russia

Knock at the Door: Why Industrial Cyber Just Went Kinetic

John Z Black Apr 17, 2026

Policy, Law & Governance #critical-infrastructure #russia #ptc-windchill #apt28 #industrial-security #sweden #hensoldt

German police are physically visiting factories to warn about software bugs while Swedish power plants dodge pro-Russian sabotage attempts. Industrial cybersecurity is no longer an IT issue, it is a national security emergency.

Russian Satellites. Iranian Missiles. A U.S. AWACS. Three Sources Now Document the Same Kill Chain.

John Z Black Apr 13, 2026

Threat Intelligence #russia #iran #threat-intelligence #awacs #satellite-isr #cyber-operations #state-actors #geopolitical

A Russian satellite imaged Prince Sultan Air Base before the March 27 strike. Iran hit a U.S. E-3 Sentry AWACS. A Russian satellite returned the next day for damage assessment. A Ukrainian intelligence assessment, a Western military source, and a U.S. orbital analytics firm all now document pieces of that sequence.

Russia's GRU Hijacked 18,000 Routers to Steal Microsoft 365 Tokens Without a Single Piece of Malware

John Z Black Apr 8, 2026

Threat Intelligence #apt28 #russia #dns-hijacking #microsoft-365 #oauth #mfa-bypass #soho-routers

APT28 changed the DNS settings on 18,000 home routers and stole Microsoft 365 tokens after users completed MFA. No malware needed. Your second factor was irrelevant.

Your Encrypted Messaging App Is Secure. Your Account Isn't.

John Z Black Apr 5, 2026

Threat Intelligence #signal #whatsapp #ncsc #account-hijacking #social-engineering #russia

The NCSC warns that Russian hackers are hijacking Signal and WhatsApp accounts through social engineering, not by breaking encryption.

Russian Hackers Are Going Back to Old Victims to Check If the Door's Still Open

John Z Black Apr 4, 2026

Threat Intelligence #russia #apt28 #fancy-bear #void-blizzard #cert-ua #ukraine #persistence #social-engineering

CERT-UA warns APT28 and Void Blizzard are revisiting old compromises, testing dormant access, and calling targets directly in fluent Ukrainian. Incident response has an expiration date. Attackers don't.

Russia Convicted 26 Cybercriminals, Including a Hacker the US Has Been Hunting for Years

John Z Black Mar 31, 2026

Ransomware & Cybercrime #russia #flint24 #cybercrime #payment-card-fraud #stroganov #extradition #accountability #military-court

Russia sentenced 26 members of the Flint24 card fraud network, including a man on the US Secret Service's most-wanted list. It looks like accountability. It isn't.

Your Security Camera Is Probably Someone Else's Window Into the War

John Z Black Mar 28, 2026

Threat Intelligence #iot #ip-cameras #iran #russia #nation-state #hikvision #tp-link #wartime #physical-security #consumer

Nation-states are routinely hacking unpatched IP cameras to gather physical intelligence during active conflicts, and the cameras being targeted are the cheap, forgotten ones in your building's lobby.

Operation Leak Is Still Playing Out, and Russia Just Arrested One of Its Own

John Z Black Mar 27, 2026

Ransomware & Cybercrime #cybercrime #infostealer #leakbase #redline #law-enforcement #russia #operation-leak

LeakBase's alleged admin was arrested in Russia. RedLine's alleged developer was extradited to the US. Two arrests, two continents, and one genuinely unusual week for cybercrime enforcement.

Mario Kart Got Two Years. The Guy Who Sold the Keys Got Nearly Seven.

John Z Black Mar 26, 2026

Ransomware & Cybercrime #russia #cybercrime #sentencing #ransomware #ta551 #initial-access-broker #doj

Two Russian cybercriminals were sentenced the same week. One ran a botnet that hit 72 US companies and got 2 years. The other sold network access to ransomware crews and got nearly 7. The gap says something real about how DOJ views the ransomware supply chain.

Russian 'Key Seller' Who Helped Ransomware Gangs Break Into Victims Gets Nearly 7 Years

John Z Black Mar 25, 2026

Ransomware & Cybercrime #ransomware #initial-access-broker #yanluowang #doj #sentencing #russia #cisco

Aleksei Volkov, a 26-year-old Russian initial access broker for the Yanluowang ransomware gang, was sentenced to 81 months in federal prison and ordered to pay over $9 million in restitution. He made one mistake: he left Russia.

Two Spy Campaigns, Two Completely Different Playbooks

John Z Black Mar 16, 2026

Threat Intelligence #espionage #apt #china #russia #signal #asean #military #threat-intelligence

A Chinese APT has been sitting inside Southeast Asian military networks for six years. Meanwhile, Russian hackers are stealing Signal accounts with fake support messages. Same goal, wildly different approaches.

Russian Hackers Are Coming for Your Signal and WhatsApp

John Z Black Mar 10, 2026

Consumer Security #signal #whatsapp #russia #nation-state #linked-devices #encryption #consumer-security

Dutch intelligence says Russian state hackers are running a global campaign to hijack Signal and WhatsApp accounts by abusing the linked-device feature. Here's how to check if you're compromised.