The Russian hackers call themselves "Killnet" and first made the news in April with declarations of intent to conduct cyber attacks on critical infrastructure in other countries. The group has been linked to prior DDoS campaigns.
The embassy phishing campaign is just one element of a rash of recent activity by the Russian hackers referred to as APT 29, probably better known to the general public as Cozy Bear.
State-backed Russian hackers are actively exploiting a combination of MFA configuration vulnerabilities and the documented "PrintNightmare" exploit to penetrate networks and exfiltrate files and emails.
Joint cybersecurity alert says Russian hackers compromised defense contractors and obtained export-controlled information, giving Kremlin insight into U.S. military and infrastructure.
After an apparent refusal to pay a ransom demand, Russian hackers have leaked a sampling of 13 million records of UK police data to the dark web in retaliation. The records were stolen from a police contractor.
Microsoft reported that the Russian hackers behind the devastating SolarWinds attack are employing similar tactics to worm their way into tech supply chains, looking to establish long-term footholds for espionage purposes.
A joint cybersecurity advisory by the NSA and GCHQ warns that Russian hackers are brute forcing passwords on the cloud using a Kubernetes cluster in a global cyber espionage campaign.
Joint federal cybersecurity advisory warns of a tenacious cyber espionage campaign by Russian hackers against U.S. and allied networks using evolving TTPs of varying sophistication.
The March 2020 SolarWinds hack, which was not discovered for months, has formally been blamed on Russian hackers by a coalition of US intelligence agencies.