FRF
Company Details
Linkedin ID:
free-russia-foundation
Website:
Employees number:
22
Number of followers:
2,455
NAICS:
8135
Industry Type:
Homepage:
4freerussia.org
IP Addresses:
0
Company ID:
FRE_9358059
Scan Status:
In-progress
Free Russia Foundation Company CyberSecurity Posture
4freerussia.org
The Free Russia Foundation is a nonprofit, nonpartisan, nongovernmental U.S.-based organization, led by Russians abroad that seeks to be a voice for those who can’t speak under the repression of the current Russian leadership. We represent and coordinate the Russia diaspora. We pay special attention to those who have recently left Russia due to the considerable deterioration of the political and economic situation. We are focused on developing a strategic vision of Russia 'After Putin’ and ‘Without Putinism’ and concrete program for the transition period. We will continue to inform international policy-makers, mass media and opinion leaders on the real situation in Russia. We know firsthand the reality taking place in our country, and have suffered for this; therefore we understand this better than many other people. We maintain our extensive networks of key political, business and civil society leaders throughout Russia. This gives us access to news and events in real time. In addition, we are a hub for recently transplanted Russians and experts on every aspect of Russian society.
Free Russia Foundation A.I CyberSecurity Scoring
FRF Risk Score (AI oriented)Between 650 and 699
FRF
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
FRF Global Score (TPRM)XXXX
FRF
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
FRF Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Russian and Belarusian Military (Unattributed Campaign)
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: A sophisticated spear-phishing campaign targeted Russian and Belarusian military personnel, specifically those in the Russian Airborne Forces (VDV) and Belarusian Special Forces (UAV/drone operators). The attack employed weaponized LNK files disguised as military-themed PDFs (e.g., *‘ТЛГ на убытие на переподготовку.pdf.lnk’* and *‘Исх №6626 Представление на назначение на воинскую должность.pdf.lnk’*). Upon execution, the malware established persistence via scheduled tasks, deployed a hidden SSH service (port 20321) with RSA-key authentication for threat actor access, and created a Tor hidden service to exfiltrate data, enable RDP/SMB lateral movement, and maintain full interactive control over compromised systems. The campaign’s infrastructure and tactics—including custom Tor pluggable transports and SSHD configurations—mirrored those of Russian APT groups (e.g., Sandworm/APT44, APT28), though attribution remains unconfirmed. Researchers noted parallels to pro-Ukraine APTs (Angry Likho, Awaken Likho) but could not definitively link the operation. The attack’s focus on military units specializing in drones and airborne operations suggests strategic espionage or sabotage objectives, potentially threatening operational security, command-chain integrity, and classified intelligence. The use of Tor and encrypted channels indicates a high likelihood of sustained, undetected access to sensitive defense networks.
Russian government and IT organizations
Ransomware
Rankiteo Explanation
Attack that could bring to a war
Description: The EastWind campaign utilized sophisticated backdoors to target Russian entities, compromising government and IT organizations' security. Malware delivered via phishing emails installed PlugY and GrewApacha backdoors on victims' systems. The ill-intended actors leveraged public services like Dropbox and LiveJournal for command and control, executing wide-ranging functions including data theft and system monitoring. The implication of APT groups APT27 and APT31 indicates the sharing of advanced cyber-espionage tools, which signifies a higher threat level due to the coordinated and resourceful nature of the attackers. The campaign resulted in the unauthorized access and potential exfiltration of sensitive information, posing a critical concern for national security and the affected institutions' operational integrity.
FRF Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for FRF
Incidents vs Non-profit Organizations Industry Average (This Year)
Free Russia Foundation has 31.58% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Free Russia Foundation has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types FRF vs Non-profit Organizations Industry Avg (This Year)
Free Russia Foundation reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — FRF (X = Date, Y = Severity)
FRF cyber incidents detection timeline including parent company and subsidiaries
FRF Company Subsidiaries
The Free Russia Foundation is a nonprofit, nonpartisan, nongovernmental U.S.-based organization, led by Russians abroad that seeks to be a voice for those who can’t speak under the repression of the current Russian leadership. We represent and coordinate the Russia diaspora. We pay special attention to those who have recently left Russia due to the considerable deterioration of the political and economic situation. We are focused on developing a strategic vision of Russia 'After Putin’ and ‘Without Putinism’ and concrete program for the transition period. We will continue to inform international policy-makers, mass media and opinion leaders on the real situation in Russia. We know firsthand the reality taking place in our country, and have suffered for this; therefore we understand this better than many other people. We maintain our extensive networks of key political, business and civil society leaders throughout Russia. This gives us access to news and events in real time. In addition, we are a hub for recently transplanted Russians and experts on every aspect of Russian society.
Loading...
FRF Similar Companies
World Vision
World Vision is the largest child-focused private charity in the world. Our 33,000+ staff members working in nearly 100 countries have united with our incredible supporters to impact the lives of over 200 million vulnerable children by tackling the root causes of poverty. Through World Vision every
British Council
We support peace and prosperity by building connections, understanding and trust between people in the UK and countries worldwide. We uniquely combine the UK’s deep expertise in arts and culture, education and the English language, our global presence and relationships in over 100 countries, our un
TED Conferences
TED’s mission is to discover and champion the ideas that will shape tomorrow. Powerful ideas, powerfully presented, can move us to feel something, to think differently, to take action and create a brighter future. TED finds these powerful ideas across disciplines and around the globe, from people w
The Salvation Army is the nation's largest direct provider of social services. Annually, we help millions overcome poverty, addiction, and spiritual and economic hardships by preaching the gospel of Jesus Christ and meeting human needs in His name without discrimination in nearly every zip code.
AIESEC
AIESEC develops leadership among youth aged 18 to 30 and contributes to strengthening the global employability market by providing an end-to-end international talent recruitment solution for Enterprises, NGOs, and Start-ups. AIESEC is the world's largest youth-run organization developing the leader
Médecins Sans Frontières (MSF)
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation working to provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Since our founding in 1971, we’ve grown to a global movement delivering human
CASA DE LA FAMILIA
Casa de la Familia (CDLF) is a 501(c)(3) non-profit organization founded in 1996 by Clinical Psychologist Dr. Ana Nogales whose vision was to create an organization dedicated to ensuring long-lasting mental health success of children, youth, and families in response to psychological trauma. We prov
Transport for London
Every day, we help millions of people to make journeys across London: By Tube, bus, tram, car, bike – and more. People don’t associate us with journeys by river, on foot or via the air, but we help with that, too. Getting people to where they need to go has been our business for over 100 years, and
The International Rescue Committee responds to the world’s worst humanitarian crises and help people to survive, recover, and gain control of their future. Founded in 1933 at the request of Albert Einstein, the IRC offers lifesaving care and life-changing assistance to refugees and displaced peopl
.png)
FRF CyberSecurity News
December 04, 2025 08:14 PM
Phishing attempt against Reporters Without Borders attributed to Russia-linked group
The journalism nonprofit Reporters Without Borders and another organization reported phishing attempts to cybersecurity researchers,...
November 10, 2025 08:00 AM
The cost of war: Is Russia running out of money to continue the fight?
In his report for the Free Russia Foundation think tank, shared with the Kyiv Independent, Russian opposition politician Vladimir Milov said...
November 05, 2025 08:00 AM
The US must not endorse Russia and China’s vision for cybersecurity
Even as Russia and China wage a relentless cyber war against the West, the United Nations is celebrating a new cybercrime treaty whose chief...
September 12, 2025 08:56 PM
How the Russian Orthodox Church supports the Kremlin’s war against Ukraine
The Eurasia Center hosts a hybrid panel discussion on the pressures many Russian clergy face from the Russian Orthodox Church for opposing the Kremlin's war...
August 04, 2025 07:00 AM
Free Cybersecurity Training… and a $100m Russian Tech Hub? The Plan to Make Zim a Cyber Power
Zimbabwe launches free cybersecurity training with Russian-backed firm Cyberus; promises jobs, internships, and a $100m CyberDom hub.
July 29, 2025 07:00 AM
Indian cybersecurity and IT professionals among 25 countries for cybersecurity training in Russia
Positive Hack Camp, a global cybersecurity educational program, has started in Moscow. It is supported by Russia's Ministry of Digital...
June 05, 2025 07:00 AM
To free Russia from Putin we need to save Ukraine first, Russian opposition tells EU
Ukraine has previously accused some Russian opposition figures of echoing Putin's imperialist views — particularly by hesitating to fully...
March 03, 2025 08:00 AM
Opinion | U.S. digital disarmament gives Russia free rein in cyberspace. Bad idea.
Colin Ahern is New York State chief cyber officer. Mark Montgomery is a retired rear admiral and senior director of the Center on Cyber and...
January 06, 2025 08:00 AM
Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages
Researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
FRF CyberSecurity History Information
Official Website of Free Russia Foundation
The official website of Free Russia Foundation is http://www.4freerussia.org.
Free Russia Foundation’s AI-Generated Cybersecurity Score
According to Rankiteo, Free Russia Foundation’s AI-generated cybersecurity score is 662, reflecting their Weak security posture.
How many security badges does Free Russia Foundation’ have ?
According to Rankiteo, Free Russia Foundation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Free Russia Foundation have SOC 2 Type 1 certification ?
According to Rankiteo, Free Russia Foundation is not certified under SOC 2 Type 1.
Does Free Russia Foundation have SOC 2 Type 2 certification ?
According to Rankiteo, Free Russia Foundation does not hold a SOC 2 Type 2 certification.
Does Free Russia Foundation comply with GDPR ?
According to Rankiteo, Free Russia Foundation is not listed as GDPR compliant.
Does Free Russia Foundation have PCI DSS certification ?
According to Rankiteo, Free Russia Foundation does not currently maintain PCI DSS compliance.
Does Free Russia Foundation comply with HIPAA ?
According to Rankiteo, Free Russia Foundation is not compliant with HIPAA regulations.
Does Free Russia Foundation have ISO 27001 certification ?
According to Rankiteo,Free Russia Foundation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Free Russia Foundation
Free Russia Foundation operates primarily in the Non-profit Organizations industry.
Number of Employees at Free Russia Foundation
Free Russia Foundation employs approximately 22 people worldwide.
Subsidiaries Owned by Free Russia Foundation
Free Russia Foundation presently has no subsidiaries across any sectors.
Free Russia Foundation’s LinkedIn Followers
Free Russia Foundation’s official LinkedIn profile has approximately 2,455 followers.
NAICS Classification of Free Russia Foundation
Free Russia Foundation is classified under the NAICS code 8135, which corresponds to Others.
Free Russia Foundation’s Presence on Crunchbase
No, Free Russia Foundation does not have a profile on Crunchbase.
Free Russia Foundation’s Presence on LinkedIn
Yes, Free Russia Foundation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/free-russia-foundation.
Cybersecurity Incidents Involving Free Russia Foundation
As of December 15, 2025, Rankiteo reports that Free Russia Foundation has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Free Russia Foundation has an estimated 21,009 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Free Russia Foundation ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Cyber Attack.
How does Free Russia Foundation detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cyble research and intelligence labs (cril), third party assistance with seqrite labs..
Incident Details
Can you provide details on each incident ?
Title: EastWind Campaign Targets Russian Entities
Description: The EastWind campaign utilized sophisticated backdoors to target Russian entities, compromising government and IT organizations' security. Malware delivered via phishing emails installed PlugY and GrewApacha backdoors on victims' systems. The ill-intended actors leveraged public services like Dropbox and LiveJournal for command and control, executing wide-ranging functions including data theft and system monitoring. The implication of APT groups APT27 and APT31 indicates the sharing of advanced cyber-espionage tools, which signifies a higher threat level due to the coordinated and resourceful nature of the attackers. The campaign resulted in the unauthorized access and potential exfiltration of sensitive information, posing a critical concern for national security and the affected institutions' operational integrity.
Type: Cyber-espionage
Attack Vector: Phishing emails
Threat Actor: APT27APT31
Motivation: Data theft, system monitoring
Title: Spear-phishing campaign targeting Russian and Belarusian military personnel with weaponized LNK files
Description: A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure. The campaign used weaponized ZIP archives containing LNK files masquerading as PDFs (e.g., 'ТЛГ на убытие на переподготовку.pdf.lnk' and 'Исх №6626 Представление на назначение на воинскую должность.pdf.lnk'). Upon execution, the LNK file launches PowerShell to establish persistence, deploy OpenSSH for covert access, and create a Tor hidden service for exfiltration and lateral movement. The attack chain terminates if sandbox/automated analysis is detected.
Date Detected: October 2025
Date Publicly Disclosed: October 2025
Type: spear-phishing
Attack Vector: malicious LNK file (masquerading as PDF)weaponized ZIP archivePowerShell script executionTor hidden serviceOpenSSH backdoor
Vulnerability Exploited: human error (social engineering)LNK file executionPowerShell script abuse
Motivation: espionagemilitary intelligence gatheringpotential sabotage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing emails and weaponized ZIP archivemalicious LNK file (PDF decoy).
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber-espionage FRE000081724
Data Compromised: Sensitive information
Operational Impact: Potential operational integrity concerns
Incident : spear-phishing FRE5832158110525
Data Compromised: Military documents, Potential operational intelligence, System credentials
Systems Affected: Windows systems of targeted military personnelRDP/SMB/SFTP services via Tor forwarding
Operational Impact: potential disruption of military communicationscompromise of UAV/drone operations intelligence
Brand Reputation Impact: potential reputational damage to Russian/Belarusian military cybersecurity posture
Identity Theft Risk: ['military personnel credentials']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive information, Military Correspondence, Operational Documents, Potential Credentials and .
Which entities were affected by each incident ?
Incident : spear-phishing FRE5832158110525
Entity Name: Russian Airborne Forces (VDV)
Entity Type: military
Industry: defense
Location: Russia
Incident : spear-phishing FRE5832158110525
Entity Name: Belarusian Special Forces (UAV/drone operations)
Entity Type: military
Industry: defense
Location: Belarus
Response to the Incidents
What measures were taken in response to each incident ?
Incident : spear-phishing FRE5832158110525
Third Party Assistance: Cyble Research And Intelligence Labs (Cril), Seqrite Labs.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cyble Research and Intelligence Labs (CRIL), Seqrite Labs, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyber-espionage FRE000081724
Type of Data Compromised: Sensitive information
Sensitivity of Data: High
Data Exfiltration: Potential exfiltration
Incident : spear-phishing FRE5832158110525
Type of Data Compromised: Military correspondence, Operational documents, Potential credentials
Sensitivity of Data: high (military intelligence)
Data Exfiltration: via Tor hidden serviceSFTP/RDP/SMB forwarding
File Types Exposed: PDF (decoy)LNKPowerShell scripts
Personally Identifiable Information: military personnel identitiespotential authentication tokens
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : spear-phishing FRE5832158110525
Lessons Learned: Military personnel remain high-value targets for spear-phishing campaigns using socially engineered lures., LNK files masquerading as PDFs continue to be effective initial access vectors, especially in environments where document sharing is routine., Tor hidden services and OpenSSH backdoors enable stealthy persistence and exfiltration, bypassing traditional network defenses., Sandbox evasion techniques (e.g., premature script termination) highlight the need for behavioral analysis in malware detection., Cross-referencing TTPs with known APT groups (e.g., Sandworm, Angry Likho) is critical for attribution but may remain inconclusive.
What recommendations were made to prevent future incidents ?
Incident : spear-phishing FRE5832158110525
Recommendations: Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.)., Isolate high-value military systems from general-purpose networks to limit lateral movement., Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Military personnel remain high-value targets for spear-phishing campaigns using socially engineered lures.,LNK files masquerading as PDFs continue to be effective initial access vectors, especially in environments where document sharing is routine.,Tor hidden services and OpenSSH backdoors enable stealthy persistence and exfiltration, bypassing traditional network defenses.,Sandbox evasion techniques (e.g., premature script termination) highlight the need for behavioral analysis in malware detection.,Cross-referencing TTPs with known APT groups (e.g., Sandworm, Angry Likho) is critical for attribution but may remain inconclusive.
References
Where can I find more information about each incident ?
Incident : spear-phishing FRE5832158110525
Source: Cyble Research and Intelligence Labs (CRIL)
Date Accessed: October 2025
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyble Research and Intelligence Labs (CRIL)Date Accessed: October 2025, and Source: Seqrite LabsDate Accessed: October 2025.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : spear-phishing FRE5832158110525
Investigation Status: ongoing (unattributed)
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Cyber-espionage FRE000081724
Entry Point: Phishing emails
Backdoors Established: ['PlugY', 'GrewApacha']
Incident : spear-phishing FRE5832158110525
Entry Point: Weaponized Zip Archive, Malicious Lnk File (Pdf Decoy),
Backdoors Established: ['OpenSSH service (port 20321, RSA key auth)', 'Tor hidden service with port forwarding (RDP/SFTP/SMB)', 'scheduled task persistence']
High Value Targets: Russian Airborne Forces (Vdv) Personnel, Belarusian Special Forces (Uav Operators),
Data Sold on Dark Web: Russian Airborne Forces (Vdv) Personnel, Belarusian Special Forces (Uav Operators),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : spear-phishing FRE5832158110525
Root Causes: Successful Social Engineering Exploiting Military Document Themes., Lack Of Restrictions On Lnk File Execution In High-Security Environments., Inadequate Monitoring Of Powershell Script Execution And Outbound Tor Traffic., Over-Reliance On Perimeter Defenses Without Behavioral Analysis For Evasive Malware.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cyble Research And Intelligence Labs (Cril), Seqrite Labs, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an APT27APT31.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on October 2025.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on October 2025.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive information, military documents, potential operational intelligence, system credentials and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Windows systems of targeted military personnelRDP/SMB/SFTP services via Tor forwarding.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cyble research and intelligence labs (cril), seqrite labs, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were military documents, potential operational intelligence, Sensitive information and system credentials.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Cross-referencing TTPs with known APT groups (e.g., Sandworm, Angry Likho) is critical for attribution but may remain inconclusive.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement strict email filtering for LNK/shortcut files, especially in military contexts., Deploy endpoint detection and response (EDR) solutions to monitor PowerShell script execution chains., Isolate high-value military systems from general-purpose networks to limit lateral movement., Restrict outbound Tor traffic and non-standard SSH ports (e.g., 20321) in military networks., Conduct regular red-team exercises simulating military-themed spear-phishing lures., Enforce multi-factor authentication (MFA) for all remote access services (RDP, SSH, etc.). and Provide targeted cybersecurity training for military personnel on recognizing socially engineered military documents..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Seqrite Labs and Cyble Research and Intelligence Labs (CRIL).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (unattributed).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing emails.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=free-russia-foundation' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
