Cyber operations in the hybrid war. Karakurt extortion group warning. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Leak brokers and booters shut down.

Russian government agencies are buying VPNs. CISA and its partners warn about the Karakurt extortion group. Clipminer is out in the wild. GootLoader expands its payloads and targeting. Carole Theriault has the latest on fraudsters imitating law enforcement. Kevin Magee from Microsoft on security incentives by way of insurance. And leak brokers and booters shut down. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/106 Selected reading. White House: cyber activity not against Russia policy (Reuters)  Some see cyberwar in Ukraine. Others see just thwarted attacks. (Washington Post)  ESET Threat Report details targeted attacks connected to the Russian invasion of Ukraine and how the war changed the threat landscape (ESET)  Ukraine - 100 days of war in cyberspace (CyberPeace Institute)  Russian VPN Spending (Top 10 VPN) Karakurt Data Extortion Group (CISA) Karakurt Data Extortion Group (CISA)  US Agencies: Karakurt extortion group demanding up to $13 million in attacks (The Record by Recorded Future) Clipminer Botnet Makes Operators at Least $1.7 Million (Symantec Enterprise Blog) GootLoader Expands its Payloads Infecting a Law Firm with IcedID (eSentire)  WeLeakInfo.to and Related Domain Names Seized (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices