{"id":51468,"date":"2023-04-14T21:14:00","date_gmt":"2023-04-14T21:14:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/russian-intel-services-behind-barrage-espionage-cyberattacks"},"modified":"2023-04-14T21:14:00","modified_gmt":"2023-04-14T21:14:00","slug":"russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/","title":{"rendered":"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks"},"content":{"rendered":"
<\/div>\n

As part of its ongoing invasion of Ukraine, Russian intelligence has once again enlisted the services of hacker group Nobelium\/APT29, this time to spy on foreign ministries and diplomats from NATO-member states, as well as other targets in the European Union and Africa.<\/p>\n

The timing also dovetails with a spate of attacks on Canadian infrastructure, also believed to be linked to Russia.<\/p>\n

The Polish Military Counterintelligence Service and the CERT team in Poland issued an alert on April 13, along with indicators of compromise, warning potential targets of the espionage campaign about the threat. Nobelium<\/a>, as the group is designated by Microsoft, also named APT29 by Mandiant<\/a>, isn’t new to the nation-state espionage game, the group was behind the infamous SolarWinds supply chain attack<\/a> nearly three years ago.<\/p>\n

Now, APT29 is back with a whole new set of malware tools and reported marching orders to infiltrate the diplomatic corps of countries supportive of Ukraine, the Polish military and CERT alert explained.<\/p>\n

APT29 Is Back With New Orders<\/h2>\n

In every instance, the advanced persistent threat (APT) begins its attack with a well-conceived spear-phishing email, according to the Polish alert.<\/p>\n

“Emails impersonating embassies of European countries were sent to selected personnel at diplomatic posts,” authorities explained. “The correspondence contained an invitation to a meeting or to work together on documents.”<\/p>\n

The message would then direct the recipient to click on a link or download a PDF to access the ambassador’s calendar, or get meeting details \u2014 both send the targets to a malicious site loaded with the threat group’s “signature script,” which the report identifies as “Envyscout.”<\/p>\n

“It utilizes the HTML-smuggling technique \u2014 whereby a malicious file placed on the page is decoded using JavaScript when the page is opened and then downloaded on the victim’s device,” Polish authorities added. “This makes the malicious file more difficult to detect on the server side where it is stored.”<\/span><\/p>\n

The malicious site also sends the targets a message reassuring them they downloaded the correct file, the alert said.<\/p>\n

“Spear-phishing attacks are successful when the communications are well written, use personal information to demonstrate familiarity with the target, and appear to come from a legitimate source,” Patrick Harr, CEO of SlashNext, tells Dark Reading about the campaign. “This espionage campaign meets all of the criteria for success.”<\/p>\n

One phishing email<\/a>, for instance, impersonated the Polish embassy, and, interestingly, throughout the course of the observed campaign, the Envyscout tool was tweaked three times with obfuscation improvements, the Polish authorities noted.<\/p>\n

Once compromised, the group uses modified versions of Snowyamber downloader, Halfrig, which runs Cobalt Strike<\/a> as embedded code, and Quarterrig, which shares code with Halfrig, the Polish alert said.<\/p>\n

“We are seeing an increase in these attacks where the bad actor uses multiple stages in a campaign to adjust and improve success,” Harr adds. “They employ automation and machine learning techniques to identify what is evading detection and modify subsequent attacks to improve success.”
Governments, diplomats, international organizations, and non-governmental organizations (NGOs) should be on high alert for this, and other, Russian espionage efforts, according to Polish cybersecurity authorities.<\/p>\n

“The Military Counterintelligence Service and CERT.PL strongly recommend that all entities that may be in the actor’s area of interest implement configuration changes to disrupt the delivery mechanism that was used in the described campaign,” officials said.<\/p>\n

Russian-Linked Attacks on Canada’s Infrastructure<\/h2>\n

Besides warnings from Polish cybersecurity officials, over the past week, Canada’s Prime Minister Justin Trudeau made public statements about a recent spate of Russian-linked cyberattacks<\/a> aimed at Canadian infrastructure, including denial-of-service attacks<\/a> on Hydro-Qu\u00e9bec, electric utility, the website for Trudeau’s office, the Port of <\/span>Qu\u00e9bec, and <\/span><\/span>Laurentian Bank. Trudeau said the cyberattacks are related to Canada’s support of Ukraine.<\/span><\/p>\n

A couple of denial-of-service attacks on government websites, bringing them down for a few hours, is not going to cause us to rethink our unequivocal stance of doing whatever it takes for as long as it takes to support Ukraine,” Trudeau said, according to reports<\/a>.<\/span><\/p>\n

The Canadian Centre for Cyber Security boss, Sami Khoury, said at a news conference last week that while there was no damage done to Canada’s infrastructure, “the threat is real.””If you run the critical systems that power our communities, offer Internet access to Canadians, provide health care, or generally operate any of the services Canadians can’t do without, you must protect your systems,” Khoury said. “Monitor your networks. Apply mitigations.”<\/p>\n

Russia’s Cybercrime Efforts Rage On<\/h2>\n

As Russia’s invasion of Ukraine wages on into its second year, Mike Parkin with Vulcan Cyber says the recent campaigns should hardly be a surprise.<\/p>\n

“The cybersecurity community has been watching the fallout and collateral damage from the conflict in Ukraine since it started, and we’ve known Russian and pro-Russian threat actors were active against Western targets,” Parkin says. “<\/span>Considering the levels of cybercriminal activity we were already dealing with, [these are] just some new tools and new targets \u2014 and a reminder to make sure our defenses are up to date and properly configured.”<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The threat group behind the SolarWinds supply-chain attacks is back with new tools for spying on officials in NATO countries and Africa.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51468","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nRussian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-14T21:14:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0125cbd2847bb23e\/6282691cbcee916ef6429d1d\/Ukraine-Russia_Daniren_Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks\",\"datePublished\":\"2023-04-14T21:14:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/\"},\"wordCount\":864,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0125cbd2847bb23e\\\/6282691cbcee916ef6429d1d\\\/Ukraine-Russia_Daniren_Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/\",\"name\":\"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0125cbd2847bb23e\\\/6282691cbcee916ef6429d1d\\\/Ukraine-Russia_Daniren_Alamy.jpg\",\"datePublished\":\"2023-04-14T21:14:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0125cbd2847bb23e\\\/6282691cbcee916ef6429d1d\\\/Ukraine-Russia_Daniren_Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt0125cbd2847bb23e\\\/6282691cbcee916ef6429d1d\\\/Ukraine-Russia_Daniren_Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/","og_locale":"en_US","og_type":"article","og_title":"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-14T21:14:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0125cbd2847bb23e\/6282691cbcee916ef6429d1d\/Ukraine-Russia_Daniren_Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks","datePublished":"2023-04-14T21:14:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/"},"wordCount":864,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0125cbd2847bb23e\/6282691cbcee916ef6429d1d\/Ukraine-Russia_Daniren_Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/","url":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/","name":"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0125cbd2847bb23e\/6282691cbcee916ef6429d1d\/Ukraine-Russia_Daniren_Alamy.jpg","datePublished":"2023-04-14T21:14:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0125cbd2847bb23e\/6282691cbcee916ef6429d1d\/Ukraine-Russia_Daniren_Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt0125cbd2847bb23e\/6282691cbcee916ef6429d1d\/Ukraine-Russia_Daniren_Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/russian-solarwinds-culprits-launch-fresh-barrage-of-espionage-cyberattacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51468"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51468\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}