VulnHub

Real-time Cybersecurity News

Pro-Russia Hackers Target US Critical Infrastructure in New Wave

Infosecurity Magazine
Actively Exploited
Critical

Overview

Pro-Russia hacktivist groups have recently been targeting critical infrastructure in the United States, using exposed virtual network computing (VNC) connections to gain access to operational technology (OT) systems. This method of attack allows them to breach systems that manage critical services, which poses a significant risk to public safety and national security. The exploitation of these vulnerabilities suggests that organizations may not be adequately securing their remote access points. As these groups continue to evolve their tactics, it's crucial for companies in essential sectors to enhance their cybersecurity measures and monitor their networks for unauthorized access. This situation emphasizes the ongoing challenges faced by critical infrastructure in defending against cyber threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Operational Technology (OT) systems, Virtual Network Computing (VNC) connections
  • Action Required: Organizations should secure VNC connections, implement strong authentication methods, and regularly update their security protocols to protect OT systems.
  • Timeline: Newly disclosed

Original Article Summary

Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems

Impact

Operational Technology (OT) systems, Virtual Network Computing (VNC) connections

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should secure VNC connections, implement strong authentication methods, and regularly update their security protocols to protect OT systems.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

SecurityWeek

A malware known as 'Fast16' has been linked to ongoing cyber tensions between the US and Iran. This malware specifically targets high-precision calculation software, with the intent to manipulate results. Notably, it includes a self-propagation mechanism, which allows it to spread without user intervention. This discovery raises concerns about the potential for state-sponsored cyberattacks and the implications for critical infrastructure, particularly in sectors reliant on precision calculations. As the geopolitical landscape continues to evolve, understanding threats like Fast16 becomes crucial for organizations to safeguard their operations against cyber sabotage.

Apr 24, 2026

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Security Affairs

Germany's Bundestag President Julia Klöckner was recently targeted in a phishing attack using the Signal messaging app. The attackers created a fake chat group that appeared to be associated with her political party, the CDU, in an attempt to deceive her. This incident highlights the vulnerabilities of even secure messaging platforms, showing that attackers can exploit them to gain access to personal or sensitive information. As political figures become more reliant on digital communication, the risk of such phishing attempts increases. It serves as a reminder for all users to remain vigilant about the authenticity of the contacts they interact with online.

Apr 24, 2026

GopherWhisper: China-linked hackers target governments with custom Go toolkit

SCM feed for Latest

ESET researchers have uncovered a new hacking group known as GopherWhisper, which is linked to China and is targeting government entities. The attackers are using a custom toolkit primarily built in Go programming language, featuring multiple backdoors such as LaxGopher and RatGopher, as well as a C++ backdoor called SSLORDoor. This sophisticated approach allows them to maintain access and control over compromised systems. The implications of these attacks are significant, as they threaten sensitive government data and can disrupt critical operations. As these activities are ongoing, governments worldwide need to bolster their cybersecurity measures to defend against such targeted intrusions.

Apr 24, 2026

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

BleepingComputer

Researchers have identified that over 10,000 instances of the Zimbra Collaboration Suite (ZCS) are exposed to the internet and are vulnerable to ongoing cross-site scripting (XSS) attacks. This security flaw allows attackers to execute malicious scripts in users' browsers, which can lead to unauthorized access to sensitive information. The affected servers could be utilized by various organizations for email and collaboration services, making them prime targets for exploitation. The ongoing nature of these attacks means that users and administrators should take immediate action to secure their systems. Ignoring this vulnerability could lead to severe data breaches and loss of confidential information.

Apr 24, 2026

Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise

SecurityWeek

The Locked Shields exercise in 2026 saw participation from 41 nations, marking a significant expansion from its inception 16 years ago when only four countries were involved. This large-scale cyber defense drill aims to enhance the cyber resilience of participating nations by simulating a series of cyber attacks and responses. The exercise allows countries to collaborate and improve their defensive strategies against potential cyber threats. With the increasing frequency and sophistication of cyber incidents globally, such exercises are crucial for preparing governments and organizations to protect their infrastructures. The collaboration also fosters a stronger international partnership in addressing cybersecurity challenges.

Apr 24, 2026

AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns

Infosecurity Magazine

Jurgen Kutscher, VP of Mandiant Consulting, expressed concerns that the rush to adopt AI tools is not only introducing new cybersecurity vulnerabilities but also bringing back old security issues that many organizations thought were resolved. Kutscher pointed out that as businesses integrate AI into their operations, they might overlook fundamental security practices that have historically led to breaches. This oversight could potentially expose companies to risks they believed they had already addressed. The warning serves as a reminder for organizations to remain vigilant and ensure that while they innovate with AI, they don’t neglect the basics of cybersecurity. Companies should reassess their security measures to mitigate the risks associated with both new and revived vulnerabilities.

Apr 24, 2026