80+ organisations targeted by Russian hackers

Feb 20 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s forever fishing for phishing ????????????

Today’s hottest cybersecurity news stories:

  • ???? 80+ organisations targeted by Russian hackers Winter Vivern ????‍????

  • ???? Google fights fire with fire with new AI-fueled cybersecurity initiative ????

  • ⚠️ Meta warning! 8 spyware firms target iOS, Android, and Windows ????⚖️

We have reached the Winter of our discontent ????????????




???? Winter Vivern Cyber Espionage Campaign Unveiled ????

A new cyber espionage endeavour, likely orchestrated by threat actors with ties to Belarus and Russia, has come to light, targeting over 80 organisations, primarily situated in Georgia, Poland, and Ukraine. This sophisticated operation exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers, according to findings by Recorded Future. ????️‍♂️

The intrusion set has been attributed to Winter Vivern, also known as TA473 and UAC0114, and is tracked by Recorded Future under Threat Activity Group 70 (TAG-70). This group’s exploitation of security vulnerabilities in Roundcube software mirrors tactics previously observed in Russia-linked threat actor groups like APT28, APT29, and Sandworm, who have a history of targeting email platforms. ????

Winter Vivern’s activities, traced back to at least December 2020, include leveraging a patched vulnerability in Zimbra Collaboration email software last year to infiltrate organisations in Moldova and Tunisia. The recent campaign, spanning early to mid-October 2023, aimed at gathering intelligence on European political and military affairs, coincided with additional TAG-70 actions against Uzbekistan government mail servers detected in March 2023. ????

Recorded Future noted the sophisticated nature of TAG-70’s attack methods, combining social engineering tactics with XSS vulnerabilities in Roundcube to breach targeted mail servers, effectively bypassing government and military organisations’ defences. The attack chains involve delivering JavaScript payloads via Roundcube flaws to exfiltrate user credentials to a command-and-control (C2) server. ????️

Furthermore, evidence points to TAG-70 targeting Iranian embassies in Russia and the Netherlands, along with the Georgian Embassy in Sweden, indicating a broader geopolitical interest in assessing Iran’s diplomatic activities, particularly concerning its support for Russia in Ukraine, and monitoring Georgia’s pursuit of European Union (EU) and NATO accession. ????

This revelation underscores the persistent and evolving threat landscape of cyber espionage, emphasising the necessity for robust cybersecurity measures and international cooperation to counter such clandestine operations. ????????️


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Google: I can be your umbrella, ella, ella AI, AI, AI ????????☂️

???? Google Spearheads AI Cyber Defense Initiative ????️

Google has launched a groundbreaking initiative to advance the integration of artificial intelligence (AI) in cybersecurity, recognizing AI’s pivotal role in fortifying digital security and potentially tipping the scales in favour of defenders over attackers.

With the belief that AI offers a significant advantage in threat detection, malware analysis, vulnerability detection, fixing, and incident response, Google’s AI Cyber Defense Initiative aims to democratise AI in security. The initiative encompasses investment in AI-ready infrastructure, development of defensive tools and research, and provision of AI security training.

Google emphasises the need for collaborative efforts between public and private entities to fortify AI from its foundation, empower defenders, and foster research cooperation. To this end, Google is expanding its AI for Cybersecurity Program, selecting 17 startups from the UK, US, and EU, and enhancing its Cybersecurity Seminars Program to train cybersecurity experts in underserved communities across Europe.

Moreover, Google has open-sourced Magika, an AI-driven tool for malware detection, used in Google Drive, Gmail, and Safe Browsing, and available on VirusTotal. To drive advancements in AI-powered security, Google is offering $2 million in research grants and forging strategic partnerships with leading institutions like The University of Chicago, Carnegie Mellon, and Stanford.

Google envisions the AI revolution as a catalyst for addressing longstanding security challenges, paving the way for a safe, secure, and trusted digital landscape. As AI continues to evolve, Google is at the forefront, leveraging its expertise and resources to realise the full potential of AI in safeguarding digital ecosystems. ????????️

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

No Meta what your phone is, No Meta what you do ????????????

???? Meta Exposes International Spyware Network ????️‍♂️????

Meta Platforms has uncovered and taken action against a network of eight companies operating in Italy, Spain, and the United Arab Emirates (U.A.E.) involved in the surveillance-for-hire industry, as revealed in its Adversarial Threat Report for the fourth quarter of 2023. ????????????

These firms, including Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries, targeted iOS, Android, and Windows devices with various malware capable of collecting extensive data, including device information, location, media, contacts, emails, social media interactions, and more. ????????????

They also exploited vulnerabilities in popular platforms like Facebook, Instagram, and X (formerly Twitter) through scraping, social engineering, and phishing techniques. ????????????

For instance, the fictitious personas associated with RCS Labs tricked users into providing personal details, while Variston IT utilised Facebook and Instagram accounts for exploit development and testing. ????️‍♂️????????

Meta identified accounts used by Negg Group for spyware testing and traced Mollitiam Industries’ activities to scrape public information. ????????

In addition to tackling the spyware network, Meta removed over 2,000 accounts, Pages, and Groups from Facebook and Instagram originating from China, Myanmar, and Ukraine for coordinated inauthentic behaviour (CIB). Notably, the Chinese cluster targeted U.S. audiences with content critical of U.S. foreign policy, while the network from Myanmar disseminated pro-military propaganda. The Ukrainian cluster supported specific politicians while criticising opposition figures in Kazakhstan.

Amidst these actions, Meta introduced new security features like Control Flow Integrity (CFI) on Messenger for Android and VoIP memory isolation for WhatsApp to bolster defences against exploitation. Nonetheless, the surveillance industry persists, with new tools like Patternz, leveraging real-time bidding (RTB) advertising data, and revelations about MMS Fingerprint, a mobile network attack allegedly utilised by NSO Group. ????️????️????️‍♂️

The exposure of these activities underscores the ongoing battle against sophisticated cyber threats, prompting concerted efforts from tech companies and governments to safeguard digital ecosystems and protect user privacy and security. ????????????️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles