When Russian troops invaded Ukraine on 24 February 2022, Russia’s datacentre sector was one of the fastest-growing segments of the country’s IT industry, with annual growth rates in the region of 10-12%. However, with the conflict resulting in the imposition of Western sanctions against Russia and an outflow of US-based tech companies from the country, including Apple and Microsoft, optimism about the sector’s potential for further growth soon disappeared. In early March 2025, it was reported that Google had disconnected from traffic exchange points and datacentres in Russia, leading to concerns about how this could negatively affect the speed of access to some Google services for Russian users. Initially, there was hope that domestic technology and datacentre providers might be able to plug the gaps left by the exodus of the US tech giants, but it seems they could not keep up with the hosting demands of Russia’s increasingly digital economy. Oleg Kim, director of the hardware systems department at Russian IT company Axoft, says the departure of foreign cloud providers and equipment manufacturers has led to a serious shortage of compute capacity in Russia. This is because the situation resulted in a sharp, initial increase in demand for domestic datacentres, but Russian providers simply did not have time to expand their capacities on the required scale, continues Kim. According to the estimates of Key Point, one of Russia’s largest datacentre networks, meeting Russia’s demand for datacentres will require facilities with a total capacity of 30,000 racks to be built each year over the next five years. On top of this, it has also become more costly to build datacentres in Russia. Estimates suggest that prior to 2022, the cost of a datacentre rack totalled 100,000 rubles ($1,200), but now exceeds 150,000 rubles. And analysts at Forbes Russia expect these figures will continue to grow, due to rising logistics costs and the impact the war is having on the availability of skilled labour in the construction sector. The impact of these challenges is being keenly felt by users, with several of the country’s large banks experiencing serious problems when finding suitable locations for their datacentres. Sberbank is among the firms affected, with its chairperson, German Gref, speaking out previously about how the bank is in need of a datacentre with at least 200MW of capacity, but would ideally need 300-400MW to address its compute requirements. Stanislav Bliznyuk, chairperson of T-Bank, says trying to build even two 50MW datacentres to meet its needs is proving problematic. “Finding locations where such capacity and adequate tariffs are available is a difficult task,” he said. Read more about datacentre developments North Lincolnshire Council has received a planning permission application for another large-scale datacentre development, in support of its bid to become an AI Growth Zone A proposal to build one of the biggest datacentres in Europe has been submitted to Hertsmere Borough Council, and already has the support of the technology secretary and local councillors. The UK government has unveiled its 50-point AI action plan, which commits to building sovereign artificial intelligence capabilities and accelerating AI datacentre developments – but questions remain about the viability of the plans. Despite this, T-Bank is establishing its own network of data processing centres – the first of which should open in early 2027, he confirmed in November 2024. Kirill Solyev, head of the engineering infrastructure department of the Softline Group of Companies, who specialise in IT, says many large Russian companies are resorting to building their own datacentres – because compute capacity is in such short supply. The situation is, however, complicated by the lack of suitable locations for datacentres in the largest cities of Russia – Moscow and St Petersburg. “For example, to build a datacentre with a capacity of 60MW, finding a suitable site can take up to three years,” says Solyev. “In Moscow, according to preliminary estimates, there are about 50MW of free capacity left, which is equivalent to 2-4 large commercial datacentres. “The capacity deficit only in the southern part of the Moscow region is predicted at 564MW by 2030, and up to 3.15GW by 2042.” As a result, datacentre operators and investors are now looking for suitable locations outside of Moscow and St Petersburg, and seeking to co-locate new datacentres in close proximity to renewable energy sources. And this will be important as demand for datacentre capacity in Russia is expected to increase, as it is in most of the rest of the world, due to the growing use of artificial intelligence (AI) tools and services. The energy-intensive nature of AI workloads will put further pressure on operators that are already struggling to meet the compute capacity demands of their customers. Speaking at the recent Ural Forum on cyber security in finance, Alexander Kraynov, director of AI technology development at Yandex, says solving the energy consumption issue of AI datacentres will not be easy. “The world is running out of electricity, including for AI, while the same situation is observed in Russia,” he said. “In order to ensure a stable energy supply of a newly built large datacentre, we will need up to one year.” According to a recent report of the Russian Vedomosti business paper, as of April 2024, Russian datacentres have used about 2.6GW, which is equivalent to about 1% of the installed capacity of the Unified Energy System of Russia. Accommodating AI workloads will also mean operators will need to purchase additional equipment, including expensive accelerators based on graphic processing units and higher-performing data storage systems. The implementation of these plans and the viability of these purchases is likely to be seriously complicated by the current sanctions regime against Russia. That said, Russia’s prime minister, Mikhail Mishustin, claims this part of the datacentre supply equation is being partially solved by an uptick in the domestic production of datacentre kit. According to the Mishustin, more than half of the server equipment and industrial storage and information processing systems needed for datacentres are already being produced in Russia – and these figures will continue to grow. The government also plans to provide additional financial support to the industry, as – to date – building datacentres in Russia has been prevented by relatively long payback periods, of up to 10 years in some cases, of such projects. One of the possible support measures on offer could include the subsidisation of at least part of the interest rates on loans to datacentre developers and operators. At the same time, though, the government’s actions in other areas have made it harder for operators to build new facilities. For example, in March 2025, the Russian government significantly tightened the existing norms for the establishment of new datacentres in the form of new rules for the design of data processing centres, which came into force after the approval by the Russian Ministry of Construction. According to Nikita Tsaplin, CEO of Russian hosting provider RUVDS, the rules led to additional bureaucracy in the sector (due to the positioning of datacentres as typical construction objects). And, according to his predictions, that situation can extend the construction cycle of a datacentre from around five years to seven years. The government’s intervention here was to prevent the installation of servers in residential areas, such as garages, but it looks set to complicate an already complex situation – prompting questions about whether Russia’s datacentre market will ever reach its full potential.

These annual rankings were last updated on June 6, 2025. Want to see your firm on next year’s list? Continue reading for more on how you can improve your studio’s ranking. Traversing the German nation, one will encounter a similar historic program to other European capitals — Romanesque churches, Renaissance monuments and more — blended with functionalist and modernist structures. Early twenty-first-century Germany gave rise to the thriving Bauhaus. Founded by Walter Gropius, this school introduced brand-new architectural thinking, an ideology rooted in function, clarity and mass production. Materials like concrete and glass were favored, socially progressive housing blocks were constructed, and a newfound appreciation for modernism emerged. The spirit of the great Bauhaus teachers — Mies van der Rohe, for example — vigorously lives on and inspires contemporary designers today. Additionally, modern industrial architecture took off post-war and has played a prominent role in the nation’s economic growth, continuing to do so today. The architectural devastation from WWII resulted in mass reconstruction efforts. The post-war restoration and rebuilding embraced a functional attitude, which continued the legacy of the Bauhaus movement despite its closing over a decade prior. Today, German architecture continues to champion the nation’s modernist brilliance through innovative designs that push technological boundaries and celebrate culture. With so many architecture firms to choose from, it’s challenging for clients to identify the industry leaders that will be an ideal fit for their project needs. Fortunately, Architizer is able to provide guidance on the top design firms in Germany based on more than a decade of data and industry knowledge. How are these architecture firms ranked? The following ranking has been created according to key statistics that demonstrate each firm’s level of architectural excellence. The following metrics have been accumulated to establish each architecture firm’s ranking, in order of priority: The number of A+Awards won (2013 to 2025) The number of A+Awards finalists (2013 to 2025) The number of projects selected as “Project of the Day” (2009 to 2025) The number of projects selected as “Featured Project” (2009 to 2025) The number of projects uploaded to Architizer (2009 to 2025) Each of these metrics is explained in more detail at the foot of this article. This ranking list will be updated annually, taking into account new achievements of Germany architecture firms throughout the year. Without further ado, here are the 30 best architecture firms in Germany: 30. Format Elf Architekten © Format Elf Architekten Simple and touching. Format Elf Architekten is an architecture firm that focuses on residential architecture. Some of Format Elf Architekten’s most prominent projects include: Longhouses, Bad Birnbach, Germany FORMSTELLE, Töging am Inn, Germany House B, Munich, Germany Die Basis, Munich, Germany The following statistics helped Format Elf Architekten achieve 30th place in the 30 Best Architecture Firms in Germany: Featured Projects 1 Total Projects 4 29. Bruzkus Batek Architects © Jens Bösenberg | Whitelight Studio GmbH BRUZKUS BATEK Since 2007, this internationally active office specialised in designing hotels, offices, shops, restaurants and private housing – and particularly in the detailing of high-quality interiors. After 10 successful years, it is time for a change. As of 2018, Bruzkus Batek is splitting into BATEK ARCHITECTS and ESTER BRUZKUS ARCHITECTS. Some of Bruzkus Batek Architects’ most prominent projects include: Razorfish, Berlin, Germany Office Ester Bruzkus Architekten, Berlin, Germany Colette Tim Raue Munich, Munich, Germany Apartment PP, Berlin, Germany Dean, Berlin, Germany The following statistics helped Bruzkus Batek Architects achieve 29th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 1 Featured Projects 3 Total Projects 28 28. Ester Bruzkus Architekten © Ester Bruzkus Architekten Founded in 2002 in Berlin, Ester Bruzkus Architekten is an architecture and interior design practice with global ties: Berlin, New York, Paris, Tel Aviv, Boston, Dubai, Moscow, Vladivostok, Tenerife. We have extensive experience with design at many scales: from the design of tables and furniture to exquisite residences and workspaces to international theaters, restaurants and hotels. Straight lines, precise planning, material contrasts – and plenty of surprises. The architecture of Ester Bruzkus and her team makes use of contrasts of thick and thin, sharp and soft, curved and straight, rough and smooth, common and opulent, colorful and restrained, playful and well-resolved. Special projects result from a dialogue of space and light, materiality and color, existing constraints and new opportunities – and especially a synergy between the needs of the client, the space and the aspirations of great design. Some of Ester Bruzkus Architekten’s most prominent projects include: Razorfish, Berlin, Germany Office Ester Bruzkus Architekten, Berlin, Germany Colette Tim Raue Munich, Munich, Germany Apartment PP, Berlin, Germany Dean, Berlin, Germany The following statistics helped Ester Bruzkus Architekten achieve 28th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 1 Featured Projects 3 Total Projects 34 27. Architekten Wannenmacher + Möller © Architekten Wannenmacher + Möller GmbH Architects Wannenmacher + Möller, based in Bielefeld Germany, has been in practice for almost 60 years. Today the office is run by second generation Andreas Wannenmacher and Hans-Heinrich Möller. It was founded by Gregor Wannenmacher in Düsseldorf, Germany in 1955. Over the years the office grew continuously and became one of the largest architectural firms in the German region Eastern Westfalia. Most of the activities were focused in this region. During the last years, however, the office had the opportunity to design buildings and control their realization outside this region, some of them in foreign countries throughout Europe, Asia, and the USA. Some of Architekten Wannenmacher + Möller’s most prominent projects include: Ford Hagemeier Halle , Germany Wohnhaus Möllmann, Bielefeld, Germany House P+G, Weinheim, Germany House in Paderborn, Paderborn, Germany Borchen Sports Hall, Borchen, Germany The following statistics helped Architekten Wannenmacher + Möller achieve 27th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 1 Featured Projects 4 Total Projects 14 26. Design.Develop.Build – GA Tech | PBSA | RWTH © Design.Develop.Build - GA Tech | PBSA | RWTH Students from the Georgia Institute of Technology, RWTH Aachen University and PBSA Düsseldorf design, develop and build civic architecture. Some of Design.Develop.Build’s most prominent projects include: Guga S’Thebe Children’s Theatre, Cape Town, South Africa The following statistics helped Design.Develop.Build achieve 26th place in the 30 Best Architecture Firms in Germany: A+Awards Winner 2 A+Awards Finalist 1 Featured Projects 1 Total Projects 1 25. Ecker Architekten © Ecker Architekten Ecker Architekten is an architecture and design firm based in Germany. Ecker Architekten’s design portfolio includes a variety of architectural projects, such as cultural, commercial, government and health, educational, and more. Some of Ecker Architekten’s most prominent projects include: The Forum at Eckenberg Gymnasium, Adelsheim, Germany Field Chapel, Buchen (Odenwald), Germany Kindergarten Dandelion Clock, Germany Kanzlei Balkenhol, BW, Germany Branch Bank in Hettingen, Hettingen, Germany The following statistics helped Ecker Architekten achieve 25th place in the 30 Best Architecture Firms in Germany: Featured Projects 4 Total Projects 8 24. Sehw Architektur © Helin Bereket “Sehw stands for meaningfulness, emotion, attitude and change.” Our mission: building architecture sustainably, thinking innovatively and creating social added value. “Sehw stands for an aesthetic of sustainability in architecture.” // Sustainability // Acting sustainably We are not just planning for today but for the generation of tomorrow and beyond. For us, sustainable architecture means forward-looking planning and the development of future-proof utilization concepts. In times of rapid climate change, we are committed to resource-conserving construction methods and the use of renewable energies. Recyclable building materials and circular economy are the basis for a long life cycle and corresponding sustainability certifications of our buildings. We value and protect existing structures and materials. Some of Sehw Architektur’s most prominent projects include: KIT, Karlsruhe, Germany Weitblick Innovation Campus, Augsburg, Germany Inclusive School Centre Döbern, Döbern, Germany The Copper Coil, Rostock, Germany Around the Corner – Student Apartment Building, Berlin, Germany The following statistics helped Sehw Architektur achieve 24th place in the 30 Best Architecture Firms in Germany: Featured Projects 5 Total Projects 18 23. PHILIPPARCHITEKTEN Anna Philipp © PHILIPPARCHITEKTEN Anna Philipp A passion for houses. There’s nothing more significant to describe what our architecture office is about: houses — simple, yet complex. The archetype of all construction is our passion. That’s what we stand for. On this we work holistically with a team of architects and engineers. Center of our designing is the human being. We understand architecture as a second skin, which must be tailored. At the same time it’s essential to reflect the unique character of the location. The goal is a harmonious triad of mankind, nature and architecture. The focus and specialization on houses and villas is faced by a wide diversification in the range of services offered. Some of PHILIPPARCHITEKTEN Anna Philipp’s most prominent projects include: Villa Philipp, Waldenburg, Germany Villa Lombardo, Lugano, Switzerland A monastery of modernity, Augsburg, Germany Villa Schatzlmayr, Passau, Germany Villa Mauthe, Bahlingen, Germany The following statistics helped PHILIPPARCHITEKTEN Anna Philipp achieve 23rd place in the 30 Best Architecture Firms in Germany: Featured Projects 5 Total Projects 22 22. KRESINGS © Roman Mensing KRESINGS is a studio for architecture, interior design, urban planning and product design with offices in Munster and Dusseldorf. Since its founding by Rainer Maria Kresing in 1985 four further partners joined the management: Kilian Kresing, Christian Kawe, Matthias Povel and André Perret. More than 60 employees — architects, designers, planners and engineers — guarantee a broad range of creative and qualified services. Experience meets creative ease. The studio has been awarded with national awards like those of the BDA (Bund Deutscher Architekten) and the DAM (Deutsches Architektur Museum). KRESINGS: Experts and team players in areas of office and industrial buildings, facilities for research, education and culture as well as individual designs for residential buildings. Some of KRESINGS’ most prominent projects include: Student Residence Boeselagerstraße, Münster, Germany Headquarters Mitsubishi Electric Europe, Ratingen, Germany Petting Zoo, Öhringen, Germany Freiherr-vom-Stein-High-School, Münster, Germany Residential Building Hoher Heckenweg, Münster, Germany The following statistics helped KRESINGS achieve 22nd place in the 30 Best Architecture Firms in Germany: Featured Projects 5 Total Projects 33 21. 3deluxe © 3deluxe The interdisciplinary design collective 3deluxe, consisting of about 30 individuals centered around Dieter Brell, Peter Seipp and Andreas and Stephan Lauhoff, has been creating groundbreaking impulses in the fields of architecture and interior design, graphic and media design. In creative synergy hybrid forms of two and three dimensional design are created: graphic works develop a spatial impact, while architectural drafts are based on communication principles. In this way, complex collages are contrived, so called ‚multilayered atmospheres‘, that foster multiple sensory experiences and allow for a multitude of potential interpretations. Paramount is the broadening of an absolute understanding of space and image towards a dynamic, processual approach. Some of 3deluxe’s most prominent projects include: V- Plaza Urban Development, Kaunas, Lithuania Kaffee Partner Headquarters, Osnabrück, Germany Butterfly Pavilion, Sharjah, United Arab Emirates Leonardo Glass Cube, Bad Driburg, Germany Cyberhelvetia The following statistics helped 3deluxe achieve 21st place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 2 Featured Projects 3 Total Projects 20 20. Christoph Hesse Architects © Deimel und Wittmar Christoph Hesse Architects was founded in 2010 by Christoph Hesse, has offices in Korbach and, since 2018, in Berlin. The architectural practice currently employs an international team of 15 people and has won numerous awards. Some of Christoph Hesse Architects’ most prominent projects include: VITOS Outpatient psychiatric clinic for traumatized refugees, Korbach, Germany Villa F / the off-the-grid house in the central highlands of Germany, Medebach, Germany StrohTherme, Medebach, Germany Room of Silence, Korbach, Germany The following statistics helped Christoph Hesse Architects achieve 20th place in the 30 Best Architecture Firms in Germany: A+Awards Winner 2 Featured Projects 2 Total Projects 4 19. Zeller & Moye © Zeller & Moye Zeller & Moye is a design studio based in Mexico City and Berlin that works at the intersection of architecture, arts, design and latest technology through an experimental, multidisciplinary and collaborative working culture. Some of Zeller & Moye’s most prominent projects include: HAUS KÖRIS, Brandenburg, Germany SANDRA WEIL Store, Mexico City, Mexico TROQUER FASHION HOUSE, Mexico City, Mexico CASA VERNE, Mexico City, Mexico CASA HILO, Mexico The following statistics helped Zeller & Moye achieve 19th place in the 30 Best Architecture Firms in Germany: Featured Projects 5 Total Projects 12 18. Ippolito Fleitz Group – Identity Architects © Ippolito Fleitz Group - Identity Architects Ippolito fleitz group is a multidisciplinary, internationally operating design studio based in Stuttgart.We are identity architects. We work in unison with our clients to develop architecture, products and communication that are part of a whole and yet distinctive in their own right. This is how we define identity.With meticulous analysis before we begin.With animated examination in the conceptional phase. With a clarity of argument in the act of persuasion.With a love of accuracy in the realisation.With a serious goal and a lot of fun along the way. Working together with our clients.As architects of identity, we conceive and construct buildings, interiors and landscapes; we develop products and communication measures. Some of Ippolito Fleitz Group – Identity Architects’ most prominent projects include: Das GERBER, Stuttgart, Germany Hunke – Jewellers and Opticians, Ludwigsburg, Germany Bella Italia Weine, Stuttgart, Germany ippolito fleitz group | Residential Building, Denkendorf, Germany WakuWaku Dammtor, Hamburg, Germany The following statistics helped Ippolito Fleitz Group - Identity Architects achieve 18th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 1 Featured Projects 4 Total Projects 26 17. VON M © Zooey Braun VON M is an architecture and design firm based in Germany. VON M’s design portfolio includes a variety of architectural projects, such as cultural, residential, educational, commercial, hospitality and sport, and more. Some of VON M’s most prominent projects include: Museum Luthers Sterbehaus, Eisleben, Germany BHM Pavillon, Wolfegg, Germany Kinder- und Familienzentrum, Ludwigsburg, Germany Hotel Bauhofstrasse, Ludwigsburg, Germany HS77, Stuttgart, Germany The following statistics helped VON M achieve 17th place in the 30 Best Architecture Firms in Germany: Featured Projects 6 Total Projects 11 16. Plastique Fantastique © Plastique Fantastique Plastique Fantastique is a collective for temporary architecture that samples the performative possibilities of urban environments. Established in Berlin in 1999, Plastique Fantastique has been influenced by the unique circumstances that made the city a laboratory for temporary spaces. Plastique Fantastique’s synthetic structures affect surrounding spaces like a soap bubble does: Similar to a foreign body, it occupies and mutates urban space. Their interventions change the way we perceive and interact in urban environments. By mixing different landscape types, an osmotic passage between private and public space is generating new hybrid environments.Regardless the way people view a bubble, walk around its exterior or move inside it, the pneumatic structure is a medium to experience the same physical setting in a temporary extraordinary situation. Some of Plastique Fantastique’s most prominent projects include: LOUD SHADOWS, Terschelling, Netherlands Blurry Venice, Venice, Italy Aeropolis, Copenhagen, Denmark superKOLMEMEN, Helsinki, Finland MOBILE PPS (Personal Protective Space) for Doctors The following statistics helped Plastique Fantastique achieve 16th place in the 30 Best Architecture Firms in Germany: Featured Projects 5 Total Projects 5 15. 4a Architekten © 4a Architekten GmbH Shaping atmosphere, lending identity, creating quality of space — these are the values that characterize the buildings of 4a Architekten. The starting point and guiding principle of our work is the concept of architecture as living space. Our buildings come into being through intensive team work shaped by interdisciplinary thinking and action. What characterizes a location in terms of its culture and history? What are the client’s expectations and objectives? What is viable within the budget and what are the benefits for users? These questions and this approach bring us to solutions with an individual character — and they apply just as much to the planning of buildings as to the design of interior spaces. Some of 4a Architekten’s most prominent projects include: Therme Lindau on Lake Constance, Lindau, Germany Balingen Civic Hall, Balingen, Germany Emser Thermal Baths, Bad Ems, Germany Spreewald Spa Hotel, Burg, Germany Stegermatt Aquatic Centre, Offenburg, Germany The following statistics helped 4a Architekten achieve 15th place in the 30 Best Architecture Firms in Germany: Featured Projects 7 Total Projects 15 14. schneider+schumacher © schneider+schumacher / Frankfurt - Vienna - Tianjin Our architectural approach is characterized by the enjoyment we have in finding solutions to the complex demands of today’s buildings. We adapt our buildings to fit into their surroundings, yet we also create landmarks. Pragmatic poetry, nurtured not only by design clarity and a conscientious attitude towards the task in hand, but also by a delight in fine details. This design process is constantly informed by the dialogue that takes place on a daily basis between the various professional disciplines in all our specialized divisions – architecture, construction and project management, design, a.o. — and international offices. schneider+schumacher is headquartered in Frankfurt (GE), and has two branches in Vienna (AU) and Tianjin (CN). Some of schneider+schumacher’s most prominent projects include: Autobahn Church, Wilnsdorf, Germany Oil Harbour Bridge, Raunheim, Germany DOXX – Quayside Development at Mainz Customs Port, Mainz, Germany Städel Museum Extension, Frankfurt, Germany Siegerland Motorway Church, Wilnsdorf, Wilnsdorf, Germany The following statistics helped schneider+schumacher achieve 14th place in the 30 Best Architecture Firms in Germany: A+Awards Winner 1 A+Awards Finalist 2 Featured Projects 5 Total Projects 12 13. ingenhoven associates © ingenhoven associates Celebrating 40 years of excellence since 1985, the studio is pioneer in sustainable architecture, designing and delivering projects of all sizes and typologies across nearly every region of the world, adhering to the highest green building standards, including LEED, Green Star, Minergie, BREEAM, DGNB and CASBEE. With a tailored approach to each location, the multinational, interdisciplinary team creates nuanced architectural solutions with added value and positive social impact. Some of ingenhoven associates’ most prominent projects include: Düsseldorfer Schauspielhaus, Düsseldorf, Germany Freiburg Town Hall, Freiburg, Germany Kö-Bogen 2, Düsseldorf, Germany Marina One, Singapore, Singapore Daniel Swarovski Corporation, Männedorf, Switzerland The following statistics helped ingenhoven associates achieve 13th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 2 Featured Projects 5 Total Projects 28 12. gmp · Architects von Gerkan, Marg und Partner © HG Esch Photography The architects von Gerkan, Marg and Partners (gmp) are an architectural practice that was founded in Hamburg and has branches worldwide. With our generalist approach and more than 50 years of experience, we complete projects in dialogue with our clients and the participating planning disciplines, at all scales and cultural contexts, covering all design phases and working on all continents. The range of our projects extends from family residences to high-rise buildings, from stadiums to concert halls, from office buildings to bridges, and from door hardware to urban planning. With holistic sustainability in mind, we aim to create new and refurbished architecture that is long-lasting and goes beyond temporary fashions, taking into account the global challenges and issues of urbanization, digitalization, and mobility. Some of gmp · Architects von Gerkan, Marg und Partner’s most prominent projects include: Guna Villa, Jūrmala, Latvia Universiade 2011 Sports Center, Shenzhen, China Olympic Stadium, Kiev, Ukraine, Kyiv, Ukraine Olympic Stadium, Berlin, Germany Twin Towers, Commodity Exchange Plaza, Dalian, China The following statistics helped gmp · Architects von Gerkan, Marg und Partner achieve 12th place in the 30 Best Architecture Firms in Germany: Featured Projects 8 Total Projects 36 11. kadawittfeldarchitektur © kadawittfeldarchitektur We are kadawittfeldarchitektur. Originally founded in Aachen in 1999, we today stand for more than just architectural design. The interdisciplinary approach of our work, linking architecture, interior and product design on the one hand and at the interface of town planning and urban projects on the other hand, reflects the full range of our creative output. kadawittfeldarchitektur develops added value space. In a team of more than 170 persons, we create architecture with added value space for living, communication and work environments. In the way we deal with volumes, materials, structures and functions, we strive to integrate our schemes into their surroundings with the objective of creating contemporary and sustainable architecture and meeting the needs of both the users and the general public. Some of kadawittfeldarchitektur’s most prominent projects include: CELTIC MUSEUM, Glauburg, Germany ADIDAS LACES, Herzogenaurach, Germany SPZ, HALLEIN, Hallein, Austria SENIOR CITIZENS RESIDENCE ALTENMARKT, Altenmarkt im Pongau, Austria SALZBURG CENTRAL STATION, Salzburg, Austria The following statistics helped kadawittfeldarchitektur achieve 11th place in the 30 Best Architecture Firms in Germany: Featured Projects 8 Total Projects 32 10. GRAFT © GRAFT What is graft? The English word ‘graft’ provokes a variety of meanings and multiple readings. It stands for transplants in the field of medicine, for cheating, but also for hard work.  In the terminology of botany, grafting is described as the addition of one shoot onto a genetically different host. Some of GRAFT’s most prominent projects include: Ice Stadion “Arena Schierke”, Wernigerode, Germany Show Palace Munich, Munich, Germany Autostadt Roof and Service Pavilion, Wolfsburg, Germany Eiswerk, Berlin, Germany Villa M , Berlin, Germany The following statistics helped GRAFT achieve 10th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 2 Featured Projects 7 Total Projects 17 9. HENN © HENN HENN is an international architecture studio with over 75 years of experience in designing innovative work environments across office, science, healthcare, industry, education, and culture. An interdisciplinary team of 400 professionals works from offices in Munich, Berlin, Frankfurt am Main, and Shanghai. The design process is collaborative and driven by curiosity. HENN draws from the rich expertise of three generations and a global network of partners. All three generations share a common mindset: openness and curiosity. This spirit drives the studio to continuously question and redefine architectural typologies. HENN was founded in 1947 by Walter Henn in Dresden. Early on, he specialized in industrial buildings and played a key role in establishing the Braunschweig School through his academic work. Some of HENN’s most prominent projects include: Porsche Pavilion, Wolfsburg, Germany Zalando Headquarters Berlin, Berlin, Germany Bugatti Atelier, Molsheim, France MobileLife Campus, Wolfsburg, Germany The CUBE, Dresden, Germany The following statistics helped HENN achieve 9th place in the 30 Best Architecture Firms in Germany: A+Awards Winner 2 A+Awards Finalist 2 Featured Projects 6 Total Projects 30 8. Auer Weber © Aldo Amoretti Photography Founded in 1980, we are an internationally active architectural firm with offices in Stuttgart and Munich. We employ around 150 people from 20 countries and work on projects of various sizes and tasks from initial design through to completion. Each year, we create entries for between 30 and 40 competitions in our two offices, from which we generate a large proportion of our orders. These range from buildings for the community to educational and administrative buildings, sports and leisure facilities and large infrastructure projects. The diversity of our architecture is the result of in-depth study of the building tasks and where these tasks originate. Some of Auer Weber’s most prominent projects include: Aquatic Centre “Aquamotion” Courchevel , Saint-Bon-Tarentaise, France Arena du Pays d’Aix, Aix-en-Provence, France Extension of the District Office in Starnberg, Starnberg, Germany ESO Headquarters Extension, Garching, Germany Olympic Aquatics Stadium, Route de Torcy, France The following statistics helped Auer Weber achieve 8th place in the 30 Best Architecture Firms in Germany: A+Awards Winner 2 A+Awards Finalist 1 Featured Projects 9 Total Projects 24 7. Peter Ruge Architekten © Peter Ruge Architekten GmbH Identity+Sustainability=Architecture Peter Ruge Architekten is a locally and internationally active planning office based in Berlin. Our mission is simple: to develop and build sustainable architecture of the future. The agenda of the team along with three partners Peter Ruge, Kayoko Uchiyama and Matthias Matschewski includes new buildings, optimization of existing properties and urban planning designs. The projects are holistic, i.e. adapted to the climate, culture and needs of the users, and have received numerous awards and certifications. Our detailed understanding of sustainable design processes supports the decisions of our clients. In education field, Prof. Ruge shares our knowledge with a global design community at DIA, Anhalt University of Applied Sciences in Dessau, Shenyang Jianzhu University in China and Kyoto Seika University in Japan. Some of Peter Ruge Architekten’s most prominent projects include: Busan Opera House, South Korea, Busan, South Korea Congress Center Hangzhou, Hangzhou, China House O, Germany, Potsdam-Mittelmark, Germany LTD_1 Hamburg, Germany, Hamburg, Germany Muzeum Lotnictwa Krakow, Poland The following statistics helped Peter Ruge Architekten achieve 7th place in the 30 Best Architecture Firms in Germany: Featured Projects 12 Total Projects 18 6. HPP Architects © Christa Lachenmaier Photography HPP Architects is one of Europe’s leading architectural partnerships with a full range of architectural and master planning services. Since its foundation by Professor Hentrich, the 4th generation of HPP partnership today includes a global team of more than 25 nationalities and 480 architects, engineers, urban designers and specialists. Today it comprises 13 offices including 8 regional offices in Germany and 5 international branches in Turkey, China and Netherlands. HPP Architects’ headquarter is located in the Düsseldorf Media Harbor, further offices are located in Amsterdam, Beijing, Berlin, Cologne, Frankfurt, Hamburg, Istanbul, Leipzig, Munich, Shanghai, Shenzhen and Stuttgart. HPP completed more than 1200 buildings worldwide and aspires to create architectural quality of lasting value beyond the here and now: timeless and yet clearly part of their time, innovative and equally grounded in history. Some of HPP Architects’s most prominent projects include: LVM 5 , Münster, Germany Medical Library Oasis (O.A.S.E.), Düsseldorf, Germany Hochschule Ruhr West, Mülheim, Germany Henkel Asia-Pacific and China Headquarters, Shanghai, China Dreischeibenhaus, Düsseldorf, Germany The following statistics helped HPP Architects achieve 6th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 3 Featured Projects 12 Total Projects 25 5. Behnisch Architekten © David Matthiessen The Stuttgart-based practice known today as Behnisch Architekten was founded in 1989 under the leadership of Stefan Behnisch. Originally established as a branch office of Günter Behnisch’s practice Behnisch & Partner, it became independent in 1991 and has subsequently developed into an international practice with offices in Stuttgart, Munich, Los Angeles/California (1999 – 2011), and Boston. These offices are directed by Stefan Behnisch and his partners in varying combinations. The Partners are Robert Hösle, Robert Matthew Noblett and Stefan Rappold. Stefan Behnisch is involved in all three offices. From the outset, the social dimension of architecture has been a fundamental aspect of the firm’s design philosophy. Some of Behnisch Architekten’s most prominent projects include: SC Workplaces, California City of Santa Monica Public Parking Structure #6, Santa Monica, California Primary School Infanteriestrasse, München, Germany Harvard University Science and Engineering Complex, Boston, Massachusetts John and Frances Angelos Law Center, University of Baltimore, Baltimore, Maryland The following statistics helped Behnisch Architekten achieve 5th place in the 30 Best Architecture Firms in Germany: A+Awards Finalist 9 Featured Projects 8 Total Projects 24 4. wulf architekten © Tobias Vollmer wulf architekten emerged from the architecture practice established 1987 in Stuttgart by Tobias Wulf. Currently the office is managed by Tobias Wulf, Jan-Michael Kallfaß, Ingmar Menzer and Steffen Vogt. From 1996 to 2018, Kai Bierich and Alexander Vohl were partners of Tobias Wulf at wulf architekten. Currently, the company has about 140 employees, nine of them being senior architects. With three office locations – Stuttgart, Berlin and Basel (CH) – wulf architekten is also working on projects abroad. Some of wulf architekten’s most prominent projects include: Parking Garage Facade P22a at the Cologne Exhibition Centre, Cologne, Germany Four primary schools in modular design, Munich, Germany School Center North, Stuttgart, Germany Canteen and Media Center for North vocational school center, Darmstadt, Germany Chamber of Industry and Commerce, headquarters, Stuttgart, Germany The following statistics helped wulf architekten achieve 4th place in the 30 Best Architecture Firms in Germany: A+Awards Winner 1 A+Awards Finalist 1 Featured Projects 11 Total Projects 18 3. TCHOBAN VOSS Architekten © TCHOBAN VOSS Architekten GmbH TCHOBAN VOSS Architekten design, plan and build for national and international clients in the public and private sectors. The company, with offices in Hamburg, Berlin and Dresden, is named after Sergei Tchoban, architect BDA, and his partner Ekkehard Voss, architect BDA (1963-2024). With over 150 highly qualified, interdisciplinary employees and many years of experience, it offers architecturally and functionally sustainable solutions for a wide range of building projects in Germany and abroad. TCHOBAN VOSS Architekten is member of the Association of German Architects (BDA), the Chambers of Architects in Hamburg, Berlin and Saxony, the Förderverein Bundesstiftung Baukultur e.V. as well as of the European Architects Network (EAN). Some of TCHOBAN VOSS Architekten’s most prominent projects include: EDGE Suedkreuz Berlin, Berlin, Germany SKF Test Centre for large-scale bearings, Schweinfurt, Germany Seestraße, Berlin, Berlin, Germany Koenigstadt-Quartier, Berlin, Germany EMBASSY – Living alongside Koellnischer Park, Berlin, Berlin, Germany The following statistics helped TCHOBAN VOSS Architekten achieve 3rd place in the 30 Best Architecture Firms in Germany: A+Awards Winner 1 A+Awards Finalist 6 Featured Projects 12 Total Projects 29 2. Barkow Leibinger © Barkow Leibinger The scope of Barkow Leibinger’s work spans from cultural projects to industrial ones. Their focus on industrial architecture includes master planning and building representational and functional buildings for production, logistical and office spaces. Some of Barkow Leibinger’s most prominent projects include: Production Hall Trumpf, Hettingen, Germany Stadthaus M1 – Green City Hotel, Freiburg, Germany Harvard ArtLab, Boston, Massachusetts Production Hall, Grüsch, Switzerland Fraunhofer Research Campus, Waischenfeld, Germany The following statistics helped Barkow Leibinger achieve 2nd place in the 30 Best Architecture Firms in Germany: Featured Projects 12 Total Projects 17 1. J.MAYER.H © J.MAYER.H J. MAYER H’s studio, focuses on works at the intersection of architecture, communication and new technology. From urban planning schemes and buildings to installation work and objects with new materials, the relationship between the human body, technology and nature form the background for a new production of space. Some of J.MAYER.H’s most prominent projects include: MIAMI MUSEUM GARAGE, Miami, Florida n.n. Residence, Moscow, Russia Hasselt Court House , Hasselt, Belgium Highway Rest Stops, Tbilisi, Georgia Rest Stops, Gori, Georgia Featured image: Tram Stops, Kehl, Germany The following statistics helped J.MAYER.H achieve 1st place in the 30 Best Architecture Firms in Germany: A+Awards Winner 5 A+Awards Finalist 3 Featured Projects 19 Total Projects 30 Why Should I Trust Architizer’s Ranking? With more than 30,000 architecture firms and over 130,000 projects within its database, Architizer is proud to host the world’s largest online community of architects and building product manufacturers. Its celebrated A+Awards program is also the largest celebration of architecture and building products, with more than 400 jurors and hundreds of thousands of public votes helping to recognize the world’s best architecture each year. Architizer also powers firm directories for a number of AIA (American Institute of Architects) Chapters nationwide, including the official directory of architecture firms for AIA New York. An example of a project page on Architizer with Project Award Badges highlighted A Guide to Project Awards The blue “+” badge denotes that a project has won a prestigious A+Award as described above. Hovering over the badge reveals details of the award, including award category, year, and whether the project won the jury or popular choice award. The orange Project of the Day and yellow Featured Project badges are awarded by Architizer’s Editorial team, and are selected based on a number of factors. The following factors increase a project’s likelihood of being featured or awarded Project of the Day status: Project completed within the last 3 years A well written, concise project description of at least 3 paragraphs Architectural design with a high level of both functional and aesthetic value High quality, in focus photographs At least 8 photographs of both the interior and exterior of the building Inclusion of architectural drawings and renderings Inclusion of construction photographs There are 7 Projects of the Day each week and a further 31 Featured Projects. Each Project of the Day is published on Facebook, Twitter and Instagram Stories, while each Featured Project is published on Facebook. Each Project of the Day also features in Architizer’s Weekly Projects Newsletter and shared with 170,000 subscribers.     We’re constantly look for the world’s best architects to join our community. If you would like to understand more about this ranking list and learn how your firm can achieve a presence on it, please don’t hesitate to reach out to us at editorial@architizer.com. The post 30 Best Architecture and Design Firms in Germany appeared first on Journal.

While updating, upgrading, and reimagining your home can transform it into your dream home, the logistics involved can be daunting, even if you have a general contractor managing the project for you. One of the biggest challenges is setting your budget—unless you have an unlimited budget (lucky you!), determining what a home renovation will involve based on what you can afford is a key aspect of your plan.It’s also one of the most confusing. When budgeting reality bumps up against your dream home fantasy, figuring out what to remove from the project can be difficult because of the emotional aspects involved—everything can seem equally necessary when you’re imagining your future life in the home. In order to pare things down in a coherent and rational way, take a page from business school experts and use the time-tested MoSCoW Method.What is the MoSCoW method?The MoSCoW method was innovated by software developer Dai Clegg in the 1990s as a way to prioritize components of a project in order to stay on schedule and within budget. Although it was initially envisioned as a software development tool (and more widely as a tool for managing business projects in general), it’s malleable enough that it can be ideal for varied circumstances—including getting control of a home renovation project.The method involves breaking all the aspects of your project into four buckets, represented by the letters M, S, C, and W (the Os are just there to make the name more readable). The categories are:Must-haves. These are aspects of the project that are non-negotiable and mandatory.Should-haves. These are parts of the project that aren’t absolutely necessary, but are relatively important.Could-haves. These are smaller details that can easily be removed from the project or added in later if budget allows.Won’t haves. These are aspects of the project that aren’t under consideration at all.The simplicity of the MoSCoW method is its main strength—it’s easy to whip your home reno budget into shape in a short time by plopping everything into the relevant bucket.Using MoSCoW to plan a home renovation projectWhen you’re planning out your home renovation, start dropping each aspect into a bucket as you go:Things that absolutely have to be done are Must Haves. For example, if part of your renovation is replacing a leaking roof, that’s a Must Have—you have no choice, so that cost is baked into your budget from the get-go.Major components of the project that aren’t absolutely necessary fall into the Should Have bucket. If your old hardwood floors are worn but serviceable, replacing them is a big part of what you want to get out of the renovation—but you could leave them in place, or try to refinish them instead of replacing them. These would be the last parts of your project that you remove or downgrade.Grace notes and luxuries go into the Could Have bucket and held there pending how the budget plays out. For example, maybe you’d like your new flooring to have radiant heating. That’s nice, but not an absolute necessity. If money opens up later in the planning, you can toss it in.Finally, there’s the Won’t Have bucket. This might seem like an unnecessary step, since anything not already sorted into a bucket could be considered a Won’t Have. But the exercise of specifically labeling it as a Won’t Have is useful because it brings clarity to your priorities. If you find more budget later, you’ve already prioritized the Could Haves as more deserving of rescue. Won’t Haves aren’t necessarily things you’ll never do—they’re just things you’re not doing now. For example, maybe your HVAC system is a little old and you’re thinking it will need to be replaced in the next few years—but not at this moment, because you’re spending your money on all these other projects. So you put that into the Won’t Have bucket because you know you’ll be returning to it in the future.Once you’ve done an initial categorization of your home renovation, you can start crunching numbers to see if changes are necessary or desired. Maybe you decide, on reflection, that a Should Have is really a Must Have, or vice versa. And if your budget can’t deliver on every priority, you can shift some things into the Could Have bucket and hold them in reserve for the future.Any successful home renovation is as much about planning and prioritization as it is about budget and schedule management, and the MoSCoW Method can help ensure your project is on track before anyone touches a power tool.

Start SlideshowStart SlideshowImage: Nintendo / Kotaku / Jake Randall / Burndumb, Nintendo / Kotaku, Fox / Disney / Kotaku, Sandfall Interactive, Nintendo / Kotaku, Arrowhead Game Studios / Kotaku, Screenshot: Подкаст «Пóпы и культура» / YouTube / Switch 2, a2dubai / YouTube / KotakuFrom mergers to memes, the landscape of interactive entertainment is always in motion. Here’s your cheat sheet for the week’s most important stories in gaming.Previous SlideNext SlideList slidesTarget Leaves Dozens Of Switch 2 Consoles Locked In A Cage On The Store FloorNintendo’s next big console, the Switch 2, is set to arrive on store shelves in just 10 days. So it’s not surprising to see photos showing dozens of Switch 2 consoles sitting in store warehouses and back areas. However, I wasn’t expecting a bunch of Switch 2 consoles to be sitting in a metal cage in the middle of a Target already. - Zack Zwiezen Read MorePrevious SlideNext SlideList slidesSwitch 2 Leaker Explains How He Got The Console Early And Why He's Not Afraid Of NintendoImage: Nintendo / KotakuIt was the middle of the night when Fedor Volkov found himself anxiously waiting on the streets of Moscow for a ride back home. In his arms he held a Switch 2 box and nestled within was the console fans had been waiting years to get their hands on, but which still didn’t officially go on sale for more than a week. He was too nervous and excited to remember to bring something to hide it in. - Ethan Gach Read MorePrevious SlideNext SlideList slidesSomeone Take Away Randy Pitchford's PhoneImage: Fox / Disney / KotakuSometimes you just gotta walk away. And this might be one of those times. Earlier this month, Gearbox co-founder and CEO Randy Pitchford replied to someone on social media about the studio’s next game, Borderlands 4, possibly receiving an $80 price tag. He said it wasn’t his call and then infamously added, “If you’re a real fan, you’ll find a way to make it happen.” This didn’t go over well with people online. A few days later, on May 22, he said he didn’t intend to sound like an asshole. - Zack Zwiezen Read MorePrevious SlideNext SlideList slidesSwitch 2 Startup And Menu Settings Appear Online As Early Player Shows Off Console In 'Code Red' Leak For NintendoScreenshot: Подкаст «Пóпы и культура» / YouTube / Switch 2The Switch 2 is just days away from its official June 5 launch, but already footage is beginning to spread online of people going hands-on with Nintendo’s next console. One fan based in Russia recently uploaded a nearly 10-minute video that includes the Switch 2's startup sequence and a tour through its menu settings. “Respects to this man for sacrificing his life to unbox the console a week before launch,” reads the top comment on YouTube. - Ethan Gach Read MorePrevious SlideNext SlideList slidesClair Obscur: Expedition 33 Publisher Says Fans Would Never Guess The Hit RPG's Budget: 'I'm Sure Mirror's Edge And Vanquish Cost More'Image: Sandfall InteractiveClair Obscur: Expedition 33 is one of the top-rated games of the year and has sold over 3.3 million copies. And it did it all with a very small budget, according to publisher Kelpler Interactive. How small? Portfolio director Matthew Handrahan isn’t saying, but he thinks everyone’s guesses are probably wrong. - Ethan Gach Read MorePrevious SlideNext SlideList slidesOnly One First-Party Nintendo Game Won't Work On Switch 2Image: Nintendo / KotakuThe Nintendo Switch 2 will be able to play most original Switch games without any issues when it launches on June 5. According to an update from Nintendo, most big games and all first-party titles (with one tiny exception) will work on Switch 2, though you might need an update or an old Joy-Con. - Zack Zwiezen Read MorePrevious SlideNext SlideList slidesHelldivers 2 Players Are Pulling Off Incredible Feats In A Last-Ditch Effort To Save Super EarthImage: Arrowhead Game Studios / KotakuHelldivers 2's Galactic War has come to Super Earth and it’s going very, very badly. Players have lost every major city on the planet save for two, but are making a triumphant last stand against the Illuminate as fans from across the real world band together to hold the line. - Ethan Gach Read MorePrevious SlideNext SlideList slidesSomeone's Unboxing A Switch 2 But Claims It Needs A Day-One Patch To WorkScreenshot: a2dubai / YouTube / KotakuSwitch 2 hardware appears to be officially out in the wild, but it doesn’t sound like anyone will be able to play the console early. A day-one patch is needed for it to fully work, according to someone who uploaded a brief unboxing video of the new Nintendo console to YouTube. - Ethan Gach Read MorePrevious SlideNext SlideList slidesGameStop Doubles Down On Crypto With Massive Bitcoin Purchase As Stores CloseGameStop Doubles Down On Crypto With Massive Bitcoin Purchase As Stores Close Share SubtitlesOffEnglishThe company continues its pivot away from selling games and toward doing anything else to stay afloatPrevious SlideNext SlideList slidesPlayStation’s Days of Play Brings Bomb Rush Cyberfunk, NBA 2K25 & More To PS PlusPlayStation’s Days of Play Brings Bomb Rush Cyberfunk, NBA 2K25 & More To PS Plus Share SubtitlesOffEnglishBomb Rush Cyberfunk is hitting PS Plus alongside NBA 2K25 and a Destiny 2 takeover in June

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

"In the 1970s, the USSR used nuclear devices to try to send water from Siberia's rivers flowing south, instead of its natural route north..." remembers the BBC. [T]he Soviet Union simultaneously fired three nuclear devices buried 127m (417ft) underground. The yield of each device was 15 kilotonnes (about the same as the atomic bomb dropped on Hiroshima in 1945). The experiment, codenamed "Taiga", was part of a two-decade long Soviet programme of carrying out peaceful nuclear explosions (PNEs). In this case, the blasts were supposed to help excavate a massive canal to connect the basin of the Pechora River with that of the Kama, a tributary of the Volga. Such a link would have allowed Soviet scientists to siphon off some of the water destined for the Pechora, and send it southward through the Volga. It would have diverted a significant flow of water destined for the Arctic Ocean to go instead to the hot, heavily populated regions of Central Asia and southern Russia. This was just one of a planned series of gargantuan "river reversals" that were designed to alter the direction of Russia's great Eurasian waterways... Years later, Leonid Volkov, a scientist involved in preparing the Taiga explosions, recalled the moment of detonation. "The final countdown began: ...3, 2, 1, 0... then fountains of soil and water shot upward," he wrote. "It was an impressive sight." Despite Soviet efforts to minimise the fallout by using a low-fission explosive, which produce fewer atomic fragments, the blasts were detected as far away as the United States and Sweden, whose governments lodged formal complaints, accusing Moscow of violating the Limited Test Ban Treaty... Ultimately, the nuclear explosions that created Nuclear Lake, one of the few physical traces left of river reversal, were deemed a failure because the crater was not big enough. Although similar PNE canal excavation tests were planned, they were never carried out. In 2024, the leader of a scientific expedition to the lake announced radiation levels were normal. "Perhaps the final nail in the coffin was the Chernobyl nuclear disaster in 1986, which not only consumed a huge amount of money, but pushed environmental concerns up the political agenda," the article notes. "Four months after the Number Four Reactor at the Chernobyl Nuclear Power Plant exploded, Soviet Premier Mikhail Gorbachev cancelled the river reversal project." And a Russian blogger who travelled to Nuclear Lake in the summer of 2024 told the BBC that nearly 50 years later, there were some places where the radiation was still significantly elevated. Read more of this story at Slashdot.

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least $50 million in damages. Two of the defendants, Aleksandr Stepanov (aka JimmBee), 39, and Artem Aleksandrovich Kalinkin (aka Onix), 34, both from Novosibirsk, Russia, are currently at large. Stepanov has been charged with conspiracy, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication. Kalinkin has been charged with conspiracy to gain unauthorized access to a computer to obtain information, to gain unauthorized access to a computer to defraud, and to commit unauthorized impairment of a protected computer. The unsealed criminal complaint and indictment show that many of the defendants, counting Kalinkin, exposed their real-life identities after accidentally infecting their own systems with the malware. "In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the complaint [PDF] read. "In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." "The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on the DanaBot servers, including data that helped identify members of the DanaBot organization." If convicted, Kalinkin is expected to face a statutory maximum sentence of 72 years in federal prison. Stepanov would face a jail term of five years. Concurrent with the action, the law enforcement effort, carried out as part of Operation Endgame, saw DanaBot's command-and-control (C2) servers seized, including dozens of virtual servers hosted in the United States. "DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks," the DoJ said. "Victim computers infected with DanaBot malware became part of a botnet (a network of compromised computers), enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner." DanaBot, like the recently dismantled Lumma Stealer malware, operates under a malware-as-a-service (MaaS) scheme, with the administrators leasing out access starting from $500 to "several thousand dollars" a month. Tracked under the monikers Scully Spider and Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a delivery vector for next-stage payloads, such as ransomware. The Delphi-based modular malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information, user browsing histories, stored account credentials, and virtual currency wallet information. It can also provide full remote access, log keystrokes, and capture videos. It's been active in the wild since its debut in May 2018, when it started off as a banking trojan. Example of typical Danabot infrastructure "DanaBot initially targeted victims in Ukraine, Poland, Italy, Germany, Austria, and Australia prior to expanding its targeting posture to include U.S.- and Canada-based financial institutions in October 2018," CrowdStrike said. "The malware's popularity grew due to its early modular development supporting Zeus-based web injects, information stealer capabilities, keystroke logging, screen recording, and hidden virtual network computing (HVNC) functionality." According to Black Lotus Labs and Team Cymru, DanaBot employs a layered communications infrastructure between a victim and the botnet controllers, wherein the C2 traffic is proxied through two or three server tiers before it reaches the final level. At least five to six tier-2 servers were active at any given time. A majority of DanaBot victims are concentrated around Brazil, Mexico, and the United States. "The operators have shown their commitment to their craft, adapted to detection and changes in enterprise defense, and with later iterations, insulating the C2s in tiers to obfuscate tracking," the companies said. "Throughout this time, they have made the bot more user-friendly with structured pricing and customer support." High-level diagram of multi-tiered C2 architecture The DoJ said DanaBot administrators operated a second version of the botnet that was specially designed to target victim computers in military, diplomatic, government, and related entities in North America and Europe. This variant, emerging in January 2021, came fitted with capabilities to record all interactions happening on a victim device and send the data to a different server. "Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses," said United States Attorney Bill Essayli for the Central District of California. The DoJ further credited several private sector firms, Amazon, CrowdStrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team Cymru, and Zscaler, for providing "valuable assistance." Some of the noteworthy aspects of DanaBot, compiled from various reports, are below - DanaBot's sub-botnet 5 received commands to download a Delphi-based executable leveraged to conduct HTTP-based distributed denial-of-service (DDoS) attacks against the Ukrainian Ministry of Defence (MOD) webmail server and the National Security and Defense Council (NSDC) of Ukraine in March 2022, shortly after Russia's invasion of the country Two DanaBot sub-botnets, 24 and 25, were specifically used for espionage purposes likely with an aim to further intelligence-gathering activities on behalf of Russian government interests DanaBot operators have periodically restructured their offering since 2022 to focus on defense evasion, with at least 85 distinct build numbers identified to date (The most recent version is 4006, which was compiled in March 2025) The malware's infrastructure consists of multiple components: A "bot" that infects target systems and performs data collection, an "OnlineServer" that manages the RAT functionalities, a "client" for processing collected logs and bot management, and a "server" that handles bot generation, packing, and C2 communication DanaBot has been used in targeted espionage attacks against government officials in the Middle East and Eastern Europe The authors of DanaBot operate as a single group, offering the malware for rent to potential affiliates, who subsequently use it for their own malicious purposes by establishing and managing their own botnets using private servers DanaBot's developers have partnered with the authors of several malware cryptors and loaders, such as Matanbuchus, and offered special pricing for distribution bundles DanaBot maintained an average of 150 active tier-1 C2 servers per day, with approximately 1,000 daily victims across more than 40 countries, making it one of the largest MaaS platforms active in 2025 Proofpoint, which first identified and named DanaBot in May 2018, said the disruption of the MaaS operation is a win for defenders and that it will have an impact on the cybercriminal threat landscape. "Cybercriminal disruptions and law enforcement actions not only impair malware functionality and use but also impose a cost to threat actors by forcing them to change their tactics, cause mistrust in the criminal ecosystem, and potentially make criminals think about finding a different career," Selena Larson, a staff threat researcher at Proofpoint, said. "These successes against cyber criminals only come about when business IT teams and security service providers share much-needed insight into the biggest threats to society, affecting the greatest number of people around the world, which law enforcement can use to track down the servers, infrastructure, and criminal organizations behind the attacks. Private and public sector collaboration is crucial to knowing how actors operate and taking action against them." DanaBot's features as promoted on its support site DoJ Unseals Charges Against QakBot Leader The development comes as the DoJ unsealed charges against a 48-year-old Moscow resident, Rustam Rafailevich Gallyamo, for leading efforts to develop and maintain the QakBot malware, which was disrupted in a multinational operation in August 2023. The agency also filed a civil forfeiture complaint against over $24 million in cryptocurrency seized from Gallyamov over the course of the investigation. "Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008," the DoJ said. "From 2019 onward, Gallyamov allegedly used the Qakbot malware to infect thousands of victim computers around the world in order to establish a network, or 'botnet,' of infected computers." The DoJ revealed that, following the takedown, Gallyamov and his co-conspirators continued their criminal activities by switching to other tactics like "spam bomb" attacks in order to gain unauthorized access to victim networks and deploy ransomware families like Black Basta and CACTUS. Court documents accuse the e-crime group of engaging in these methods as recently as January 2025. "Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally," said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field Office. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Uzzy Gabe’s little helper Member Oct 25, 2017 34,452 Hull, UK More info will be shown on the Warhammer Skulls stream in a moment I'm sure.  Granjinhaa Member Dec 28, 2023 9,642 fuck yes   Count of Monte Sawed-Off Member Oct 27, 2017 5,055 Day 1   Glio Member Oct 27, 2017 27,788 Spain They sold it to me with that Kroot on the thumbnail.   Jubilant Duck Member Oct 21, 2022 9,238 yooooo   Rise2Ragnarok Member Oct 28, 2017 234 Excited for this, I had a pretty fun time with Rogue Trader. Hopefully this is even better then that sort of like how Wrath of the Righteous was better then Kingmaker IMO   hydruxo ▲ Legend ▲ Member Oct 25, 2017 22,729   Burt Fight Sephiroth or end video games Member Oct 28, 2017 9,644 ... still haven't put more than an hour into Rogue Trader...   Saucycarpdog Member Oct 25, 2017 20,315 Might even have full voice acting going by their previous comments   Zebesian-X Member Dec 3, 2018 25,350 fuck man it feels like rogue trader just dropped, I gotta get to that   Glio Member Oct 27, 2017 27,788 Spain Saucycarpdog said: Might even have full voice acting going by their previous comments Click to expand... Click to shrink... Confirmed on the Steam page.   Skittles Member Oct 25, 2017 9,603 Will they put minorities in this one?   SilkySm00th Member Oct 31, 2017 5,188 more inquisition eh? Call me when they make an Ork version of this game! (my SM friend will buy the shit outta this)  General Tso Member Jan 10, 2018 530 crazy how many releases the Warhammer franchise gets every year, very happy for people into these games   Marven Member Oct 25, 2017 708 Northeast Illinois Hell ya! Can't wait. I loved Rogue Trader.   Lord Vatek Avenger Jan 18, 2018 24,740 I hope the romance options here are more varied. Rogue Trader dropped the ball with availability and quality of the same-sex romances compared to Wrath of the Righteous imo.   OP OP Uzzy Gabe’s little helper Member Oct 25, 2017 34,452 Hull, UK Warhammer Skulls stream here.  JoeInky Member Oct 25, 2017 4,058 Doesn't Owlcat have Russian ties? I've been avoiding Rogue Trader and Space Marine 2 because I was under the impression that both developers had ties to Russia, but couldn't remember where I heard it from  Mudcrab Avenger Oct 26, 2017 3,958 Day one baby!   Glio Member Oct 27, 2017 27,788 Spain SilkySm00th said: more inquisition eh? Call me when they make an Ork version of this game! (my SM friend will buy the shit outta this) Click to expand... Click to shrink... Ironically, the Inquisition is one of three viable options for having a party with multiple alien species (Rogue Traders, Tau and the Inquisition).   Lord Vatek Avenger Jan 18, 2018 24,740 JoeInky said: Doesn't Owlcat have Russian ties? I've been avoiding Rogue Trader and Space Marine 2 because I was under the impression that both developers had ties to Russia, but couldn't remember where I heard it from Click to expand... Click to shrink... Owlcat is Russian, yes, but near as far as we can tell they've moved to Cyprus.   Mezoly Jimbo Replacement Member Oct 25, 2017 5,253 Oh we gonna be there. Owlcat games are great. Was worried they won't make a cRPG   GravaGravity Member Oct 27, 2017 4,727 "tough choices" look as far as I can tell the correct choice in everything warhammer is always "KILL EVERYTHING", so I find that hard to believe in a less glib fashion I've been looking forward to playing Rogue Trader once all the DLC and patches are out, if that hits I'll gladly get this as well   Dictator Digital Foundry Verified Oct 26, 2017 5,523 Berlin, 'SCHLAND Lord Vatek said: Owlcat is Russian, yes, but near as far as we can tell they've moved to Cyprus. Click to expand... Click to shrink... Chances are high there is a little Bit of something im Cyprus but actually all dev is in Russia   Gareth Member Oct 25, 2017 6,423 Norn Iron data Member Oct 25, 2017 5,355 Hell yea, looking forward to the inquisitor role   SilkySm00th Member Oct 31, 2017 5,188 Glio said: Ironically, the Inquisition is one of three viable options for having a party with multiple alien species (Rogue Traders, Tau and the Inquisition). Click to expand... Click to shrink... If they did a story with a heavy presence of FreeBootaz i would be there with bells on lol  Cheesetriangles Member Dec 5, 2017 2,504 Can't wait day one.   Aeana Member Oct 25, 2017 7,570 They're doing founder's packs just like Rogue Trader. https://darkheresy.owlcat.games/#founder   CognitiveAtrophy Member Oct 27, 2017 2,522 I love Owlcat, but I can't stand the 40K universe. Wake me up when they announce a new Pathfinder.   Strings Member Oct 27, 2017 34,533 Zebesian-X said: fuck man it feels like rogue trader just dropped, I gotta get to that Click to expand... Click to shrink... It was only a year and a half ago. Crazy fast for a new game announcement. EDIT: Looks like they announced the first about a year and a half before release. Three years is still such a fast turnaround these days.  Kemono ▲ Legend ▲ Member Oct 27, 2017 8,643 Loved rogue trader. Will be there day 1. But likely will wait for a loooooot of patches. Their games are fantastic but they need 6 months of patches.  xyla Member Oct 27, 2017 9,658 Germany So there's definitely Aliens in the party - no idea who the main guy in the trailer is. Owlcat makes good games, I hope they also have something in a fantasy setting cooking though.  Paroni Member Dec 17, 2020 4,809 Put the OG inquisitor in, you cowards.   xyla Member Oct 27, 2017 9,658 Germany Strings said: It was only a year and a half ago. Crazy fast for a new game announcement. Click to expand... Click to shrink... I bet it's gonna be early access for a year or so - they've had success with that on Rogue Trader too. And they've probably been smart when it comes to assets. They've build a lot for Rogue Trader, would be a waste, not to re-use them.  Cheesetriangles Member Dec 5, 2017 2,504 Please don't take the character that will most obviously be desired for romance and make them not romancable again.   Athrum Member Oct 18, 2019 1,827 Was hoping for Pathfinder 3, Wrath of the Righteous is an amazing game, but I'll bite. Rogue Trader was pretty cool (if buggy, really really buggy)   Glio Member Oct 27, 2017 27,788 Spain xyla said: So there's definitely Aliens in the party - no idea who the main guy in the trailer is. Click to expand... Click to shrink... Probably the inquisitor you work for.   Kalor Resettlement Advisor Member Oct 25, 2017 20,921 Been waiting for support to slow down for Rogue Trader before playing it and they've already announced the sequel.   Fawz Member Oct 28, 2017 3,975 Montreal Looks like a Standalone expansion to Rogue Trader, which I'm fine with as that's a good base to start from with lots of good points to expand towards. Not being shackled to the previous game for the base (namely Save file) likely gives them more freedom, as seen by new Races and the like   Count of Monte Sawed-Off Member Oct 27, 2017 5,055 Aeana said: They're doing founder's packs just like Rogue Trader. https://darkheresy.owlcat.games/#founder Click to expand... Click to shrink... Bought, plus the second season pass for Rogue Trader.  IAmFromSpace Member May 11, 2023 501 Rogue Trader was such a fantastic take on 40k, can't wait to see what they do.   OP OP Uzzy Gabe’s little helper Member Oct 25, 2017 34,452 Hull, UK Cheesetriangles said: Please don't take the character that will most obviously be desired for romance and make them not romancable again. Click to expand... Click to shrink... This is inevitable  Tovarisc Member Oct 25, 2017 25,810 FIN Can't recommend Vaults of Terra and Eisenhorn book series enough if looking to get Inquisition and Inquisitor vibe going. Athrum said: Was hoping for Pathfinder 3, Wrath of the Righteous is an amazing game, but I'll bite. Rogue Trader was pretty cool (if buggy, really really buggy) Click to expand... Click to shrink... Owlcat game being extremely buggy and beyond broken for a year after release is just how Owlcat rolls.  Cheesetriangles Member Dec 5, 2017 2,504 Uzzy said: This is inevitable Click to expand... Click to shrink... Someday I will get to kick the football.   LordGorchnik Member Oct 30, 2017 3,672 Day. Fucking. One. I still need to play past the first act of Rogue Trader. Been way too many good games lately.  7thFloor Member Oct 27, 2017 7,330 U.S. Damn I still haven't played Rogue Trader   Dakkon Member Oct 27, 2017 5,244 JoeInky said: Doesn't Owlcat have Russian ties? I've been avoiding Rogue Trader and Space Marine 2 because I was under the impression that both developers had ties to Russia, but couldn't remember where I heard it from Click to expand... Click to shrink... https://www.reddit.com/r/Pathfinder_Kingmaker/comments/ubmo1m/comment/i65mozh/ "Our headquarters had always been in Cyprus, with developers working from multiple countries. A lot of developers were located in Moscow until recently, but now many of us are relocating to Cyprus, Armenia and other places. If there was anything good in the pandemic, it is that it gave us a plenty of experience in coordinating and working on our projects online from multiple locations, so we can continue to create games for you guys." Click to expand... Click to shrink... So headquarters in Cyprus, they have a satellite office in Armenia, and most of them left Russia during the pandemic/Russian invasion of Ukraine it looks like. That said since the headquarters and thus operating country of the actual business is Cyprus, I'm pretty sure the Russian government doesn't directly get profits from the games or anything through taxation etc of the company.  Native_Vel Member Jun 5, 2022 2,041 Day one. Rogue Trader is fantastic but staying within the bounds of the Imperium will be exciting take.  Miracle Ache Member Oct 25, 2017 1,589 That's a shame. Rogue Trader was godawful. Wrath of the Righteous, on the other hand, was quite possibly the best CRPG ever made.