Russian hackers have launched cyber attacks against Ukrainian government bodies

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a recent series of cyberattacks on various government entities in the country. The phishing campaign has been attributed to APT28, also known as Fancy Bear, which is a known associate of the Russian military intelligence agency, GRU.

The attackers are using fake Microsoft Outlook email accounts, created with the employees’ real names and initials, to impersonate system administrators of the targeted government entities. The email messages come with the subject line “Windows Update” and pretend to contain instructions in the Ukrainian language for running a PowerShell command under the pretext of security updates.

Once the script is activated, it loads and executes a new PowerShell script. The second script is designed to collect basic system information and exfiltrate the details via an HTTP request to a Mocky API. This systematic and sophisticated approach to cyber attacks is causing great concern among Ukrainian officials.

Previous ties to APT28

Three weeks before the CERT-UA warning, APT28 was linked to a series of attacks that exploited now-patched security flaws in networking equipment to carry out reconnaissance and deploy malware against specific targets. It comes as no surprise that they are now linked to this new highly targeted phishing campaign.

Exploiting the flaw in Microsoft Outlook

The Russian-based hacking crew has also been linked to the exploitation of a critical privilege escalation flaw in Microsoft Outlook (CVE-2023-23397, CVSS score: 9.8) in intrusions directed against the Ukrainian government, transportation, energy, and military sectors, among others, in Europe. The vulnerability allows an attacker to gain administrative privileges on the target’s system, giving them free rein to move laterally across the network.

Uncovering Multi-Stage Phishing Attack

Fortinet FortiGuard Labs has discovered a multi-stage phishing attack that uses a macro-laced Word document, seemingly from Ukraine’s Energoatom, to trick victims and then deliver the open-source Havoc post-exploitation framework. The framework is created to run arbitrary code and payloads, perform system commands, and upload or download files.

Established Relationship Between Russian Cybercriminal Threat Actors and Cybercriminal Organizations

There are growing concerns that Russian cybercriminal threat actors are now maintaining an established and systematic relationship with cybercriminal organizations, either through indirect collaboration or recruitment. It is unclear if there is any direct link between these groups, but the fact that they continue to operate with such impunity and success is worrying.

Safeguarding against cyber attacks

To safeguard against such highly sophisticated attacks, CERT-UA is recommending that organizations restrict users’ ability to run PowerShell scripts and monitor network connections to the Mocky API. It is also recommending that organizations be cautious when receiving emails from unknown senders and avoid clicking on links or downloading attachments unless they are sure the email is from a trusted source.

With the current cyber threat landscape and the increasing sophistication of cyber-attacks, organizations around the world need to be aware of the risks and threat actors out there. The latest campaign by APT28 targeting Ukrainian government entities highlights the need for heightened cybersecurity measures, and organizations need to take note of these recommendations to secure their operations against such malicious attacks.

Explore more

Can Federal Lands Power the Future of AI Infrastructure?

I’m thrilled to sit down with Dominic Jainy, an esteemed IT professional whose deep knowledge of artificial intelligence, machine learning, and blockchain offers a unique perspective on the intersection of technology and federal policy. Today, we’re diving into the US Department of Energy’s ambitious plan to develop a data center at the Savannah River Site in South Carolina. Our conversation

Can Your Mouse Secretly Eavesdrop on Conversations?

In an age where technology permeates every aspect of daily life, the notion that a seemingly harmless device like a computer mouse could pose a privacy threat is startling, raising urgent questions about the security of modern hardware. Picture a high-end optical mouse, designed for precision in gaming or design work, sitting quietly on a desk. What if this device,

Building the Case for EDI in Dynamics 365 Efficiency

In today’s fast-paced business environment, organizations leveraging Microsoft Dynamics 365 Finance & Supply Chain Management (F&SCM) are increasingly faced with the challenge of optimizing their operations to stay competitive, especially when manual processes slow down critical workflows like order processing and invoicing, which can severely impact efficiency. The inefficiencies stemming from outdated methods not only drain resources but also risk

Structured Data Boosts AI Snippets and Search Visibility

In the fast-paced digital arena where search engines are increasingly powered by artificial intelligence, standing out amidst the vast online content is a formidable challenge for any website. AI-driven systems like ChatGPT, Perplexity, and Google AI Mode are redefining how information is retrieved and presented to users, moving beyond traditional keyword searches to dynamic, conversational summaries. At the heart of

How Is Oracle Boosting Cloud Power with AMD and Nvidia?

In an era where artificial intelligence is reshaping industries at an unprecedented pace, the demand for robust cloud infrastructure has never been more critical, and Oracle is stepping up to meet this challenge head-on with strategic alliances that promise to redefine its position in the market. As enterprises increasingly rely on AI-driven solutions for everything from data analytics to generative