Tag

Apt28

All articles tagged with #apt28

cybersecurity1 year ago•7 min saved

Russian Spies Exploit Wi-Fi for Unprecedented Network Hopping Hack

Russian military hackers, part of the GRU, have developed a novel Wi-Fi hacking technique called a "nearest neighbor attack," allowing them to breach networks remotely without leaving Russian soil. This method involves hacking into a nearby network and using its devices to access the target network, as discovered by cybersecurity firm Volexity during a 2022 investigation in Washington, DC. The attack highlights the evolving threat of cyber espionage and the need for enhanced Wi-Fi security measures.

via WIRED|

#apt28 #cyber-espionage #cybersecurity

cyber-attack-credential-harvesting1 year ago•2 min saved

Russian Hackers Disrupted After Targeting Europe and Ukraine with Malware and Phishing

The Russian GRU-backed APT28 group, also known as BlueDelta, has been targeting European networks, particularly in Ukraine, with the HeadLace malware and credential-harvesting web pages. The campaigns, running from April to December 2023, utilized spear-phishing emails and sophisticated multi-stage infection sequences. BlueDelta's operations aimed to gather intelligence on military-related entities, employing various techniques including geofencing, legitimate internet services, and compromised Ubiquiti routers. The group's activities reflect a broader strategy to influence military tactics and regional policies amidst ongoing aggression against Ukraine.

via The Hacker News|

#apt28 #credential-harvesting #cyber-attack-credential-harvesting

cybersecurity1 year ago•2 min saved

"APT28 Hacker Group's Global Phishing Campaign Exposed"

APT28, a Russia-linked threat actor, has been conducting widespread phishing campaigns targeting organizations in Europe, the Americas, and Asia by using lure documents imitating government and non-governmental entities. The group, also known as ITG05, has been deploying various malware such as MASEPIE, OCEANMAP, and STEELHOOK to exfiltrate files, run arbitrary commands, and steal browser data. They have been leveraging security flaws in Microsoft Outlook and the "search-ms:" URI protocol handler in Microsoft Windows to trick victims into downloading malware. Additionally, they have been using compromised Ubiquiti routers to host their servers. The phishing attacks impersonate entities from multiple countries and utilize a mix of authentic publicly available government and non-government lure documents to activate the infection chains.

via The Hacker News|

#apt28 #cyber-attacks #cybersecurity

cybersecurity2 years ago•2 min saved

"Russian Cyberattacks Unleash OCEANMAP, MASEPIE, and STEELHOOK Malware on Ukraine"

The Ukrainian Computer Emergency Response Team (CERT-UA) has detected a new phishing campaign by the Russian APT28 group, targeting Ukrainian and Polish entities to distribute novel malware strains OCEANMAP, MASEPIE, and STEELHOOK. These malware tools are designed to steal sensitive information, with MASEPIE enabling file transfers and command execution, STEELHOOK extracting web browser data, and OCEANMAP acting as a backdoor for command execution. The campaign uses deceptive emails to initiate the infection, leveraging PowerShell and the IMAP protocol for control and persistence. This follows recent reports of APT28 exploiting a critical Outlook security flaw and using war-related lures for other cyberattacks.

via The Hacker News|

##apt28 #cyberattack

email-security-vulnerability2 years ago•3 min saved

Russian Hackers Exploit Critical Outlook Vulnerability, Microsoft Warns

Microsoft has warned of Kremlin-backed threat actor APT28, also known as Forest Blizzard, exploiting a critical security flaw in its Outlook email service. The vulnerability, CVE-2023-23397, allowed unauthorized access to victims' accounts within Exchange servers. The goal of the attacks is to gain unauthorized access to mailboxes belonging to public and private entities. The threat actor modifies folder permissions within the victim's mailbox, enabling them to extract valuable information from high-value targets. Microsoft has patched the vulnerability, but APT28 continues to refine its techniques and poses long-term challenges to attribution and tracking.

via The Hacker News|

#apt28 #email-security-vulnerability #kremlin-backed

cybersecurity2 years ago•2 min saved

Russian State Hackers Target Critical Networks in France and Europe with Webmail Exploits

The Russian APT28 hacking group, also known as Strontium or Fancy Bear, has been targeting critical networks in France since the second half of 2021. The group, believed to be part of Russia's military intelligence service GRU, has been using various techniques, including exploiting vulnerabilities in WinRAR and Microsoft Outlook, compromising peripheral devices, and utilizing legitimate cloud services for command and control infrastructure. The French National Agency for the Security of Information Systems (ANSSI) has published a report detailing the group's activities and recommends a comprehensive approach to security, with a focus on email security.

via BleepingComputer|

#apt28 #cyber-espionage #cybersecurity

cybersecurity2 years ago•2 min saved

Russian Hackers Conducting Phishing Attacks in Ukraine, Warns Google TAG.

Google's Threat Analysis Group (TAG) has warned of large-volume phishing campaigns aimed at hundreds of users in Ukraine by elite hackers associated with Russia's military intelligence service. The state-sponsored cyber actor, also tracked as APT28 and FROZENLAKE, has been active since at least 2009, targeting media, governments, and military entities for espionage. The latest intrusion set involved the use of reflected cross-site scripting (XSS) attacks in various Ukrainian government websites to redirect users to phishing domains and capture their credentials. Other threat actors of interest include FROZENBARENTS and PUSHCHA, both of which are known to act on behalf of Russian interests.

via The Hacker News|

#apt28 #cybersecurity #frozenlake

network-security-cyber-espionage2 years ago•2 min saved

"U.S. and U.K. Issue Warnings on Russian Hackers Targeting Infrastructure"

U.S. and U.K. intelligence agencies have warned of Russian hackers exploiting now-patched flaws in Cisco networking equipment to conduct reconnaissance and deploy malware against select targets. The activity has been attributed to APT28, which is affiliated with the Russian General Staff Main Intelligence Directorate (GRU). The threat actor weaponized the vulnerability to deploy a non-persistent malware dubbed Jaguar Tooth on Cisco routers that's capable of gathering device information and enabling unauthenticated backdoor access. The attacks are part of a broader campaign against aging networking appliances and software from a variety of vendors to "advance espionage objectives or pre-position for future destructive activity."

via The Hacker News|

#apt28 #cisco #cybersecurity

cybersecurity2 years ago•3 min saved

Western Infrastructure at Risk: US, UK, and Russia Warn of Government Hackers and Cyber Attacks.

APT28, a Russian state-sponsored hacking group, has been deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers to gain unauthenticated access to the device. The malware is injected directly into the memory of Cisco routers running older firmware versions and exfiltrates information from the router while providing backdoor access. The threat actors exploit the CVE-2017-6742 SNMP vulnerability to install the malware. Cisco recommends upgrading routers to the latest firmware, switching from SNMP to NETCONF/RESTCONF, and configuring allow and deny lists to restrict access to the SNMP interface.

via BleepingComputer|

#apt28 #cisco #cyber-espionage