting routers to steal passwords and sensitive information, compromising the security of countless individuals and organisations. With around 5,000 devices and 200 organisations already affected, experts warn that this latest threat is one to take seriously.

Analyst 207
APT28 Hijacks Routers to Steal Credentials via Malicious DNS Servers

APT28 Hijacks Routers to Steal Credentials via Malicious DNS Servers

Beware of invisible hands rerouting your online traffic: a state-linked Russian hacking group, APT28, has been hijacking routers to intercept credentials by manipulating DNS servers, putting your online security at risk. This stealthy tactic allows them to capture user authentication data, compromising your digital identity.

Analyst 207
Law Enforcement Disrupts APT28's Router DNS Hijack Operation

Law Enforcement Disrupts APT28's Router DNS Hijack Operation

In a major breakthrough, an international coalition of law enforcement authorities and private companies has successfully disrupted a sneaky DNS hijack operation by APT28, known as FrostArmada, that targeted home network routers to steal Microsoft account credentials. This operation thwarted the hackers' plan to intercept traffic and harvest cloud account keys, protecting countless individuals from potential cyber threats.

Analyst 207
China-Linked Storm-1175 Weaponizes Zero-Days to Fuel Medusa Ransomware Blitz

China-Linked Storm-1175 Weaponizes Zero-Days to Fuel Medusa Ransomware Blitz

Medusa ransomware attacks are happening at alarming speed, thanks to a China-linked threat actor called Storm-1175 that is exploiting a potent mix of zero-day and known vulnerabilities to rapidly infect exposed systems. This high-velocity campaign is a stark reminder of the evolving ransomware threat landscape.

Analyst 207
Germany Names REvil, GandCrab Ransomware Leaders

Germany Names REvil, GandCrab Ransomware Leaders

German federal police have identified two Russian nationals as the masterminds behind the notorious REvil and GandCrab ransomware operations, shedding light on the elusive leaders of a global extortion network. This breakthrough has significant implications that extend far beyond a single investigation.

Analyst 207
White House Proposes Sharp Cut to Cyber Defense Agency CISA

White House Proposes Sharp Cut to Cyber Defense Agency CISA

Can a cyber defense agency with a sharply reduced budget safeguard a nation that's more connected - and vulnerable - than ever? The White House's FY2027 budget proposal takes a concerning step back, slashing $707 million from CISA, the agency tasked with protecting against rising nation-state cyberthreats.

Analyst 207
Iranian Hackers Launch Sustained Password-Spraying Attack on Israeli Microsoft 365 Users

Iranian Hackers Launch Sustained Password-Spraying Attack on Israeli Microsoft 365 Users

Iranian hackers have launched a relentless password-spraying attack on hundreds of Israeli Microsoft 365 users, sparking urgent concerns about the security of cloud inboxes in the midst of a regional conflict. This ongoing campaign, attributed to an Iran-linked threat actor, has already targeted over 300 organizations in Israel and the UAE.

Analyst 207
DPRK Hackers Exploit GitHub in Multi-Stage Attacks on South Korea

DPRK Hackers Exploit GitHub in Multi-Stage Attacks on South Korea

DPRK hackers have cleverly repurposed GitHub as a secret command center to launch multi-stage attacks on organizations in South Korea. This sneaky tactic starts with obfuscated Windows shortcut files, highlighting the growing creativity of North Korean threat actors.

Analyst 207
Drift Protocol Hack Unfolds from Months-Long Insider Operation

Drift Protocol Hack Unfolds from Months-Long Insider Operation

The Drift Protocol hack, which resulted in a staggering $280 million loss, was not a quick exploit, but a meticulously planned six-month operation where attackers built a hidden presence within the ecosystem. This unprecedented breach reveals a shocking level of insider involvement, taking the attack far beyond a simple code vulnerability.

Analyst 207
Germany Identifies Head of REvil, GandCrab Ransomware Gangs

Germany Identifies Head of REvil, GandCrab Ransomware Gangs

Meet Daniil Maksimovich Shchukin, the 31-year-old Russian allegedly behind the notorious REvil and GandCrab ransomware gangs, whose online alias "UNKN" has finally been unmasked by German authorities. Shchukin's digital ghost has been tied to a wave of ransomware attacks targeting victims across Germany.

Analyst 207
BKA Unmasks REvil Ransomware Leaders Behind 130 German Attacks

BKA Unmasks REvil Ransomware Leaders Behind 130 German Attacks

Germany's Federal Criminal Police Office has made a major breakthrough, unmasking the leaders behind the notorious REvil ransomware operation, responsible for 130 devastating attacks on companies, hospitals, and municipalities across the country. The culprits, once hidden behind aliases, have finally been exposed.

Analyst 207
DPRK Exploits Solana Exchange in $285 Million Heist

DPRK Exploits Solana Exchange in $285 Million Heist

In a shocking turn of events, a sophisticated social engineering operation by the DPRK culminated in a single-day heist of $285 million from Drift, a Solana-based decentralized exchange, on April 1, 2026. The attack was the result of a six-month campaign of persuasion that left users, engineers, and policymakers stunned.

Analyst 207
Stryker Restores Manufacturing Systems After Iranian Hacktivist Attack

Stryker Restores Manufacturing Systems After Iranian Hacktivist Attack

Stryker has successfully restored its manufacturing systems after a devastating cyberattack by an Iranian hacktivist group caused a global outage, and is now operating at full capacity across its global network. The company is still investigating the incident, but is reassuring customers that all is back to normal.

Analyst 207
Vendor Breaches Spotlight Healthcare's Cyber Vulnerability

Vendor Breaches Spotlight Healthcare's Cyber Vulnerability

Recent vendor breaches have exposed healthcare's alarming cyber vulnerability, raising critical questions about who bears the cost - and the consequences - when a vendor's systems fail. As the threat landscape evolves, one thing is clear: the healthcare industry must rethink its approach to cybersecurity and vendor risk management.

Analyst 207
European Commission Cloud Hack Compromises 30 EU Entities

European Commission Cloud Hack Compromises 30 EU Entities

A massive cloud hack has struck the European Commission, compromising the data of at least 30 EU entities, including the Commission itself, at the hands of the notorious threat group TeamPCP. This alarming breach raises critical questions about who holds the keys to the EU's cloud and what happens when they fall into the wrong hands.

Analyst 207
Drift Protocol Exploited for $280 Million by North Korean Hackers

Drift Protocol Exploited for $280 Million by North Korean Hackers

In a shocking and sophisticated attack, North Korean hackers seized control of the Drift Protocol's Security Council, resulting in a staggering loss of at least $280 million. This brazen exploit raises serious questions about the security of even the most trusted blockchain platforms.

Analyst 207
FBI System Breach Exposes Sensitive Data

FBI System Breach Exposes Sensitive Data

A major breach of an FBI system has sent shockwaves through the cybersecurity landscape, leaving organizations and individuals wondering if they're prepared for the worst. This alarming incident is just the latest in a string of high-profile hacks, including a data leak affecting 450,000 Lloyds records and a breach at the Dutch treasury.

Analyst 207
Iowa AG Targets Change Healthcare Over Ransomware Lapses

Iowa AG Targets Change Healthcare Over Ransomware Lapses

Iowa's attorney general is taking a stand against UnitedHealth Group, seeking financial damages and major security overhauls after a devastating 2024 ransomware attack on its Change Healthcare unit. The bold move aims to hold the healthcare giant accountable and prevent similar cyberattacks in the future.

Analyst 207
Drift Protocol Compromised in $280 Million Heist

Drift Protocol Compromised in $280 Million Heist

In a shocking, high-stakes heist, a sophisticated threat actor exploited a vulnerability in Drift Protocol's governance, seizing control of its Security Council and making off with at least $280 million in a single, precision strike. This brazen breach serves as a stark reminder of the devastating consequences of compromised governance controls.

Analyst 207
UK Warns of Targeted Attacks on WhatsApp and Signal Accounts

UK Warns of Targeted Attacks on WhatsApp and Signal Accounts

The UK's cybersecurity agency has issued a warning about hackers targeting WhatsApp and Signal accounts, specifically using social engineering tactics to gain access to private conversations. To stay safe, "high-risk" individuals can take steps to protect themselves from these types of cyber-attacks.

Analyst 207
Google Exposes Sophisticated iPhone Hacking Tool Likely Tied to US Government

Google Exposes Sophisticated iPhone Hacking Tool Likely Tied to US Government

Imagine a single website visit being all it takes to secretly install malware on your iPhone, bypassing every defense along the way - that's the alarming reality uncovered by Google's security researchers. They've discovered a sophisticated hacking tool, dubbed Coruna, that exploits 23 iOS vulnerabilities to silently compromise devices.

Analyst 207
WhatsApp Exposes Italian Users to Spyware via Fake iOS App

WhatsApp Exposes Italian Users to Spyware via Fake iOS App

WhatsApp has alerted around 200 users, mostly in Italy, about a sneaky spyware attack that hit them after they downloaded a fake version of the app for iOS. This alarming incident raises a crucial question: how can you trust that the app on your phone is genuine?

Analyst 207
Horabot Malware Targets Latin America, Europe in Sophisticated Phishing Drive

Horabot Malware Targets Latin America, Europe in Sophisticated Phishing Drive

Beware of the sneaky Horabot malware that's targeting businesses and users in Latin America and Europe with cleverly disguised PDF attachments that deliver a devastating banking trojan. This sophisticated phishing campaign, linked to a notorious Brazilian cybercrime group, could be the ultimate cyber threat to your financial security.

Analyst 207
Chinese Hackers Revive European Espionage Push

Chinese Hackers Revive European Espionage Push

Chinese hackers, specifically the state-backed group TA416, appear to have hit the pause button on their European espionage operations - but don't take a sigh of relief just yet, as the silence in cyberspace can be deceiving. A cybersecurity firm, Proofpoint, has tracked the group's sudden absence since 2023, leaving defenders wondering if this is a temporary lull or a permanent win.

Analyst 207