The Breach News

Russian RomCom Group Targets Ukrainian Government with New SingleCamper RAT Variant

October 17, 2024
Threat Intelligence / Malware

The Russian threat actor RomCom has been linked to a surge of cyberattacks against Ukrainian government agencies and undisclosed Polish entities since late 2023. These intrusions utilize a new variant of the RomCom RAT, referred to as SingleCamper (also known as SnipBot or RomCom 5.0), according to Cisco Talos, which is monitoring this activity cluster under the designation UAT-5647. “This version is loaded directly from the registry into memory and communicates with its loader via a loopback address,” explained security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura. RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-faceted operations including ransomware, extortion, and targeted credential harvesting since its emergence in 2022. Recent assessments indicate that the frequency of their attacks has ramped up in recent months with the goal of establishing long-term persistent access.

Russian Cyber Actor RomCom Targets Ukrainian Government with New SingleCamper RAT Variant October 17, 2024 Threat Intelligence / Malware A recent wave of cyber attacks has been linked to the Russian threat actor known as RomCom, specifically targeting Ukrainian government agencies and undisclosed Polish entities since late 2023. This escalation…

Read More

Russian RomCom Group Targets Ukrainian Government with New SingleCamper RAT Variant

October 17, 2024
Threat Intelligence / Malware

The Russian threat actor RomCom has been linked to a surge of cyberattacks against Ukrainian government agencies and undisclosed Polish entities since late 2023. These intrusions utilize a new variant of the RomCom RAT, referred to as SingleCamper (also known as SnipBot or RomCom 5.0), according to Cisco Talos, which is monitoring this activity cluster under the designation UAT-5647. “This version is loaded directly from the registry into memory and communicates with its loader via a loopback address,” explained security researchers Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer, and Vitor Ventura. RomCom, also tracked as Storm-0978, Tropical Scorpius, UAC-0180, UNC2596, and Void Rabisu, has engaged in multi-faceted operations including ransomware, extortion, and targeted credential harvesting since its emergence in 2022. Recent assessments indicate that the frequency of their attacks has ramped up in recent months with the goal of establishing long-term persistent access.

Coordinated Attack Launches New Brute-Force Campaign Targeting Fortinet SSL VPN

A notable increase in brute-force attacks targeting Fortinet products may indicate the emergence of a new vulnerability. Analysis reveals a significant correlation between attack incidents and reported security flaws. Experts are raising concerns over a recent escalation in cyberattacks directed at Fortinet’s security offerings. On August 3, 2025, cybersecurity firm…

Read MoreCoordinated Attack Launches New Brute-Force Campaign Targeting Fortinet SSL VPN

Russian Hackers Take Advantage of WinRAR Zero-Day Vulnerability

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime RomCom Group Deploys SnipBot, RustyClaw, and Mythic Agent Variants Akshaya Asokan (@asokan_akshaya) • August 12, 2025 Image: WinRAR/Shutterstock/ISMG A Russian-speaking hacking collective has been observed exploiting a zero-day vulnerability in WinRAR, signaling a notable transition from traditional cybercrime to more sophisticated cyberespionage…

Read MoreRussian Hackers Take Advantage of WinRAR Zero-Day Vulnerability

⚡ Weekly Update: Chrome Vulnerability, Record 7.3 Tbps DDoS Attack, MFA Bypass Techniques, Banking Trojan Insights, and More

Jun 23, 2025
Cyber Security / Hacking News

Not every threat presents itself as an obvious attack. Some issues may emerge as minor glitches, odd logs, or subtle delays that initially seem inconsequential—until they escalate. Could your system be under scrutiny in unexpected ways? The most perilous actions often go unnoticed. It’s critical to consider: what unnoticed patterns and overlooked signals could indicate brewing problems? This week’s findings illuminate these quiet signals, from attacks leveraging trusted tools to bypass MFA to supply chain vulnerabilities masquerading as routine interactions. Here are the key highlights from the cybersecurity sphere:

Highlight of the Week
Cloudflare Thwarts Record-Breaking 7.3 Tbps DDoS Attack — Cloudflare reported it successfully defended against the largest distributed denial-of-service (DDoS) attack ever documented, peaking at 7.3 terabits per second (Tbps). This attack targeted an undisclosed hosting provider, delivering an astonishing 37.4 terabytes in just 45 seconds.

Weekly Cybersecurity Recap: Significant Threats and Concerns Uncovered Date: June 23, 2025 Category: Cyber Security / Hacking News In the evolving landscape of cybersecurity, the most pressing threats often manifest in subtle ways. Incidents that initially appear as minor glitches or unexpected delays can evolve into significant risks. It’s crucial…

Read More

⚡ Weekly Update: Chrome Vulnerability, Record 7.3 Tbps DDoS Attack, MFA Bypass Techniques, Banking Trojan Insights, and More

Jun 23, 2025
Cyber Security / Hacking News

Not every threat presents itself as an obvious attack. Some issues may emerge as minor glitches, odd logs, or subtle delays that initially seem inconsequential—until they escalate. Could your system be under scrutiny in unexpected ways? The most perilous actions often go unnoticed. It’s critical to consider: what unnoticed patterns and overlooked signals could indicate brewing problems? This week’s findings illuminate these quiet signals, from attacks leveraging trusted tools to bypass MFA to supply chain vulnerabilities masquerading as routine interactions. Here are the key highlights from the cybersecurity sphere:

Highlight of the Week
Cloudflare Thwarts Record-Breaking 7.3 Tbps DDoS Attack — Cloudflare reported it successfully defended against the largest distributed denial-of-service (DDoS) attack ever documented, peaking at 7.3 terabits per second (Tbps). This attack targeted an undisclosed hosting provider, delivering an astonishing 37.4 terabytes in just 45 seconds.

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Target Users with PDF-Based Callback Phishing Impersonating Microsoft and DocuSign July 2, 2025 Recent findings from cybersecurity experts highlight an alarming trend in phishing attacks that exploit the trust associated with reputable brands such as Microsoft and DocuSign. These campaigns leverage PDF attachments to manipulate unsuspecting victims into calling…

Read More

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Crypt Ghouls Target Russian Businesses with LockBit 3.0 and Babuk Ransomware Attacks

October 19, 2024
Network Security / Data Breach

A newly emerging threat group known as Crypt Ghouls has been identified in a series of cyberattacks aimed at Russian firms and government agencies. Their operations feature ransomware as a primary tool, focusing on disrupting business activities while reaping financial benefits. According to Kaspersky, “The group utilizes an arsenal of tools including Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, among others.” The primary ransomware employed in these attacks includes the notorious LockBit 3.0 and Babuk variants. Victims encompass various sectors, including government, mining, energy, finance, and retail throughout Russia. Kaspersky noted that they were able to identify the initial breach method in only two cases, where the attackers exploited a contractor’s VPN credentials to gain access to internal systems. These VPN connections reportedly came from IP addresses linked to a Russian hosting provider.

Crypt Ghouls Launch Ransomware Attacks Targeting Russian Enterprises On October 19, 2024, emerging cyber threat group Crypt Ghouls has been identified as a key player in a series of ransomware attacks aimed at Russian organizations. This group has strategically targeted businesses and government entities with the dual objective of disrupting…

Read More

Crypt Ghouls Target Russian Businesses with LockBit 3.0 and Babuk Ransomware Attacks

October 19, 2024
Network Security / Data Breach

A newly emerging threat group known as Crypt Ghouls has been identified in a series of cyberattacks aimed at Russian firms and government agencies. Their operations feature ransomware as a primary tool, focusing on disrupting business activities while reaping financial benefits. According to Kaspersky, “The group utilizes an arsenal of tools including Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, among others.” The primary ransomware employed in these attacks includes the notorious LockBit 3.0 and Babuk variants. Victims encompass various sectors, including government, mining, energy, finance, and retail throughout Russia. Kaspersky noted that they were able to identify the initial breach method in only two cases, where the attackers exploited a contractor’s VPN credentials to gain access to internal systems. These VPN connections reportedly came from IP addresses linked to a Russian hosting provider.

Russia Charged with Breaching Confidential US Court Filing System

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime US Government Attributes Significant Court Management System Breach to Russian Actors Chris Riotta (@chrisriotta) • August 12, 2025 Image: Ryan DeBerardinis/Shutterstock/ISMG The U.S. government has made allegations against Russia concerning a significant breach of a federal court filing system, resulting in the…

Read MoreRussia Charged with Breaching Confidential US Court Filing System