Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Pro-Russia hacktivist groups campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

A sustained pro-Russia hacktivist campaign is targeting U.S. and global critical infrastructure, raising disruption risk across OT and SCADA environments. The operation uses opportunistic, low-sophistication methods and seeks access through internet-facing VNC services and other exposed paths. It has already affected sectors including water treatment, oil well systems, energy systems, and farms.

Related Happenings

Iranian-linked PLC targeting campaign against U.S. critical infrastructure

Campaign
First: 07.04.2026 21:02 Last: 07.04.2026 21:02 Sources 1

About this happening: Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...

Open Happening

Electrum and Kamicite destructive OT/ICS campaign

Campaign
First: 17.02.2026 23:31 Last: 17.02.2026 23:31 Sources 1

About this happening: A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...

Open Happening

Chinese threat actor campaigns against Taiwanese critical infrastructure in 2025

Campaign
First: 07.01.2026 16:00 Last: 07.01.2026 16:00 Sources 1

About this happening: **Chinese cyber threat actors** intensified **campaigns against Taiwanese critical infrastructure** in **2025**, putting **energy**, **healthcare**, **communications**, **administ...

Open Happening

APT44 years-long Russian campaign targeting Western critical infrastructure

Campaign
First: 16.12.2025 14:27 Last: 16.12.2025 14:27 Sources 1

About this happening: A **years-long** Russian campaign by **APT44** targeted **Western critical infrastructure** from **2021 to 2025**, increasing the risk of credential theft and downstream network c...

Open Happening

Russian GRU critical infrastructure edge-device targeting campaign

Campaign
First: 16.12.2025 14:15 Last: 16.12.2025 14:15 Sources 1

About this happening: A Russian GRU-linked campaign targeted Western critical infrastructure and shifted in 2025 from exploiting vulnerabilities in products such as WatchGuard, Confluence, and Veeam to...

Latest development: 16.12.2025 22:13

The operation initially relied on **WatchGuard**, **Confluence**, and **Veeam** vulnerabilities for initial access, combining zero-days and known flaws. That foothold phase later gave way to targeting **misconfigured edge devices** with exposed management interfaces.

Open Happening

Timeline

  1. 09.12.2025 14:00 2 articles · 5mo ago

    Joint advisory warns of opportunistic attacks on critical infrastructure

    Initial Disclosure

    CISA, FBI, NSA, DOE, EPA, DC3, and global partners issued a joint cybersecurity advisory warning that pro-Russia hacktivist groups are conducting opportunistic, low-sophistication attacks against U.S. and global critical infrastructure. The advisory says the actors have targeted SCADA networks, used simultaneous DDoS attacks to facilitate SCADA intrusions, and exploited minimally secured, internet-facing VNC connections to reach OT control devices, while urging organizations to reduce OT exposure, adopt mature asset management, and use robust authentication.

    Show sources
    Open in new tab