Ministry of Defense of the Russian Federation Company CyberSecurity Posture
http://mil.ru
The Ministry of Defence of the Russian Federation (Russian: Министерство обороны Российской Федерации, Минобороны России, informally abbreviated as МО, МО РФ or Minoboron) is the governing body of the Russian Armed Forces. The President of Russia is the Commander-in-Chief of the Armed Forces of the Russian Federation and directs the activity of the Ministry. The Defence Minister exercises day-to-day administrative and operational authority over the armed forces.[2] The General Staff executes the president's and the defence minister's instructions and orders. The main building of the ministry, built in the 1940s, is located on Arbatskaya Square, near Arbat Street. Other buildings of the ministry are located throughout the city of Moscow. The supreme body responsible for the Ministry's management and supervision of the Armed Forces is The National Defense Management Center (Национальный центр управления обороной РФ) located on Frunze Naberezhnaya and responsible for the centralization of the Armed Forces' command. The current Russian Minister of Defence is Army General Sergey Shoygu.
Company Details
ministry-of-defense-of-the-russian-federation
623
751
None
http://mil.ru
0
MIN_1570842
In-progress
MDRF Risk Score (AI oriented)Between 700 and 749
MDRF Global Score (TPRM)XXXX
Description: **Pro-Ukrainian Hackers Target Russian Defense Firms in Cyber-Espionage Campaign** A recent cyber-espionage campaign has targeted Russian defense and technology firms, with researchers attributing the attacks to *Paper Werewolf* (also known as *GOFFEE*), a pro-Ukrainian hacking group active since 2022. The campaign, uncovered by cybersecurity firm Intezer, employed AI-generated decoy documents to trick employees at organizations involved in air defense and sensitive electronics into opening malicious files. The attack used sophisticated social engineering tactics, including Russian-language lures such as a fake concert invitation for high-ranking officers and correspondence mimicking Russia’s Ministry of Industry and Trade. Intezer researcher Nicole Fishbein noted that while such intrusions against Russian entities may not be uncommon, visibility into them remains limited. Oleg Shakirov, a Russian cyber policy researcher, confirmed that pro-Ukrainian hackers frequently target Russian defense companies during the ongoing war. This campaign follows a prior cyberattack by Ukraine’s Defense Intelligence on *Gaskar Integration*, a Russian UAV supplier, which disrupted its systems and provided access to critical drone production data. The incident highlights the persistent cyber threats facing Russia’s defense sector amid the conflict.
Ministry of Defense of the Russian Federation has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Ministry of Defense of the Russian Federation has 28.21% more incidents than the average of all companies with at least one recorded incident.
Ministry of Defense of the Russian Federation reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
MDRF cyber incidents detection timeline including parent company and subsidiaries
The Ministry of Defence of the Russian Federation (Russian: Министерство обороны Российской Федерации, Минобороны России, informally abbreviated as МО, МО РФ or Minoboron) is the governing body of the Russian Armed Forces. The President of Russia is the Commander-in-Chief of the Armed Forces of the Russian Federation and directs the activity of the Ministry. The Defence Minister exercises day-to-day administrative and operational authority over the armed forces.[2] The General Staff executes the president's and the defence minister's instructions and orders. The main building of the ministry, built in the 1940s, is located on Arbatskaya Square, near Arbat Street. Other buildings of the ministry are located throughout the city of Moscow. The supreme body responsible for the Ministry's management and supervision of the Armed Forces is The National Defense Management Center (Национальный центр управления обороной РФ) located on Frunze Naberezhnaya and responsible for the centralization of the Armed Forces' command. The current Russian Minister of Defence is Army General Sergey Shoygu.
Partido político de México que promueve la participación de la sociedad en la democracia. Con un total de 164 diputados electos y 49 plurinominales,3 el PRI ganó la mayoría en la Cámara de Diputados y se colocó como la primera fuerza política en el Senado, con 41 senadores electos y 11 plurinom
.png)
The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers' pattern of exaggerating their actual...
Iran wartime cyber operations were wide enough to potentially reach every single Israeli citizen during the 12-day war in June,...
Britain's future cyber warriors will sharpen digital combat skills through the International Defence Esports Games (IDEG), launched today...
The cyber community fears that the administration's continuous cuts have weakened our cyber defenses. Homeland Security Secretary Kristi...
The U.S. government has accused a former executive at defense contractor L3Harris of stealing trade secrets and selling them to a buyer in...
CP 1338. PM Foreword. National Security is the first responsibility of any government, that never changes. But as the world changes,...
The package is listed inside Platform One's Iron Bank, a vetted Defense Department software repository, people familiar say.
GCHQ's National Cyber Security Centre reveals Russian military intelligence are behind use of sophisticated malware dubbed AUTHENTIC ANTICS...
Treaty between the United Kingdom of Great Britain and Northern Ireland and the Federal Republic of Germany on friendship and bilateral...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Ministry of Defense of the Russian Federation is http://mil.ru.
According to Rankiteo, Ministry of Defense of the Russian Federation’s AI-generated cybersecurity score is 741, reflecting their Moderate security posture.
According to Rankiteo, Ministry of Defense of the Russian Federation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Ministry of Defense of the Russian Federation is not certified under SOC 2 Type 1.
According to Rankiteo, Ministry of Defense of the Russian Federation does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Ministry of Defense of the Russian Federation is not listed as GDPR compliant.
According to Rankiteo, Ministry of Defense of the Russian Federation does not currently maintain PCI DSS compliance.
According to Rankiteo, Ministry of Defense of the Russian Federation is not compliant with HIPAA regulations.
According to Rankiteo,Ministry of Defense of the Russian Federation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Ministry of Defense of the Russian Federation operates primarily in the Public Policy industry.
Ministry of Defense of the Russian Federation employs approximately 623 people worldwide.
Ministry of Defense of the Russian Federation presently has no subsidiaries across any sectors.
Ministry of Defense of the Russian Federation’s official LinkedIn profile has approximately 751 followers.
Ministry of Defense of the Russian Federation is classified under the NAICS code None, which corresponds to Others.
No, Ministry of Defense of the Russian Federation does not have a profile on Crunchbase.
Yes, Ministry of Defense of the Russian Federation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ministry-of-defense-of-the-russian-federation.
As of December 21, 2025, Rankiteo reports that Ministry of Defense of the Russian Federation has experienced 1 cybersecurity incidents.
Ministry of Defense of the Russian Federation has an estimated 236 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with intezer (cybersecurity firm)..
Title: Cyber-Espionage Campaign Targeting Russian Defense and Technology Firms
Description: Russian defense and technology firms were targeted in a cyber-espionage campaign linked to the 'Paper Werewolf' (GOFFEE) hacking group, believed to be pro-Ukrainian. The campaign used AI-generated decoy documents to deceive employees into opening malicious files.
Date Publicly Disclosed: 2023-12-19
Type: Cyber-Espionage
Attack Vector: Malicious Files (Decoy Documents)
Threat Actor: Paper Werewolf (GOFFEE)
Motivation: Espionage, Gathering Intelligence on Russian Defense Capabilities
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through AI-generated decoy documents, Phishing lures (e.g., concert invitations and ministry correspondence).
Data Compromised: Technical data related to air defense and sensitive electronics
Operational Impact: Disruption of systems (in case of Gaskar Integration)
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Technical data, Sensitive electronics and air defense information and Drone production data.
Entity Type: Defense and Technology Firms
Industry: Defense, Sensitive Electronics
Location: Russia
Entity Name: Gaskar Integration
Entity Type: UAV Supplier
Industry: Defense, Drone Production
Location: Russia
Third Party Assistance: Intezer (Cybersecurity Firm)
Third-Party Assistance: The company involves third-party assistance in incident response through Intezer (Cybersecurity Firm).
Type of Data Compromised: Technical data, Sensitive electronics and air defense information, Drone production data
Sensitivity of Data: High
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: ReutersDate Accessed: 2023-12-19, and Source: IntezerDate Accessed: 2023-12-19.
Investigation Status: Ongoing
Entry Point: AI-generated decoy documents, Phishing lures (e.g., concert invitations, ministry correspondence)
High Value Targets: High-ranking officers, Defense and technology firms
Data Sold on Dark Web: High-ranking officers, Defense and technology firms
Root Causes: Use of AI-generated decoy documents, Social engineering (phishing lures)
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Intezer (Cybersecurity Firm).
Last Attacking Group: The attacking group in the last incident was an Paper Werewolf (GOFFEE).
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-12-19.
Most Significant Data Compromised: The most significant data compromised in an incident was Technical data related to air defense and sensitive electronics.
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Intezer (Cybersecurity Firm).
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Technical data related to air defense and sensitive electronics.
Most Recent Source: The most recent source of information about an incident are Intezer and Reuters.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Most Recent Entry Point: The most recent entry point used by an initial access broker were an AI-generated decoy documents, Phishing lures (e.g., concert invitations and ministry correspondence).
.png)
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. `generate_state_token()` is always called with an empty `state_data` dict, so the resulting JWT only contains the fixed audience claim plus an expiration timestamp. On callback, the library merely checks that the JWT verifies under `state_secret` and is unexpired; there is no attempt to match the state value to the browser that initiated the OAuth request, no correlation cookie, and no server-side cache. Any attacker can hit `/authorize`, capture the server-generated state, finish the upstream OAuth flow with their own provider account, and then trick a victim into loading `.../callback?code=<attacker_code>&state=<attacker_state>`. Because the state JWT is valid for any client for \~1 hour, the victim’s browser will complete the flow. This leads to login CSRF. Depending on the app’s logic, the login CSRF can lead to an account takeover of the victim account or to the victim user getting logged in to the attacker's account. Version 15.0.2 contains a patch for the issue.
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid