Tag Kaspersky

Cloud Atlas Unleashes VBCloud Malware: Over 80% of Affected Targets in Russia

Dec 27, 2024
Cyber Attack / Data Theft

The cyber threat group known as Cloud Atlas has been detected utilizing a newly identified malware named VBCloud in its attack campaigns throughout 2024. According to Kaspersky researcher Oleg Kupreev, victims are infected through phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and run malware code. Notably, over 80% of the targets are based in Russia, with additional victims reported in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam. Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is an unidentified threat actor group that has been operational since 2014. In December 2022, the group was tied to cyber attacks on Russia, Belarus, and Transnistria, deploying a PowerShell-based backdoor called PowerShower.

Cloud Atlas Unleashes VBCloud Malware: Majority of Targets Located in Russia December 27, 2024 Cyber Attack / Data Theft Recent observations have revealed that the cyber threat group known as Cloud Atlas has deployed an emerging malware variant referred to as VBCloud in a series of targeted attacks throughout 2024.…

Read More

Cloud Atlas Unleashes VBCloud Malware: Over 80% of Affected Targets in Russia

Dec 27, 2024
Cyber Attack / Data Theft

The cyber threat group known as Cloud Atlas has been detected utilizing a newly identified malware named VBCloud in its attack campaigns throughout 2024. According to Kaspersky researcher Oleg Kupreev, victims are infected through phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and run malware code. Notably, over 80% of the targets are based in Russia, with additional victims reported in Belarus, Canada, Moldova, Israel, Kyrgyzstan, Turkey, and Vietnam. Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is an unidentified threat actor group that has been operational since 2014. In December 2022, the group was tied to cyber attacks on Russia, Belarus, and Transnistria, deploying a PowerShell-based backdoor called PowerShower.

Microsoft Uncovers Russian Hackers Aiming at Foreign Embassies

New Malware Exploit: ApolloShadow Targets Vulnerable Networks In a recent cybersecurity breach, researchers have identified a new malware strain dubbed ApolloShadow that exploits captive portal mechanisms to gain unauthorized access to systems. This sophisticated malware primarily targets Windows devices, taking advantage of their connectivity routines to execute its malicious agenda.…

Read MoreMicrosoft Uncovers Russian Hackers Aiming at Foreign Embassies

The Kremlin’s Cunning Hacking Group Leverages Russian ISPs to Deploy Spyware

The Russian hacker group Turla, known for their advanced cyberespionage techniques, has been linked to a new spying method that demonstrates their sophisticated approach to cyber operations. This group has made headlines for utilizing unorthodox methods, such as embedding malware communications in satellite connections or commandeering other hackers’ operations to…

Read MoreThe Kremlin’s Cunning Hacking Group Leverages Russian ISPs to Deploy Spyware

Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents

Cyber Espionage / Threat Intelligence
July 08, 2025

An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.

Unveiling Batavia: New Spyware Targeting Russian Firms for Cyber Espionage In a recent development within the sphere of cyber espionage, researchers have identified a previously unreported piece of Windows spyware dubbed Batavia, specifically designed to infiltrate Russian organizations. This activity, which cybersecurity firm Kaspersky reports has been ongoing since July…

Read More

Researchers Discover Batavia Windows Spyware Targeting Russian Firms to Steal Documents

Cyber Espionage / Threat Intelligence
July 08, 2025

An ongoing cyber-espionage campaign has been identified, targeting Russian organizations with a new strain of Windows spyware known as Batavia. According to cybersecurity firm Kaspersky, the operation has been active since July 2024. The attack typically begins with phishing emails that contain malicious links, disguised as communications regarding contract agreements. “The primary objective of this attack is to deploy the previously unknown Batavia spyware to steal internal documents from the targeted organizations,” Kaspersky reported. These emails originate from the domain “oblast-ru[.]com,” believed to be controlled by the attackers. The links in these emails lead recipients to download an archive file that contains a malicious Visual Basic Encoded script (.VBE). Once executed, the script gathers system information from the compromised host and transmits it to a remote server, paving the way for the subsequent delivery of a next-stage payload.

Russia’s National Airline Halts Flights Following Cyber Attack

Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Aeroflot Targeted by Belarusian Hackers Using Wiper Malware Mathew J. Schwartz (euroinfosec) • July 28, 2025 Image: Media_works/Shutterstock Aeroflot, Russia’s state-owned airline, has canceled numerous flights following a cyberattack attributed to a Belarusian hacking collective. The group, known as…

Read MoreRussia’s National Airline Halts Flights Following Cyber Attack

Mirai Botnet Variant Takes Advantage of DVR Vulnerability to Form Swarm

Endpoint Security, Internet of Things Security Variant of Mirai Botnet Exploits DVR Command Injection Vulnerability, Impacting 50,000 Devices Anviksha More (AnvikshaMore) • June 9, 2025 Image: Ivan Kislitsin/Shutterstock A newly identified variant of the Mirai botnet is making headlines as it exploits a command injection vulnerability in internet-connected digital video…

Read MoreMirai Botnet Variant Takes Advantage of DVR Vulnerability to Form Swarm