Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OldGremlin extortion campaign targeting Russian industrial enterprises

Campaign
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

OldGremlin has resumed extortion attacks against Russian industrial enterprises, creating renewed operational risk for as many as eight large domestic targets. The group used phishing email campaigns to deliver the initial access path and move the activity into victim environments. The reported timeframe places the operation in the first half of 2025, indicating an active and continuing campaign thread. The scope suggests a targeted, multi-victim extortion operation rather than an isolated intrusion.

Related Happenings

UnsolicitedBooker Central Asian telecom phishing campaign

Campaign
First: 24.02.2026 11:54 Last: 24.02.2026 11:54 Sources 1

About this happening: The **UnsolicitedBooker** cluster shifted its phishing operation to **telecommunications companies in Kyrgyzstan and Tajikistan**, extending a multi-month campaign that matters be...

Open Happening

ShinyHunters vishing campaign targeting SSO accounts

Campaign
First: 02.02.2026 15:46 Last: 02.02.2026 15:46 Sources 1

About this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...

Latest development: 26.05.2026 22:46

ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.

Open Happening

Mem3nt0 mori Operation ForumTroll espionage campaign

Campaign
First: 28.10.2025 18:00 Last: 28.10.2025 18:00 Sources 1

About this happening: **Mem3nt0 mori** ran **Operation ForumTroll**, a targeted espionage campaign that used **personalized phishing** and a **Google Chrome zero-day** to infect victims in **Russia and...

Open Happening

Qilin ransomware-as-a-service affiliate campaign targeting five countries

Campaign
First: 27.10.2025 18:45 Last: 27.10.2025 18:45 Sources 1

About this happening: Qilin **ransomware-as-a-service** affiliates sustained a **multi-country campaign** through **2H 2025**, keeping leak-site pressure high and showing repeatable extortion activity....

Open Happening

PhantomCaptcha spear-phishing campaign targeting Ukraine war relief organizations

Campaign
First: 22.10.2025 19:55 Last: 22.10.2025 19:55 Sources 1

About this happening: **PhantomCaptcha** was a **single-day spear-phishing campaign** on **October 8, 2025** that targeted **Ukraine war relief groups** and **Ukrainian regional government administrati...

Open Happening

Timeline

  1. 06.09.2025 18:13 2 articles · 8mo ago

    Initial report: OldGremlin extortion campaign targeting Russian industrial enterprises

    Initial Disclosure

    In the opening phase, OldGremlin used **phishing emails** to target employees at **Russian industrial enterprises** and start the extortion operation in **2025**.

    Show sources
    Open in new tab