VulnHub

Real-time Cybersecurity News

This spy tool has been quietly stealing data for years

Help Net Security
Actively Exploited

Overview

ESET researchers have identified a resurgence of the Sednit group, a hacking collective linked to the Russian military intelligence agency, GRU. This group has been using a new toolkit that includes two implants, BeardShell and Covenant, which operate through separate cloud providers to maintain their surveillance capabilities. Since April 2024, these tools have been actively monitoring Ukrainian military personnel, indicating a sustained and targeted effort to steal sensitive data. The situation raises significant concerns about the security of military communications and the potential for further espionage activities. Understanding these tactics is crucial for developing defenses against similar attacks in the future.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ukrainian military personnel and associated communications systems
  • Action Required: Enhance security protocols for military communications, implement monitoring for unusual activity, and consider using more resilient and secure cloud services.
  • Timeline: Ongoing since April 2024

Original Article Summary

ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance of Ukrainian military personnel since at least April 2024. The Sednit group itself was tied to Unit 26165 of the GRU by the US Department of Justice in 2016, identifying it as part of Russia’s Main Intelligence … More → The post This spy tool has been quietly stealing data for years appeared first on Help Net Security.

Impact

Ukrainian military personnel and associated communications systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since April 2024

Remediation

Enhance security protocols for military communications, implement monitoring for unusual activity, and consider using more resilient and secure cloud services.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

CISA: Recently patched Ivanti EPM flaw now actively exploited

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has identified a serious vulnerability in Ivanti Endpoint Manager (EPM) that is currently being exploited in the wild. This flaw has been marked with high severity and affects U.S. federal agencies, which are now mandated to patch their systems within three weeks. The urgency stems from the risk that attackers could leverage this vulnerability to gain unauthorized access to sensitive information. Organizations using Ivanti EPM should prioritize applying the necessary patches to safeguard their systems and data from potential breaches.

Mar 10, 2026

Russian Hackers Target WhatsApp and Signal Accounts of Global Military and Government Officials

Infosecurity Magazine

Dutch intelligence has reported that Russian state-sponsored hackers are attempting to take control of the Signal and WhatsApp accounts belonging to military and government officials around the world. This campaign targets key figures, which raises significant concerns about national security and the protection of sensitive communications. The hackers are likely aiming to gather intelligence or disrupt operations by accessing private conversations and data. The implications of such attacks are serious, as they could compromise not just individual accounts but also broader governmental and military communications. As these messaging platforms are widely used for secure communication, this incident underscores the need for enhanced security measures for users in sensitive positions.

Mar 10, 2026

New HHS toolkit helps healthcare sector gauge cyber preparedness

SCM feed for Latest

The Department of Health and Human Services (HHS) has rolled out an updated toolkit designed to assist healthcare organizations in evaluating their cybersecurity measures. This Risk Identification and Site Criticality toolkit aims to help these organizations spot potential vulnerabilities and assess their readiness against cyber threats. With the healthcare sector frequently targeted by cyberattacks, this initiative is crucial for ensuring patient data security and maintaining operational integrity. By providing a structured approach to risk assessment, the HHS hopes to bolster the overall cybersecurity posture of healthcare facilities nationwide. This toolkit is a significant step in addressing the growing concerns over cybersecurity in the healthcare industry.

Mar 10, 2026

Bipartisan energy cybersecurity bills gain House panel nod

SCM feed for Latest

The House Energy and Commerce Committee has taken a significant step by approving a bipartisan package of cybersecurity bills aimed at strengthening the protection of the energy sector. Leading this initiative is the Rural and Municipal Utility Cybersecurity Act, which focuses on enhancing cybersecurity measures for smaller utilities that may lack the resources of larger companies. This legislation is crucial as it addresses the vulnerabilities in the energy infrastructure that could be targeted by cyberattacks. By promoting cybersecurity readiness among rural and municipal utilities, the bill aims to safeguard essential services against potential disruptions. The approval of this package reflects a growing recognition of the need for robust cybersecurity frameworks in the energy sector, especially as threats continue to evolve.

Mar 10, 2026

Dutch Intel Warns of Russian Hackers Hijacking Signal, WhatsApp Attacks

Hackread – Cybersecurity News, Data Breaches, AI and More

Dutch intelligence agencies have issued a warning about Russian hackers who are targeting Signal and WhatsApp accounts. These attackers are using fake support bots and scams that trick users into providing verification codes. The primary targets of these scams are officials and journalists, raising concerns about the potential for unauthorized access to sensitive communications. This incident highlights the ongoing risks posed by cybercriminals and the need for users to be vigilant when managing their online accounts. As these platforms are commonly used for secure communication, any compromise could have serious implications for privacy and security.

Mar 9, 2026

Ericsson US discloses data breach after service provider hack

BleepingComputer

Ericsson Inc., the U.S. branch of the Swedish telecommunications company, has reported a data breach resulting from a cyberattack on one of its service providers. The breach has led to the theft of sensitive information belonging to an undisclosed number of employees and customers. While the company has not specified the exact nature of the stolen data or the service provider involved, this incident raises significant concerns about the security of third-party vendors and their impact on larger organizations. The breach highlights the ongoing risks companies face from attacks that exploit vulnerabilities in their supply chains. Users and businesses associated with Ericsson should remain vigilant and monitor for any unusual activity related to their data.

Mar 9, 2026