FISA

  Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat actor known as Winter Vivern, which is also known as TA473 and UAC0114. The cybersecurity firm is  tracking  the hacking outfit under the moniker Threat Activity Group 70 (TAG-70). Winter Vivern's exploitation of security flaws in Roundcube and software was previously highlighted by ESET in October 2023, joining other Russia-linked threat actor groups such as APT28, APT29, and Sandworm that are known to target email software. The adversary, which has been active since at least December 2020, has also been linked to the abuse of a now-patched vulnerability in Zimbra Collaboration email software

Every morning at roughly the same time, a Russian hacker group known as NoName057(16) carries out distributed denial-of-service (DDoS) attacks on European financial institutions, government websites or transportation services. Last week, the group claimed responsibility for disrupting the websites of several banks and financial institutions in the Czech Republic and Poland, which it considers hostile to the Russian state because of its support to Ukraine. Like other pro-Kremlin hacktivist gangs, including Killnet or the Cyber Army of Russia, NoName057(16) orchestrates relatively simple and short-lived DDoS incidents with the help of hundreds of volunteers. The goal is to disrupt daily life, even for a few minutes. But there are some things that set this group apart, researchers say. In the Russian cybercrime landscape, NoName057(16) is a "lone wolf," according to Pascal Geenens, the director of cyberthreat intelligence at the cybersecurity firm Radware. The group doesn't