Daily Briefing for 02.13.26

Top stories.

• Pro-Russia hacktivists target the Winter Olympics. 
• US National Cyber Director calls for deeper collaboration at the Munich Cyber Security Conference.
• Fake video meeting invites deliver signed RMM tools.

Pro-Russia hacktivists target the Winter Olympics.

Intel 471 has observed a surge in pro-Russia hacktivism since the opening of the Winter Olympics on February 6th. Russia was banned from competing in the games due to the ongoing war in Ukraine, and cyber retaliation was not unexpected: the country previously launched cyberattacks against the 2018 Winter Olympics after its athletes were banned for doping.

Intel 471 says the hacktivist group NoName057(16) launched DDoS attacks against Italian entities located in the Olympics’ host cities of Milan and Cortina. The group also claimed to have targeted "the Lithuanian, Polish and Spanish national Olympic committees, as well as a Cortina d’Ampezzo tourism website and Milan Malpensa Airport." Additionally, the BD Anonymous group allegedly targeted the websites of two Italian airports, while the Z-Pentest Alliance and Server Killers groups claimed to have targeted Italian critical infrastructure. Italian authorities acknowledged the incidents, but said the attacks were thwarted without any notable impacts.

While the cyberattacks against the 2018 Olympics were tied to Russian government threat actors, the 2026 attacks are attributed to low-level hacktivist groups. Intel 471 notes, "We cannot completely dismiss the possibility that Russian state-backed threat groups have conducted persistence attacks against entities involved in the 2026 Winter Olympics. However, this type of influence and the suggested need to defend Russia’s image on the world stage likely are secondary or tertiary intelligence objectives for the Kremlin at present."

US National Cyber Director calls for deeper collaboration at the Munich Cyber Security Conference.

US National Cyber Director Sean Cairncross said in a discussion at the Munich Cyber Security Conference yesterday that the United States is seeking to deepen cyber partnerships with allies in order to send a "coordinated, strategic message" that would change the "risk calculus and decision-making apparatus on the adversarial side," the Record reports. Cairncross said an "America first" approach does not mean "America alone," emphasizing that shared adversaries, including nation-state actors, espionage groups, ransomware operators, and scam centers, require coordinated action. Cairncross also emphasized the role of the private sector, which bears much of the burden of cyber defense, and called for deeper information sharing and coordination between governments and companies.

Fake video meeting invites deliver signed RMM tools.

Netskope warns that threat actors are using fake meeting invites for various video conference applications to deliver digitally signed remote monitoring and management (RMM) tools. These tools, which include Datto RMM, LogMeIn, and ScreenConnect, have legitimate uses and are less likely to be flagged as malicious, but still give attackers full control over compromised computers.

The phishing messages impersonate Google Meet, Microsoft Teams, or Zoom, and lead users to landing pages that instruct them to install software updates in order to join the urgent video call. The phishing pages are convincingly spoofed versions of video meeting landing pages, complete with a fake list of users who are already in the meeting. Victims are more likely to bypass security warnings in order to download the software that will supposedly let them join the ongoing meeting.