Russian threat ecosystem shift changes threat-actor operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
Russian threat actors are increasingly outsourcing reconnaissance to foreign youth, widening their operational reach while reducing attribution risk. The pattern matters because low-cost, disposable proxies can gather network intelligence around sensitive targets without exposing core operators.
Related Happenings
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
GTIG maps constant multi-vector targeting of the defense industrial base
Target Trend
First: 13.02.2026 18:23
Last: 13.02.2026 18:23
Sources 1
About this happening:
**GTIG** identified a **state-sponsored, hacktivist, and criminal** targeting pattern against the **defense industrial base (DIB)**, raising **persistent espionage and intrusion r...
GTIG maps constant multi-vector targeting of the defense industrial base
Target TrendAbout this happening: **GTIG** identified a **state-sponsored, hacktivist, and criminal** targeting pattern against the **defense industrial base (DIB)**, raising **persistent espionage and intrusion r...
NoName057(16) disruptive DDoS campaign against UK and European organisations
Campaign
First: 19.01.2026 17:30
Last: 19.01.2026 17:30
Sources 1
About this happening:
**NoName057(16)** and other Russian-aligned hacktivist groups are sustaining a **DoS/DDoS disruption campaign** against **UK organisations**, raising the risk of website outages a...
NoName057(16) disruptive DDoS campaign against UK and European organisations
CampaignAbout this happening: **NoName057(16)** and other Russian-aligned hacktivist groups are sustaining a **DoS/DDoS disruption campaign** against **UK organisations**, raising the risk of website outages a...
Dutch arrests in pro-Russian hacker spying case
Law Enforcement
First: 29.09.2025 12:58
Last: 29.09.2025 12:58
Sources 1
How related:
Dutch authorities last week arrested two 17-year-olds who are suspected of conducting cyber-espionage activities for Russia-backed threat actors.
About this happening:
**Dutch prosecutors** said **three 17-year-old men** in the **Netherlands** are suspected of providing services to a **foreign government**, with one allegedly in contact with a h...
Dutch arrests in pro-Russian hacker spying case
Law EnforcementHow related: Dutch authorities last week arrested two 17-year-olds who are suspected of conducting cyber-espionage activities for Russia-backed threat actors.
About this happening: **Dutch prosecutors** said **three 17-year-old men** in the **Netherlands** are suspected of providing services to a **foreign government**, with one allegedly in contact with a h...
Scattered Spider, ShinyHunters and LAPSUS$ form a new cybercrime alliance
Threat Actor Meta
First: 21.08.2025 09:45
Last: 21.08.2025 09:45
Sources 1
About this happening:
**Scattered Spider**, **ShinyHunters**, and **LAPSUS$** have formed a new cybercrime alliance, expanding access to **tools, data, and infrastructure** and increasing the potential...
Scattered Spider, ShinyHunters and LAPSUS$ form a new cybercrime alliance
Threat Actor MetaAbout this happening: **Scattered Spider**, **ShinyHunters**, and **LAPSUS$** have formed a new cybercrime alliance, expanding access to **tools, data, and infrastructure** and increasing the potential...
Timeline
-
03.10.2025 22:07 2 articles · 7mo ago
Dutch authorities arrest two 17-year-olds suspected of pro-Russian cyber-espionage
Initial DisclosureDutch authorities arrested two 17-year-olds suspected of cyber-espionage for Russia-backed threat actors after AIVD reportedly alerted police, leading to raids on the suspects' homes. The teenagers allegedly used a Wi-Fi sniffer while walking around The Hague, including areas near embassies, Europol, and Eurojust, and were approached via Telegram; Dutch officials also described the case as fitting a broader pattern of Russian operations that use foreign youth for reconnaissance and to reduce attribution risk.
Show sources
- Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage — www.darkreading.com — 03.10.2025 22:07
- Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage — www.darkreading.com — 03.10.2025 22:07