Russian hackers strike a US engineering firm over ties to Ukraine

Author

Taylor Hawes
November 26, 2025

From the Editor’s Desk

A new wave of cyberattacks evidences how geopolitical tensions are reshaping threat targeting. Observing not just state agencies, but also private firms with indirect links to conflict zones becoming targets — we need firms worldwide to reassess threat intelligence and supply-chain risk. Are organizations ready for this expanded scope of exposure?

🔎 Deep Brief

Russian hackers strike a US engineering firm over ties to Ukraine

This week reports confirmed that a US‐based engineering company — with no direct involvement in the war but serving a US municipality that has a sister-city link to Ukraine — was targeted by hackers belonging to a Russia-linked group known as RomCom.

The breach attempt was uncovered and neutralised in September by cybersecurity firm Arctic Wolf, averting any operational disruption. 

Takeaway

Threat actors are broadening their targeting criteria — even indirect associations, such as municipal links to Ukraine, can trigger intrusion attempts. Organizations need to expand their risk assessments beyond traditional targets and consider geopolitical associations when evaluating attack surface.

🧠 Strategy in Action

Shift in US Cyber-Policy under the new administration

This review of US cyber policy under Donald J. Trump’s 2025 administration shows a recalibration: federal oversight is reduced while the focus sharpens on foreign threats and protection of critical technologies. This signals that regulatory and compliance burdens on domestic businesses may ease even as organisations must brace for heightened scrutiny from foreign-threat vectors.

In practice, private firms — especially in tech and infrastructure — may witness lower compliance overhead but should enhance threat surveillance and strengthen external perimeter defences. For CISOs, this means reallocating resources from compliance-heavy tasks to threat detection, intelligence sharing, and resilience planning against state-sponsored attacks. 

Takeaways: 

This shift places greater responsibility on private organizations to defend their own systems. With less central coordination and fewer compliance-driven controls, firms must strengthen monitoring, invest in threat intelligence, and develop internal processes that can respond to state-linked attacks.

🕵️ Threat Actor Spotlight

PittyTiger 

PittyTiger is a China-linked group active since at least 2011. Their operations focus on espionage and information theft targeting companies in defence, telecommunications and at least one government organization.

Rather than relying on zero-day flaws, they use custom malware built exclusively for their operations. This allows them to maintain persistence and evade detection by standard tools.

Key insight: Defences oriented solely on known CVEs or off-the-shelf malware detection may miss such threats. Counter-espionage strategies must include behavioural monitoring, anomaly detection, and tailored threat-hunting designed around custom tool signatures.

🛠️ Tool Check

A Comparison of Network Vulnerability Scanners

Network-scanning tools continue to play a vital role in vulnerability management. 

The top tools according to Comparitech are:

  • Intruder - Cloud-based scanner offering scheduled scans, on-demand checks, and optional human testing.

  • ManageEngine Vulnerability Manager Plus - Windows-focused scanner with automated mitigation and free and paid tiers.

  • Site24x7 - Cloud service with a configuration manager that addresses firmware-related risks.

  • PRTG Network Vulnerability Monitoring - Monitoring suite that tracks logs, ports, and traffic with a free 100-sensor tier.

  • SecPod SanerNow - SaaS platform linking vulnerability findings with automated system protection.

🗣️ Community Signal

As we deal with Gen AI and cybersecurity every single day, it’s becoming clearer that we’ve entered a strange, elegant loop — the same kind you see in financial markets, in GenAI deal cycles, and now in cyber offense vs. cyber defense” Ajay G. Co-founder/CEO at Kitecyber.

📚 Don’t Miss This

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Friday’s edition - Let’s keep that zero-day count at zero!