Government Traces Ransomware Payments to Business Address in Moscow

The New York Times writes how the U.S. government has traced ransomware payments to an address in Federation Tower East in Moscow, Russia.

That this high-rise in Moscow’s financial district has emerged as an apparent hub of such money laundering has convinced many security experts that the Russian authorities tolerate ransomware operators. The targets are almost exclusively outside Russia, they point out, and in at least one case documented in a U.S. sanctions announcement, the suspect was assisting a Russian espionage agency.

Russian Spies Abuse VPNs to Target Organizations

On Thursday, U.S. and British authorities said that Russia’s military spy agency is using VPNs and Tor to attack governments and private sector targets.

The advisory did not identify any of the targets by name, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations.

The Russian Embassy in Washington did not immediately return a message seeking comment. Russian officials routinely reject allegations that they employ hackers to spy on rival nations.

Malwarebytes Reveals it Was Hacked by Nation State Behind ‘SolarWinds’

Malwarebytes co-founder and current CEO Marcin Kleczynski reveals the company was hacked. He believes it was the same nation state actor behind the SolarWinds attack. The state is believed to be Russia.

After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.

Crazy stuff, and we’ll probably hear of the fallout for a long time.

Russian ‘Cozy Bear’ Hacking Team Hits US Government Networks

A group of Russian hackers known as Cozy Bear has hacked several U.S. government agencies like the Treasury and Commerce departments.

On Sunday night, FireEye said the attackers were infecting targets using Orion, a widely used business software app from SolarWinds. After taking control of the Orion update mechanism, the attackers were using it to install a backdoor that FireEye researchers are calling Sunburst.

WIN an iPhone 16 Pro Max!