Alena Popova
@alenapopova.bsky.social
Founder at Cyber Guardians for Democracy | Cyber threats & Geopolitics
Germany’s security services warned that fake videos circulating online, which purported to reveal ballot manipulation in the country’s upcoming federal elections, were part of a Russian information operation.
therecord.media/german-elect...
therecord.media/german-elect...
German election targeted by Russian disinformation, security services warn
Germany’s security services warned on Friday that fake videos circulating online purporting to reveal ballot manipulation in the country’s upcoming federal elections were part of a Russian information...
therecord.media
February 21, 2025 at 6:22 PM
Germany’s security services warned that fake videos circulating online, which purported to reveal ballot manipulation in the country’s upcoming federal elections, were part of a Russian information operation.
therecord.media/german-elect...
therecord.media/german-elect...
Employees at major U.S. defense contractors including Lockheed Martin, Boeing, L3Harris, Leidos and Honeywell have been infected with infostealer malware. U.S. military and government agencies were also affected.
www.infostealers.com/article/info...
www.infostealers.com/article/info...
February 19, 2025 at 8:32 PM
Employees at major U.S. defense contractors including Lockheed Martin, Boeing, L3Harris, Leidos and Honeywell have been infected with infostealer malware. U.S. military and government agencies were also affected.
www.infostealers.com/article/info...
www.infostealers.com/article/info...
Several Russian state-aligned threat actors target Signal Messenger accounts. Their operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's invasion of Ukraine.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
cloud.google.com
February 19, 2025 at 8:31 PM
Several Russian state-aligned threat actors target Signal Messenger accounts. Their operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's invasion of Ukraine.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Russia is suspected of compromising the personal email account of British Prime Minister Keir Starmer before he took office.
therecord.media/keir-starmer...
therecord.media/keir-starmer...
Russian hackers suspected of compromising British PM’s personal email account
Russia is suspected of hacking into the personal email account of Keir Starmer before before he became Britain's prime minister, according to a new book.
therecord.media
February 3, 2025 at 6:36 PM
Russia is suspected of compromising the personal email account of British Prime Minister Keir Starmer before he took office.
therecord.media/keir-starmer...
therecord.media/keir-starmer...
Russian influence operation Doppelganger accounts have become active on Bluesky, focusing on narratives discrediting Ukraine and the German coalition government. The campaign also spreads polarizing narratives and sexualized hate against Ukrainian women.
alliance4europe.eu/doppelganger...
alliance4europe.eu/doppelganger...
Sky's the Limit - Russian Influence Operation Doppelgänger Expands to Bluesky - Alliance4Europe
This flash report describes the key behaviours of what is likely the Russian influence operation Doppelgänger’s expansion to Bluesky.
alliance4europe.eu
January 31, 2025 at 4:40 PM
Russian influence operation Doppelganger accounts have become active on Bluesky, focusing on narratives discrediting Ukraine and the German coalition government. The campaign also spreads polarizing narratives and sexualized hate against Ukrainian women.
alliance4europe.eu/doppelganger...
alliance4europe.eu/doppelganger...
Russian intelligence agencies, including the GRU and FSB, have reportedly posted job offers with payments between $3,130 and $4,170 to Polish citizens willing to spread disinformation online, according to Poland’s digital affairs minister.
therecord.media/poland-accus...
therecord.media/poland-accus...
Poland accuses Russia of recruiting Polish citizens online for election meddling
Russia is attempting to recruit Polish citizens via the darknetto conduct influence operations ahead of Poland’s presidential election, a senior Polish official said.
therecord.media
January 30, 2025 at 6:22 PM
Russian intelligence agencies, including the GRU and FSB, have reportedly posted job offers with payments between $3,130 and $4,170 to Polish citizens willing to spread disinformation online, according to Poland’s digital affairs minister.
therecord.media/poland-accus...
therecord.media/poland-accus...
Threat actors from China, Russia, Iran, and North Korea are interacting with Google's LLM model, Gemini, to support their cyberattacks and coordinated information operations.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
January 29, 2025 at 5:23 PM
Threat actors from China, Russia, Iran, and North Korea are interacting with Google's LLM model, Gemini, to support their cyberattacks and coordinated information operations.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Chinese state-linked Spamouflage influence operation has repeatedly targeted the Spain-based non-profit Safeguard Defenders and impersonated the organization to spread calls for the Spanish government to be overthrown following deadly floods in Valencia.
graphika.com/reports/chin...
graphika.com/reports/chin...
Chinese State Influence
Chinese covert influence operations have impersonated human rights organizations critical of Beijing, almost certainly in an effort to discredit their activities and disrupt domestic political convers...
graphika.com
January 29, 2025 at 5:10 PM
Chinese state-linked Spamouflage influence operation has repeatedly targeted the Spain-based non-profit Safeguard Defenders and impersonated the organization to spread calls for the Spanish government to be overthrown following deadly floods in Valencia.
graphika.com/reports/chin...
graphika.com/reports/chin...
Ukrainian military officials, lawmakers, and experts are discussing the creation of a separate branch of Ukraine's Armed Forces dedicated to cyberspace operations, according to the General Staff of Ukraine.
kyivindependent.com/ukraine-cons...
kyivindependent.com/ukraine-cons...
Ukrainian military considering creation of new cyber army branch
Ukrainian military, lawmakers, and experts discussed the creation of a separate branch of Ukraine's Armed Forces dedicated to cyberspace operations, the General Staff said on Oct. 24.
kyivindependent.com
January 28, 2025 at 4:32 PM
Ukrainian military officials, lawmakers, and experts are discussing the creation of a separate branch of Ukraine's Armed Forces dedicated to cyberspace operations, according to the General Staff of Ukraine.
kyivindependent.com/ukraine-cons...
kyivindependent.com/ukraine-cons...
The EU sanctioned three hackers from Unit 29155 of Russia's military intelligence service (GRU) for their involvement in cyberattacks targeting Estonian government agencies in 2020.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
EU sanctions Russian GRU hackers for cyberattacks against Estonia
The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020.
www.bleepingcomputer.com
January 28, 2025 at 4:27 PM
The EU sanctioned three hackers from Unit 29155 of Russia's military intelligence service (GRU) for their involvement in cyberattacks targeting Estonian government agencies in 2020.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
The Iranian cyber threat actor Handala claimed responsibility for breaching the emergency systems of Maager-Tec at 20 kindergartens across Israel, playing rocket sirens, Arabic messages, and songs that support terror on Sunday morning.
www.jpost.com/israel-news/...
www.jpost.com/israel-news/...
Iranian hackers broadcast rocket sirens, pro-terror songs at 20 Israeli kindergartens
The breach reportedly exploited Maager-Tec's interfaces, which are responsible for emergency button systems at various institutions across Israel.
www.jpost.com
January 27, 2025 at 4:13 PM
The Iranian cyber threat actor Handala claimed responsibility for breaching the emergency systems of Maager-Tec at 20 kindergartens across Israel, playing rocket sirens, Arabic messages, and songs that support terror on Sunday morning.
www.jpost.com/israel-news/...
www.jpost.com/israel-news/...
A Russian disinformation campaign, Storm-1516, established around 100 fake news sites ahead of Germany's federal election. The traces lead to a former U.S. police officer, the Russian troll factory Internet Research Agency (IRA), and the GRU.
correctiv.org/faktencheck/...
correctiv.org/faktencheck/...
Einflussoperation enttarnt: Russland greift in deutschen Wahlkampf ein
CORRECTIV hat rund 100 Fake-Nachrichtenseiten enttarnt. Ihr Zweck: die Bundestagswahl mit Desinformation beeinflussen.
correctiv.org
January 23, 2025 at 7:01 PM
A Russian disinformation campaign, Storm-1516, established around 100 fake news sites ahead of Germany's federal election. The traces lead to a former U.S. police officer, the Russian troll factory Internet Research Agency (IRA), and the GRU.
correctiv.org/faktencheck/...
correctiv.org/faktencheck/...
Chinese state-sponsored threat actors, including Mustang Panda and Tonto Team, have been targeting Russian aerospace and defense firms. The attacks aimed to steal sensitive information on Russia's advanced weapons programs, particularly nuclear submarines.
www.politico.eu/article/chin...
www.politico.eu/article/chin...
China’s cyber spies are targeting Russia’s aerospace and defense firms
State-backed hackers seek intel on nuclear weapons and military capabilities, researchers say.
www.politico.eu
January 23, 2025 at 6:48 PM
Chinese state-sponsored threat actors, including Mustang Panda and Tonto Team, have been targeting Russian aerospace and defense firms. The attacks aimed to steal sensitive information on Russia's advanced weapons programs, particularly nuclear submarines.
www.politico.eu/article/chin...
www.politico.eu/article/chin...
A deal signed last week between Iran and Russia outlines commitments to strengthen their military, security, and technological ties. The agreement includes provisions for cooperation in cybersecurity and internet regulation.
therecord.media/russia-iran-...
therecord.media/russia-iran-...
Iran and Russia deepen cyber ties with new agreement
The pact between the world’s two most sanctioned nations aims to elevate relations "to a new level,” the Kremlin said.
therecord.media
January 22, 2025 at 6:36 PM
A deal signed last week between Iran and Russia outlines commitments to strengthen their military, security, and technological ties. The agreement includes provisions for cooperation in cybersecurity and internet regulation.
therecord.media/russia-iran-...
therecord.media/russia-iran-...
Social Design Agency (SDA), a Russian organization tied to the Kremlin’s covert influence campaigns, posted over 8,000 political ads on Facebook despite European and American bans on doing business with it.
www.nytimes.com/2025/01/17/b...
www.nytimes.com/2025/01/17/b...
Russian Disinformation Campaigns Eluded Meta’s Efforts to Block Them
A new report details how a covert influence operation linked to the Kremlin continued to place ads on Facebook despite U.S. and E.U. prohibitions on doing business with the organization.
www.nytimes.com
January 18, 2025 at 4:52 PM
Social Design Agency (SDA), a Russian organization tied to the Kremlin’s covert influence campaigns, posted over 8,000 political ads on Facebook despite European and American bans on doing business with it.
www.nytimes.com/2025/01/17/b...
www.nytimes.com/2025/01/17/b...
The Russian state-sponsored threat actor Star Blizzard attempted to compromise WhatsApp accounts of nonprofits supporting Ukraine. It used phishing messages impersonating U.S. government officials, inviting recipients to join a WhatsApp group.
therecord.media/russia-star-...
therecord.media/russia-star-...
Russian Star Blizzard hackers exploit WhatsApp accounts to spy on nonprofits aiding Ukraine
The Moscow-linked group has been sending phishing messages impersonating U.S. government officials with an invitation to join a fake WhatsApp group for nonprofits supporting Ukraine during the war.
therecord.media
January 17, 2025 at 5:16 PM
The Russian state-sponsored threat actor Star Blizzard attempted to compromise WhatsApp accounts of nonprofits supporting Ukraine. It used phishing messages impersonating U.S. government officials, inviting recipients to join a WhatsApp group.
therecord.media/russia-star-...
therecord.media/russia-star-...
Crew of France's atomic-armed submarines publicly share workouts via the Strava app, inadvertently disclosing sensitive patrol schedule information.
www.lemonde.fr/en/videos/ar...
www.lemonde.fr/en/videos/ar...
StravaLeaks: Dates of French nuclear submarine patrols revealed by careless crew members
Crew of France's atomic-armed submarines publicly share workouts via the Strava app, inadvertently disclosing sensitive patrol schedule information.
www.lemonde.fr
January 14, 2025 at 5:54 PM
Crew of France's atomic-armed submarines publicly share workouts via the Strava app, inadvertently disclosing sensitive patrol schedule information.
www.lemonde.fr/en/videos/ar...
www.lemonde.fr/en/videos/ar...
Over the past few years, Barcelona has become a hub for offensive cybersecurity companies, offering attractive tax benefits, fewer restrictions, beautiful beaches, and a vibrant expat community.
techcrunch.com/2025/01/13/h...
techcrunch.com/2025/01/13/h...
How Barcelona became an unlikely hub for spyware startups | TechCrunch
Barcelona's mix of affordable cost of living and quality of life has helped create a vibrant startup community — and become a hotbed for the creation of surveillance technologies.
techcrunch.com
January 14, 2025 at 5:30 PM
Over the past few years, Barcelona has become a hub for offensive cybersecurity companies, offering attractive tax benefits, fewer restrictions, beautiful beaches, and a vibrant expat community.
techcrunch.com/2025/01/13/h...
techcrunch.com/2025/01/13/h...
A Russian state-linked threat actor, sharing overlaps with APT28, conducted a cyber espionage campaign targeting Central Asia, including Kazakhstan and its diplomatic and economic relations with Asian and Western countries.
blog.sekoia.io/double-tap-c...
blog.sekoia.io/double-tap-c...
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
Uncover the details of UAC-0063 cyberespionage campaign in Kazakhstan and its potential connection to APT28
blog.sekoia.io
January 13, 2025 at 5:03 PM
A Russian state-linked threat actor, sharing overlaps with APT28, conducted a cyber espionage campaign targeting Central Asia, including Kazakhstan and its diplomatic and economic relations with Asian and Western countries.
blog.sekoia.io/double-tap-c...
blog.sekoia.io/double-tap-c...
Ukraine’s CERT-UA handled 4,315 cyber incidents in 2024, a 69.8% rise from 2023. The most targeted sectors include local governments, federal government agencies, security and defense, energy, business, and telecommunications.
euromaidanpress.com/2025/01/12/r...
euromaidanpress.com/2025/01/12/r...
Russian cyberattacks on Ukraine surge 70% in 2024 with 4,315 assaults on critical infrastructure
Ukraine's cyber defense teams battle an avalanche of Russian attacks targeting government services and critical infrastructure, with incident rates nearly doubling from previous year.
euromaidanpress.com
January 13, 2025 at 4:52 PM
Ukraine’s CERT-UA handled 4,315 cyber incidents in 2024, a 69.8% rise from 2023. The most targeted sectors include local governments, federal government agencies, security and defense, energy, business, and telecommunications.
euromaidanpress.com/2025/01/12/r...
euromaidanpress.com/2025/01/12/r...
Chinese state-sponsored threat actor breached the Philippine government's executive branch and stole sensitive data, including military documents related to the ongoing China-Philippines territorial dispute in the South China Sea.
www.bloomberg.com/news/article...
www.bloomberg.com/news/article...
Chinese Hackers Target Philippine President and Steal Military Data
Chinese-state sponsored hackers penetrated the executive branch of the Philippines government and stole sensitive data as part of a yearslong campaign, according to three people familiar with the matt...
www.bloomberg.com
January 9, 2025 at 4:49 PM
Chinese state-sponsored threat actor breached the Philippine government's executive branch and stole sensitive data, including military documents related to the ongoing China-Philippines territorial dispute in the South China Sea.
www.bloomberg.com/news/article...
www.bloomberg.com/news/article...
Russia has a special intelligence unit focused on carrying out cyberattacks against Poland, Deputy Prime Minister Krzysztof Gawkowski said. According to him, Poland is the EU member state most frequently targeted by Russia.
tvpworld.com/84412549/mos...
tvpworld.com/84412549/mos...
Moscow has special cyber-unit targeting Poland, says minister
Poland is the EU country most under attack, the digital affairs minister said.
tvpworld.com
January 8, 2025 at 5:43 PM
Russia has a special intelligence unit focused on carrying out cyberattacks against Poland, Deputy Prime Minister Krzysztof Gawkowski said. According to him, Poland is the EU member state most frequently targeted by Russia.
tvpworld.com/84412549/mos...
tvpworld.com/84412549/mos...
Japan has linked more than 200 cyberattacks over the past five years, targeting national security and advanced technology data, to the Chinese cyber threat actor MirrorFace. The targets included Japan's Foreign and Defense Ministries and its space agency.
abcnews.go.com/Internationa...
abcnews.go.com/Internationa...
Japan links hacker MirrorFace to dozens of cyberattacks targeting security, tech data
Japan has linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace
abcnews.go.com
January 8, 2025 at 5:25 PM
Japan has linked more than 200 cyberattacks over the past five years, targeting national security and advanced technology data, to the Chinese cyber threat actor MirrorFace. The targets included Japan's Foreign and Defense Ministries and its space agency.
abcnews.go.com/Internationa...
abcnews.go.com/Internationa...
The Lithuanian Ministry of National Defense has officially launched the Lithuanian Cyber Command (LTCYBERCOM), a new unit within the Lithuanian Armed Forces.
defence-industry.eu/lithuania-la...
defence-industry.eu/lithuania-la...
Lithuania launches Cyber Command to bolster national defence and cybersecurity
The Lithuanian Ministry of National Defence has officially launched the Lithuanian Cyber Command (LTCYBERCOM), a new unit within the Lithuanian Armed Forces.
defence-industry.eu
January 7, 2025 at 4:16 PM
The Lithuanian Ministry of National Defense has officially launched the Lithuanian Cyber Command (LTCYBERCOM), a new unit within the Lithuanian Armed Forces.
defence-industry.eu/lithuania-la...
defence-industry.eu/lithuania-la...
Countries in Central Asia and Latin America base their digital surveillance capabilities on Russia’s System for Operative Investigative Activities (SORM). This will not only increase political repression but also likely grant Russia access to information.
www.recordedfuture.com/research/tra...
www.recordedfuture.com/research/tra...
Unveiling Russian Surveillance Tech Expansion in Central Asia and Latin America
A new report by Recorded Future’s Insikt group finds that countries across Central Asia and Latin America are increasingly basing their digital surveillance practices on Russia's System for Operative ...
www.recordedfuture.com
January 7, 2025 at 4:12 PM
Countries in Central Asia and Latin America base their digital surveillance capabilities on Russia’s System for Operative Investigative Activities (SORM). This will not only increase political repression but also likely grant Russia access to information.
www.recordedfuture.com/research/tra...
www.recordedfuture.com/research/tra...