Get the latest tech news
Russia takes unusual route to hack Starlink-connected devices in Ukraine
Secret Blizzard has used the resources of at least 6 other groups in the past 7 years.
Russian nation-state hackers have followed an unusual path to gather intel in the country's ongoing invasion of Ukraine—appropriating the infrastructure of fellow threat actors and using it to infect electronic devices its adversary’s military personnel are using on the front line. In January 2024, Microsoft observed a military-related device in Ukraine compromised by a Storm-1837 backdoor configured to use the Telegram API to launch a cmdlet with credentials (supplied as parameters) for an account on the file-sharing platform Mega. Wednesday’s post comes a week after both Microsoft and Lumen's Black Lotus Labs reported that Secret Blizzard co-opted the tools of a Pakistan-based threat group tracked as Storm-0156 to install backdoors and collect intel on targets in South Asia.
Or read this on ArsTechnica/cdn.vox-cdn.com/uploads/chorus_asset/file/24854079/1234684574.jpg)
