Russian threat ecosystem shift changes threat-actor operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
Russian threat actors are increasingly outsourcing reconnaissance to foreign youth, widening their operational reach while reducing attribution risk. The pattern matters because low-cost, disposable proxies can gather network intelligence around sensitive targets without exposing core operators.
Related Happenings
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
H score66
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign
Campaign
H score38
First: 09.03.2026 23:24
Last: 09.03.2026 23:24
Sources 1
About this happening:
An **ongoing Russian intelligence-linked** phishing **campaign** is targeting **Signal** and **WhatsApp** users and has evolved from stealing verification codes and account PINs t...
Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign
CampaignAbout this happening: An **ongoing Russian intelligence-linked** phishing **campaign** is targeting **Signal** and **WhatsApp** users and has evolved from stealing verification codes and account PINs t...
Latest development: 27.06.2026 01:06
FBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.
GTIG maps constant multi-vector targeting of the defense industrial base
Trend
H score32
First: 13.02.2026 18:23
Last: 13.02.2026 18:23
Sources 1
About this happening:
**GTIG** identified a **state-sponsored, hacktivist, and criminal** targeting pattern against the **defense industrial base (DIB)**, raising **persistent espionage and intrusion r...
GTIG maps constant multi-vector targeting of the defense industrial base
TrendAbout this happening: **GTIG** identified a **state-sponsored, hacktivist, and criminal** targeting pattern against the **defense industrial base (DIB)**, raising **persistent espionage and intrusion r...
NoName057(16) disruptive DDoS campaign against UK and European organisations
Campaign
H score30
First: 19.01.2026 17:30
Last: 19.01.2026 17:30
Sources 1
About this happening:
**NoName057(16)** and other Russian-aligned hacktivist groups are sustaining a **DoS/DDoS disruption campaign** against **UK organisations**, raising the risk of website outages a...
NoName057(16) disruptive DDoS campaign against UK and European organisations
CampaignAbout this happening: **NoName057(16)** and other Russian-aligned hacktivist groups are sustaining a **DoS/DDoS disruption campaign** against **UK organisations**, raising the risk of website outages a...
Dutch arrests in pro-Russian hacker spying case
Law Enforcement
H score20
First: 29.09.2025 12:58
Last: 29.09.2025 12:58
Sources 1
How related:
Dutch authorities last week arrested two 17-year-olds who are suspected of conducting cyber-espionage activities for Russia-backed threat actors.
About this happening:
**Dutch prosecutors** said **three 17-year-old men** in the **Netherlands** are suspected of providing services to a **foreign government**, with one allegedly in contact with a h...
Dutch arrests in pro-Russian hacker spying case
Law EnforcementHow related: Dutch authorities last week arrested two 17-year-olds who are suspected of conducting cyber-espionage activities for Russia-backed threat actors.
About this happening: **Dutch prosecutors** said **three 17-year-old men** in the **Netherlands** are suspected of providing services to a **foreign government**, with one allegedly in contact with a h...
Timeline
-
03.10.2025 22:07 2 articles · 9mo ago
Dutch authorities arrest two 17-year-olds suspected of pro-Russian cyber-espionage
Initial DisclosureDutch authorities arrested two 17-year-olds suspected of cyber-espionage for Russia-backed threat actors after AIVD reportedly alerted police, leading to raids on the suspects' homes. The teenagers allegedly used a Wi-Fi sniffer while walking around The Hague, including areas near embassies, Europol, and Eurojust, and were approached via Telegram; Dutch officials also described the case as fitting a broader pattern of Russian operations that use foreign youth for reconnaissance and to reduce attribution risk.
Show sources
- Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage — www.darkreading.com — 03.10.2025 22:07
- Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage — www.darkreading.com — 03.10.2025 22:07