Freedom of Russia Legion
-
Italy thwarts cyberattacks tied to Russia ahead of Milano Cortina Games
Italy has begun defending against cyberattacks that targeted foreign ministry sites and some Milano Cortina Winter Olympics locations. The attacks were described as of Russian origin and mitigations were put in place before the Games.
-
Denmark blames Russia for destructive cyberattack on water utility, names hacker groups
Denmark’s Defence Intelligence Service accused Russia of directing cyberattacks against Danish critical infrastructure, naming Z-Pentest and NoName057(16), and said the activity formed part of a Russian hybrid campaign that has used elections to attract attention.
-
Kaspersky links new Operation ForumTroll phishing wave to targeted attacks on Russian academics
Kaspersky detected a targeted October 2025 phishing campaign tied to Operation ForumTroll that used eLibrary impersonation and personalized one‑time links to deliver a PowerShell chain and the Tuoni remote access framework to academics in Russia; the group’s origins remain unknown.
-
Open-source C2 Framework AdaptixC2 Draws Use by Groups Linked to Russian Ransomware
AdaptixC2, an open-source command-and-control framework published on GitHub, has been adopted by multiple threat actors, including groups linked to Russian ransomware, prompting analysis from Palo Alto Networks Unit 42 and an investigation by Silent Push into the project’s author and Telegram activity.
-
Former L3Harris cyber executive charged with selling trade secrets to Russia
Federal prosecutors say Peter Williams, a former Trenchant general manager, misappropriated eight trade secrets and sold them to an undisclosed buyer in Russia, allegedly earning about $1.3 million; prosecutors seek forfeiture of multiple assets and an arraignment is set for Oct. 29.
-
Google links three new ‘ROBOT’ malware families to Russia-linked COLDRIVER
Google’s Threat Intelligence Group linked three new malware families — NOROBOT, YESROBOT and MAYBEROBOT — to the Russia-linked COLDRIVER group, describing a ClickFix-style delivery chain and ongoing rapid development aimed at evading detection. Dutch prosecutors also said three youths are suspected of providing services to a foreign government and one had contact with a Russia-affiliated…
-
Ukraine agency says Russian-linked hackers used AI to aid cyber attacks in H1 2025
Ukraine’s SSSCIP said Russian-linked hackers increased use of AI in cyber attacks in H1 2025, recording 3,018 incidents and using AI-generated phishing and malware while exploiting webmail flaws and abusing legitimate cloud services.
-
CountLoader: New Russian-linked malware loader broadens post-exploitation toolkit, researchers warn
Cybersecurity researchers have identified CountLoader, a new malware loader used by Russian ransomware groups to deliver post-exploitation tools such as Cobalt Strike, AdaptixC2, and the PureHVNC RAT. The loader, observed in variants across .NET, PowerShell, and JavaScript, targets Ukrainian users with PDF phishing lures and features a BrowserVenom proxy capability, multiple download/execution methods, and a…
-
AI-assisted CopyCop disinformation network expands with hundreds of fake-news sites, researchers say
A Recorded Future Insikt Group study finds that CopyCop, a Kremlin-linked disinformation network, has expanded into hundreds of AI-generated fake-news sites, using self-hosted Llama 3 models to craft content and deepen influence across the U.S., Europe, and Canada, while funding and infrastructure details highlight the scale of the operation.
-
Norway says pro-Russian hackers sabotaged Bremanger dam to demonstrate capabilities
Norwegian authorities accuse pro-Russian hackers of taking control of Bremanger dam’s operations and opening outflow valves in what officials describe as a demonstration of Moscow’s ability to disrupt critical infrastructure, prompting warnings about hybrid threats.
