Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    This huge Russian phishing campaign is hitting targets across the world

    aum

    By aum,
    Published Date:

    • 274 views
    • 2 minutes
     Share
    • 274 views
    • 2 minutes

    Russian state-sponsored group is ramping up its phishing efforts

     

    Cybersecurity researchers have observed a significant uptick in Russian phishing campaigns targeting government agencies and other organizations in the West.

     

    In a new research report, Proofpoint said that it spotted APT28, AKA Fancy Bear, distributing a larger amount of malicious emails to targets across Europe and North America. 

     

    The campaign started in March 2023 and resulted in tens of thousands of phishing emails sent to organizations in government, aerospace, education, finance, manufacturing, and technology sectors.

     

    Outlook and WinRAR


    US intelligence puts Fancy Bear under the direct command of the Russian General Staff Main Intelligence Directorate (GRU).

     

    These emails carry either malicious files, or links, and try to exploit multiple vulnerabilities that the cybersecurity community discovered, and patched, months ago. This means that Fancy Bear is after organizations that aren’t that diligent when it comes to their systems and endpoints.

     

    Proofpoint singles out two vulnerabilities - CVE-2023-23397, which is an elevation of privilege flaw found in Microsoft Outlook, and CVE-2023-38831, a remote code execution flaw discovered recently in WinRAR. While the former allows ATP28 to exploit TNEF files and grab a hash of the target’s NTLM password, the latter allows for the execution of “arbitrary code when a user attempts to view a benign file within a ZIP archive.” 

     

    While the campaign’s goal is debatable, it’s most likely to gather intelligence. This could be particularly damaging if the campaign is successful in the government, aerospace, and technology sectors. 

     

    The last time we heard of APT28 was in late spring 2023 year when the group was targeting Ukrainian government employees with information-stealing malware by posing as IT staff working in these institutions. After successfully contacting their targets, the hackers would talk them into running a PowerShell command which would download information-stealing malware.

     

    Source

    • Adenman and funkyy
    • Like 2
     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...