Warning: Amazon Confirms 5-Year-Long Russian Cyberattack
A five-year cyberattack campaign targeting users of Amazon Web Services infrastructure in the West has been confirmed by the Amazon threat intelligence team following analysis of the threat, which is linked to the Sandworm actor and, therefore, to hackers working with Russia’s GRU military intelligence agency.
#Amazon #AWS #sandworm #russian #russia #cyberattack #security #cybersecurity #hackers #hacking
5/5 The "Friday Afternoon" Triage:
✅ Audit all SonicWall SMA1000 instances.
✅ Disable ASUS Live Update on high-value workstations until you've verified the patch.
✅ Check your "Edge" devices for unexpected local admin logins.
Stay vigilant, Blue Team. The "low-hanging fruit" is what gets picked first. 🛡️☕
#CyberSecurity #BlueTeam #Infosec #CISAKEV #Sandworm #SOCLife
🔐 🖥️ 🌐 🛡️ Russian state-sponsored hackers are moving away from security vulnerabilities and breaking into critical infrastructure through misconfigured devices, warns Amazon Threat Intelligence. ⚠️ 🏭 🔍
Read: https://hackread.com/amazon-russia-gru-hackers-misconfigured-vulnerabilities/
🚀🐛 Oh no! A #sandworm named Shai-Hulud decided to slither into our #dev machine and throw a #party on our #GitHub org. But don’t worry, we've got a fancy timeline of how "invincible" our #AI #agents were and how we’re "building next" the ultimate road to... nowhere! 🤖📉
https://trigger.dev/blog/shai-hulud-postmortem #mishap #tech #humor #HackerNews #ngated
Los hackers rusos dan miedo | Grupo Sandworm
El vídeo trata sobre el grupo de hackers rusos conocido como Sandworm, su historial de ciberataques y el impacto que tienen en la seguridad informática a nivel mundial. Se abordan temas como el espionaje, los ataques a infraestructuras críticas y su relación con la geopolítica. [Ver más]
Los hackers rusos dan miedo | Grupo Sandworm
@iabot ¿Crees que los ciberataques del grupo Sandworm muestran una nueva forma de guerra geopolítica donde la seguridad informática se convierte en un campo de batalla tan decisivo como el militar?
A red-team wiper emulating Sandworm (GRU Unit 74455) has been published - a 90-line Go binary demonstrating LotL execution across 121 MITRE ATT&CK techniques including T1490, T1561.001, and T1070.001.
Full report:
https://www.technadu.com/sandworm-gru-unit-74455-red-team-wiper-released-as-training-sample/614498/
Follow @technadu for more threat intel updates.
#Sandworm #GRU74455 #MITREATTACK #RedTeam #BlueTeam #Infosec #WiperMalware
"According to new research from the Slovak cybersecurity firm ESET, the Kremlin-linked group deployed multiple data-wiping malware strains against Ukrainian organizations in the grain, energy, logistics, & government sectors between June & September..." therecord.media/russia-sandw... #Sandworm hack
RE: https://bsky.app/profile/did:plc:yw6wbtma6fynxiafh5v7j5sf/post/3m4xw4ardwc2m
Russia’s Sandworm hackers depl...
🇷🇺 Ruská skupina Sandworm se snaží ochromit Ukrajinu mazáním dat?
https://infoek.cz/ruska-skupina-sandworm-se-snazi-ochromit-ukrajinu-mazanim-dat-2025/
🇷🇺Is the Russian Sandworm group trying to cripple Ukraine by deleting data?
Alright team, it's been a pretty active 24 hours in the cyber realm! We've got a few notable breaches, some clever new malware tactics, critical vulnerabilities from Cisco, and a stark reminder about password hygiene. Let's dive in:
Recent Cyber Attacks and Breaches ⚠️
- Hyundai AutoEver America suffered a data breach, with attackers accessing personal information including names, Social Security Numbers, and driver's licenses. The intrusion, discovered on March 1st, had been ongoing since February 22nd.
- Japanese media giant Nikkei also disclosed a breach where malware on an employee's laptop led to stolen Slack credentials, exposing the personal details (names, emails, chat histories) of over 17,000 employees and partners. This highlights the growing risk of collaboration platforms as attack vectors.
- SonicWall confirmed that state-sponsored threat actors were behind their September cloud backup breach, accessing firewall configuration files via an API call. While initially downplayed, it's now clear all customers using the cloud backup service were affected, though SonicWall insists no product, firmware, or source code was impacted.
- Russia's Sandworm (APT44) has been deploying data-wiping malware (like ZeroLot and Sting) against Ukraine's critical grain sector, as well as government, energy, and logistics entities. This marks a strategic shift to target Ukraine's economy, with initial access sometimes facilitated by UAC-0099.
- The State of Nevada government successfully recovered from a ransomware attack in August without paying the ransom, incurring $259,000 in overtime costs and $1.3 million in vendor support. The initial compromise in May stemmed from an employee downloading a trojanised system administration tool via a malicious Google ad, leading to a hidden backdoor and eventual ransomware deployment after backups were deleted.
- An Italian communications executive, Francesco Nicodemo, revealed he was targeted with Paragon's Graphite spyware, making him the fifth known Italian victim in a scandal involving political targeting. WhatsApp had notified 90 individuals globally about evidence of similar targeting.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hyundai-autoever-america-data-breach-exposes-ssns-drivers-licenses/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/11/06/nikkeis_private_chats_go_public/
📰 The Hacker News | https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/11/06/sonicwall_fingers_statebacked_cyber_crew/
🤫 CyberScoop | https://cyberscoop.com/sonicwall-customer-portal-nation-state-attack/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
🗞️ The Record | https://therecord.media/russia-sandworm-grain-wipers
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
🗞️ The Record | https://therecord.media/nevada-declined-ransom-breach
🗞️ The Record | https://therecord.media/italy-comms-exec-spyware
New Threat Research on Malware and Techniques 🛡️
- The Gootloader malware operation has resurfaced after a seven-month hiatus, continuing its SEO poisoning campaigns to distribute malicious JavaScript files disguised as legal documents. New evasion tactics include using special web fonts to obfuscate filenames in HTML source and crafting malformed Zip archives that unpack differently for Windows Explorer versus analysis tools. It's now dropping the Supper SOCKS5 backdoor, linked to ransomware affiliates like Vanilla Tempest, known for rapid network compromise.
- The Russia-aligned threat actor Curly COMrades is using an innovative evasion technique: weaponising Windows Hyper-V to deploy hidden, lightweight Alpine Linux virtual machines. These VMs host custom reverse shells (CurlyShell) and reverse proxies (CurlCat), effectively isolating malware execution and bypassing host-based EDR detections.
- A new Russia-aligned cluster, InedibleOchotense (possibly a Sandworm sub-cluster), is conducting spear-phishing attacks against Ukrainian entities using trojanised ESET installers. These installers drop the Kalambur (SUMBUR) C# backdoor, which uses Tor for C2 and enables OpenSSH/RDP access. Separately, RomCom (Storm-0978) has been weaponising a WinRAR vulnerability (CVE-2025-8088) in Europe and Canada, deploying various backdoors.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/
📰 The Hacker News | https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html
📰 The Hacker News | https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html
Vulnerabilities and Active Exploitation 🚨
- Cisco has issued patches for two critical vulnerabilities in its Unified Contact Center Express (UCCX) software. CVE-2025-20354 (CVSS 9.8) is an RCE flaw in the Java RMI process, allowing unauthenticated attackers to execute arbitrary commands as root. CVE-2025-20358 (CVSS 9.4) is an authentication bypass, enabling unauthenticated attackers to run scripts as a non-root user. While not yet exploited in the wild, immediate patching (to 12.5 SU3 ES07 or 15.0 ES01) is strongly advised.
- Cisco also warned of a "new attack variant" targeting its ASA and FTD firewalls, exploiting previously patched flaws (CVE-2025-20333 and CVE-2025-20362). These attacks, ongoing for at least six months and linked to the government-backed ArcaneDoor threat crew (UAT4356), now cause devices to continually reload, leading to denial-of-service. Attackers have used zero-days, disabled logging, intercepted CLI commands, intentionally crashed devices, and even modified ROM Monitor for persistence.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-cisco-uccx-flaw-lets-hackers-run-commands-as-root/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/11/06/cisco_firewall_ongoing_attacks/
Threat Landscape Commentary 📉
- A Comparitech report analysing over two billion leaked passwords in 2025 confirms that "123456", "admin", and "password" remain among the most common. A quarter of passwords were number-only, and 38% contained "123". This highlights persistent poor password hygiene, emphasising the need for longer passphrases or, ideally, biometric passkeys.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/11/06/most_common_passwords/
Data Privacy and Regulatory Issues 🔒
- The EU Parliament's Civil Liberties Committee (LIBE) has voted to advance a controversial proposal expanding Europol's data sharing and biometric data collection capabilities. While aimed at combating human trafficking and migrant smuggling, privacy advocates warn it could facilitate mass surveillance and significant data privacy violations across Europe.
- In a decisive move against cybercrime, a Chinese court has sentenced five leaders of a Myanmar crime syndicate to death. The syndicate ran industrial-scale scamming compounds near the China-Myanmar border, defrauding over $4 billion and causing six deaths, highlighting Beijing's severe crackdown on cross-border cyber fraud.
🗞️ The Record | https://therecord.media/eu-parliament-committee-votes-europol-data-sharing-agreement
🗞️ The Record | https://therecord.media/china-sentences-5-myanmar-scam-kingpins-to-death
#CyberSecurity #ThreatIntelligence #DataBreach #Ransomware #Malware #APT #NationState #Vulnerabilities #Cisco #Gootloader #Sandworm #Europol #DataPrivacy #InfoSec #CyberAttack #IncidentResponse
Russia’s notorious Sandworm group isn’t just hitting power grids anymore—they’re now targeting Ukraine’s grain sector and food security. How deep does this cyber siege go?
#sandworm
#apt44
#cyberwarfare
#ukraine
#criticalinfrastructure
#databreach
#malware
#ransomware
#cyberattacks
Russian hackers, likely linked to #Sandworm, exploit legitimate tools against Ukrainian targets
https://securityaffairs.com/183999/apt/russian-hackers-likely-linked-to-sandworm-exploit-legitimate-tools-against-ukrainian-targets.html
#securityaffairs #hacking #Russia
Drawtober 2025 No.21 Rhythm
Content notes: I got so, so frustrated with the nib that I was using, it just wouldn't flow properly, I had to keep dipping and tapping and it would pool in the nib but not at the tip and threaten to get all over everything at once and I'm still really grumpy about it.
But. The ink is really pretty, it's Tranquility from Diamine and it's a lovely purple, and as if to try to make up for the nib it showed off some of its Chameleon sparkle for the camera.
I'm so grumpy though, I need cheering up. *So, I need a caption for this picture.*
If you're not familiar with why it is this Rhythm Band is in such peril ask in the comments.
#FountainPenink
#DipPen
#OriginalArt
#Drawtober2025
#Drawingwithoutanet
#NoAI
#ScienceFiction
#Dune #Sandworm
🚀 #Raspberry Pi 4 : mise à jour d'#OpenMediaVault 6 #Shaitan (basé sur #Debian 11) vers 7 #Sandworm (basé sur Debian 12) effectuée en quelques minutes, avec succès !
#️⃣ #Linux #OpenSource #FOSS #FLOSS #FreeSoftware #NAS #OperatingSystem #RaspberryPi #RaspberryPi4 #Kodi #OMV #LogicielsLibres
https://www.wacoca.com/videos/2835419/travel-thirsty/ Travel Thirsty: RED MUD WORMS Vietnamese Street Food #eel #eels #food #MUD #MudEels #red #RedMudEel #RedMudEels #SandWorm #sandworm #seafood #Street #StreetFood #Thirsty #travel #TravelThirsty #TravelThirsty #VietFood #vietnam #VietnamStreetFood #VIETNAMESE #VietnameseFood #VietnameseStreetFood #Vlog #Vlogger #worm #worms #YouTube #YouTuber
Final Girl: Don't Make a Sound - Sandsnake
#finalgirl #kickstarter #boardgames #miniaturepainting #horror #zombies #finalgirlboardgame #paintingminiatures #painting #acrylics #tremors #graboid #sandworm
#Stargate #StargateSG1 #ColonelONeill #Tealc #Dune #Sandworm #SG1 #Geek #SyFy #StargateNerd #StargateMeme #ScienceFiction #Humor
BLNDR2024A/2STONED-THUD!
Mistigram: from last year’s BLNDR2024A, here’s 2Stoned’s first-prize-winning #ANSIart entry improvising computer art on the topics of POWER RANGERS / ROBBERY / ARRAKIS. We’re running another Blender compo this weekend — check out #blender on the EFNet IRC or stay tuned! To learn more about the compo, check out https://mistigris.org/blender/blend.html
#2Stoned #Arrakis #Blender #BLNDR2024A #MightyMorphinPowerRangers #sandworm
The russian-backed Seashell Blizzard aka #APT44 or #Sandworm is behind a stealthy “BadPilot” campaign focused on gaining persistent network access. Detect adversary activity targeting critical sectors with #Sigma rules from SOC Prime Platform.
https://socprime.com/blog/seashell-blizzard-attack-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=cert-ua&utm_content=blog-post
