Latest news with #APT29
Yahoo
09-05-2025
- Business
- Yahoo
Cyberthreats surge against US logistics infrastructure
Cybersecurity provider Trellix recently released its April 'CyberThreat Report' revealing an alarming rise in cyberattacks targeting critical U.S. infrastructure, with the freight and logistics sectors now in the crosshairs of nation-state actors and sophisticated ransomware groups. Between October 2024 and March 2025, the U.S. saw a 136% increase in Advanced Persistent Threat (APT) activity, prolonged and targeted cyberattacks in which an intruder gains unauthorized access to a network and remains undetected for an extended period. Of particular concern is the role of APT29, also known as Midnight Blizzard, a well-documented cyber espionage group linked to the Russian Foreign Intelligence Service. Known for its stealthy, high-level campaigns, APT29 specializes in long-term intrusions that exfiltrate sensitive data without immediate detection. Trellix researchers report that 55% of APT29's observed activity in this period specifically targeted the transportation and shipping sectors, signaling a coordinated focus on disrupting or surveilling supply chain operations. For logistics professionals, this suggests that state-sponsored actors are probing for weaknesses not just in physical infrastructure, but also in the digital ecosystems that support freight visibility, scheduling and warehouse management. Meanwhile, ransomware continues to plague U.S. organizations, with 58% of all global ransomware-related posts traced back to U.S.-based attacks. This reflects an environment where financially motivated criminal groups are increasingly exploiting known and zero-day vulnerabilities, bypassing phishing emails in favor of more direct and technical exploits. What's more troubling is the evolution in attacker methods. Rather than relying on suspicious email attachments, cybercriminals are now favoring fileless malware, which hides in memory, and using legitimate Windows tools to execute attacks, making them harder to detect with traditional antivirus solutions. Learn more about these cybersecurity threats in the Trellix report. How did Flexport's Convoy platform achieve zero thefts over the past 380,000 loads booked? Dooner asked the guy who runs it on a recent episode of WHAT THE TRUCK?!? Here's what Bill Driegert, head of trucking, had to say: Lt. George Ackerman of the Philadelphia Police Department was no stranger to crime trends, but when tractor trailers filled with beef, booze, crab legs and TVs began disappearing at an alarming rate in 2022, even his decades of experience couldn't explain the scale. What began as sporadic cargo thefts ballooned into a citywide epidemic, particularly across Philly's 8th District, where over 180 thefts were eventually reported. The goods, often worth millions, vanished without a trace, with no suspects, no patterns and no product ever recovered. Ackerman, a former trucker himself, became the lead on what would become the city's largest cargo theft case in modern history. At first, detectives assumed it was a string of isolated jobs. But the thieves always seemed to know exactly where to strike, regardless of drivers' unique schedules. A breakthrough came in April 2023, when Ackerman responded to a robbery involving over 2 million U.S. dimes stolen from a U.S. Mint trailer. Surveillance footage showed a highly coordinated team, including scouts, lookouts and loaders, operating in sync. Ackerman and his team, with support from the FBI, Secret Service and state police, slowly began to unravel the group. Cell tower data, surveillance footage and even Coinstar deposits pointed to a tightly knit crew based in the area. Their incriminating texts, bragging about 'liquor and cow feet' dinners, confirmed their role in more than $1.5 million in thefts. Learn more about Ackerman's detective work from Philadelphia magazine here. Be part of the solution that stops freight fraud in its tracks. Let's cut through the noise and address this issue head-on! Freight fraud has reached a crisis level, and it impacts everyone in the industry. It's time for us to come together to address this critical problem and share best practices on how to mitigate it. Join us on May 14 in Dallas at the Freight Fraud Symposium, where transportation executives, freight leaders and technology buyers will come together to discuss the issues we all face, share lessons learned and get insights on the latest technology to tackle this problem. Register now Articles by Grace Sharkey Fraud flowers in April showers Massachusetts man convicted in CDL bribery scam DHL Express ships endangered antelopes to Kenya; freight fraud; fixing backhauls | WHAT THE TRUCK?!? The post Cyberthreats surge against US logistics infrastructure appeared first on FreightWaves.
Yahoo
02-05-2025
- Politics
- Yahoo
Azerbaijani lawmaker blames Russia for February cyberattack
Russia was behind the February cyberattack on Azerbaijani media, Ramid Namazov, head of the Azerbaijani parliament's commission on countering hybrid threats, said on May 2, the APA news agency reported. According to Namazov, the investigation found that the cyberattack against Azerbaijan that took place on Feb. 20, was carried out by the infamous APT29 group, also known as Cozy Bear, widely believed to be linked to Russia's Foreign Intelligence Service. "The activities of APT29, which is engaged in cyber espionage, are mainly directed against government agencies, foreign diplomatic missions, as well as political, defense, energy, media and other critical areas," the lawmaker said. Namazov suggested that the attack was a retaliation for the closure of the Russian House in Baku in early February and the possible shutdown of the Azerbaijani branch of Sputnik radio. "It is because of these processes that this politically motivated incident of cyber interference took place," he added. Azerbaijan, who has maintained historical ties with Russia, has seen relations with Moscow dwindle following the Dec. 25 crash of Flight J2-8243, which killed 38 people. Azerbaijani President Ilham Aliyev has accused Russia of causing the crash. Russian hacker groups have engaged in various forms of cyber warfare throughout the full-scale war, including cyberattacks against Ukraine, hacks of civilian infrastructure in Europe, and interference in foreign elections. Read also: Ukraine war latest: Ukraine destroys 83,000 Russian targets using drones in April, Syrskyi says We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Yahoo
02-05-2025
- Politics
- Yahoo
Azerbaijan accuses Russia of massive cyberattack
Ramid Namazov, chairman of the Azerbaijani parliament's commission on countering hybrid threats, claims that Russia was behind the February 2025 cyberattack on the country. Source: Namazov's words at a public hearing on 2 May were quoted by Azerbaijan's state news agency APA, as reported by European Pravda Details: Namazov said that the investigation found that the 20 February cyberattack against Azerbaijani media was carried out by the APT29 group, also known as Cozy Bear, which is linked to Russian military intelligence. "The activities of APT29, which is engaged in cyber espionage, are mainly directed against government agencies, foreign diplomatic missions, as well as the sectors of politics, defence, energy, media and other critical areas," the MP listed. He said that the attackers had penetrated the networks of Azerbaijani media systems in advance. The MP claims that the cyberattack was triggered by the decision of the Azerbaijani authorities on 3 February to close the Russian House in Baku due to violations of the law, as well as a possible closure of the Azerbaijani branch of Sputnik radio. "It is because of these processes that this politically motivated incident of cyber interference has occurred," Namazov said. Background: It should be noted that the tensions in Russian-Azerbaijani relations back then coincided with the downing of an Azerbaijan Airlines flight in December 2024 near Grozny. Azerbaijan, according to media reports, has evidence that the plane that crashed in December after being diverted from Russia to Kazakhstan was shot down by the Russian Pantsir-S air defence system. Support Ukrainska Pravda on Patreon!
Yahoo
16-04-2025
- Politics
- Yahoo
Russia-linked hackers targeting European diplomats with invites to bogus wine tasting events
A Russia-linked hacking group unleashed a new "advanced phishing campaign" targeting European diplomats with invites to fake wine tasting events, according to a report. Check Point Research said the APT29 group is trying to "impersonate a major European Ministry of Foreign Affairs to send out invitations to wine tasting events, prompting targets to click a web link leading to the deployment of a new backdoor [malware] called GRAPELOADER." "This campaign appears to be focused on targeting European diplomatic entities, including non-European countries' embassies located in Europe," the cybersecurity firm said in an advisory, noting that the emails with malicious links included subject lines such as "Wine tasting event (update date)," "For Ambassador's Calendar" and "Diplomatic dinner." The U.S. Cybersecurity and Infrastructure Security Agency said last year that APT29, which also goes by the names of Midnight Blizzard, the Dukes, or Cozy Bear, is "a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services." Windows 10 Security Flaws Leave Millions Vulnerable Check Point Research said Tuesday that APT29 is "known for targeting high-profile organizations, including government agencies and think tanks" and that "their operations vary from targeted phishing campaigns to high-profile supply chain attacks that utilize a large array of both custom and commercial malware." Read On The Fox News App "Throughout the [new] campaign, the targets include multiple European countries with a specific focus on Ministries of Foreign Affairs, as well as other countries' embassies in Europe. In addition to the emails we've identified, we found indications of limited targeting outside of Europe, including of diplomats based in the Middle East," it also said. Check Point Research said the phishing attacks started in January of this year. Chinese Officials Claimed Behind Closed Doors That Their Government Played Role In Us Cyberattacks: Report "In cases where the initial attempt was unsuccessful, additional waves of emails were sent to increase the likelihood of getting the victim to click the link and compromise his machine," it added. "The server hosting the link is believed to be highly protected against scanning and automated analysis solutions, with the malicious download triggered only under certain conditions, such as specific times or geographic locations. When accessed directly, the link redirects to the official website of the impersonated Ministry of Foreign Affairs," the firm continued. It is unclear if any of the phishing attacks were article source: Russia-linked hackers targeting European diplomats with invites to bogus wine tasting events
Fox News
16-04-2025
- Politics
- Fox News
Russia-linked hackers targeting European diplomats with invites to bogus wine tasting events
A Russia-linked hacking group unleashed a new "advanced phishing campaign" targeting European diplomats with invites to fake wine tasting events, according to a report. Check Point Research said the APT29 group is trying to "impersonate a major European Ministry of Foreign Affairs to send out invitations to wine tasting events, prompting targets to click a web link leading to the deployment of a new backdoor [malware] called GRAPELOADER." "This campaign appears to be focused on targeting European diplomatic entities, including non-European countries' embassies located in Europe," the cybersecurity firm said in an advisory, noting that the emails with malicious links included subject lines such as "Wine tasting event (update date)," "For Ambassador's Calendar" and "Diplomatic dinner." The U.S. Cybersecurity and Infrastructure Security Agency said last year that APT29, which also goes by the names of Midnight Blizzard, the Dukes, or Cozy Bear, is "a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services." Check Point Research said Tuesday that APT29 is "known for targeting high-profile organizations, including government agencies and think tanks" and that "their operations vary from targeted phishing campaigns to high-profile supply chain attacks that utilize a large array of both custom and commercial malware." "Throughout the [new] campaign, the targets include multiple European countries with a specific focus on Ministries of Foreign Affairs, as well as other countries' embassies in Europe. In addition to the emails we've identified, we found indications of limited targeting outside of Europe, including of diplomats based in the Middle East," it also said. Check Point Research said the phishing attacks started in January of this year. "In cases where the initial attempt was unsuccessful, additional waves of emails were sent to increase the likelihood of getting the victim to click the link and compromise his machine," it added. "The server hosting the link is believed to be highly protected against scanning and automated analysis solutions, with the malicious download triggered only under certain conditions, such as specific times or geographic locations. When accessed directly, the link redirects to the official website of the impersonated Ministry of Foreign Affairs," the firm continued. It is unclear if any of the phishing attacks were successful.
