Russian hackers have launched cyber attacks against Ukrainian government bodies

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a recent series of cyberattacks on various government entities in the country. The phishing campaign has been attributed to APT28, also known as Fancy Bear, which is a known associate of the Russian military intelligence agency, GRU.

The attackers are using fake Microsoft Outlook email accounts, created with the employees’ real names and initials, to impersonate system administrators of the targeted government entities. The email messages come with the subject line “Windows Update” and pretend to contain instructions in the Ukrainian language for running a PowerShell command under the pretext of security updates.

Once the script is activated, it loads and executes a new PowerShell script. The second script is designed to collect basic system information and exfiltrate the details via an HTTP request to a Mocky API. This systematic and sophisticated approach to cyber attacks is causing great concern among Ukrainian officials.

Previous ties to APT28

Three weeks before the CERT-UA warning, APT28 was linked to a series of attacks that exploited now-patched security flaws in networking equipment to carry out reconnaissance and deploy malware against specific targets. It comes as no surprise that they are now linked to this new highly targeted phishing campaign.

Exploiting the flaw in Microsoft Outlook

The Russian-based hacking crew has also been linked to the exploitation of a critical privilege escalation flaw in Microsoft Outlook (CVE-2023-23397, CVSS score: 9.8) in intrusions directed against the Ukrainian government, transportation, energy, and military sectors, among others, in Europe. The vulnerability allows an attacker to gain administrative privileges on the target’s system, giving them free rein to move laterally across the network.

Uncovering Multi-Stage Phishing Attack

Fortinet FortiGuard Labs has discovered a multi-stage phishing attack that uses a macro-laced Word document, seemingly from Ukraine’s Energoatom, to trick victims and then deliver the open-source Havoc post-exploitation framework. The framework is created to run arbitrary code and payloads, perform system commands, and upload or download files.

Established Relationship Between Russian Cybercriminal Threat Actors and Cybercriminal Organizations

There are growing concerns that Russian cybercriminal threat actors are now maintaining an established and systematic relationship with cybercriminal organizations, either through indirect collaboration or recruitment. It is unclear if there is any direct link between these groups, but the fact that they continue to operate with such impunity and success is worrying.

Safeguarding against cyber attacks

To safeguard against such highly sophisticated attacks, CERT-UA is recommending that organizations restrict users’ ability to run PowerShell scripts and monitor network connections to the Mocky API. It is also recommending that organizations be cautious when receiving emails from unknown senders and avoid clicking on links or downloading attachments unless they are sure the email is from a trusted source.

With the current cyber threat landscape and the increasing sophistication of cyber-attacks, organizations around the world need to be aware of the risks and threat actors out there. The latest campaign by APT28 targeting Ukrainian government entities highlights the need for heightened cybersecurity measures, and organizations need to take note of these recommendations to secure their operations against such malicious attacks.

Explore more

Ethereum Eyes $1,800 as Buterin Unveils Lean Roadmap

Digital asset markets often react violently to technical shifts, but the recent strategic pivot outlined by Vitalik Buterin has sparked a more calculated sense of optimism across the global decentralized finance ecosystem. The Ethereum network is currently navigating a pivotal transition phase where the complexity of past upgrades is being replaced by a streamlined vision designed to reduce hardware requirements

AI Transforms the Frontline Employee Lifecycle

High turnover in retail and manufacturing industries is often the direct result of systemic failure and fragmented technology rather than individual performance or a lack of motivation. In environments where every minute spent off the floor impacts the bottom line, a worker who cannot access their schedule or find a safety manual quickly becomes a significant flight risk. This phenomenon,

Can Your Android Device Run a Full Linux Desktop?

The modern smartphone possesses more raw computational power than the professional workstations that once powered global space exploration, yet its potential remains confined within a mobile interface. Android, while built on the robust Linux kernel, serves as a specialized environment that prioritizes touch interaction and energy efficiency over the versatile multitasking capabilities found in a traditional desktop setup. This inherent

Can Windows 11 Cloud Rebuild Replace Your Recovery USB?

The sudden failure of a primary operating system often triggers an immediate scramble for physical media, yet the necessity for a bootable USB drive is increasingly being challenged by sophisticated network-based solutions. For years, the gold standard for system recovery involved manual intervention with external hardware, which frequently contained outdated builds of Windows that required hours of patching after a

Can UiPath’s AI Strategy Bridge Its Massive Growth Gap?

The enterprise automation landscape has reached a critical juncture where the traditional efficiency gains of robotic process automation are no longer sufficient to satisfy investors who demand hyper-growth fueled by generative artificial intelligence. While UiPath built its empire on the promise of delegating repetitive tasks to software bots, the rapid emergence of agentic AI has forced a fundamental redesign of