The Laptop Unexpected emergency Response Staff of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-condition hackers concentrating on many federal government bodies in the place.
The company attributed the phishing marketing campaign to APT28, which is also acknowledged by the names Extravagant Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy.
The email messages arrive with the subject matter line “Windows Update” and purportedly contain directions in the Ukrainian language to run a PowerShell command under the pretext of security updates.

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Managing the script masses and executes a subsequent-phase PowerShell script that’s intended to acquire fundamental technique facts by way of commands like tasklist and systeminfo, and exfiltrate the information by using an HTTP ask for to a Mocky API.
To trick the targets into operating the command, the email messages impersonated process directors of the focused authorities entities applying faux Microsoft Outlook email accounts established with the employees’ real names and initials.
CERT-UA is recommending that companies restrict users’ ability to operate PowerShell scripts and observe network connections to the Mocky API.
The disclosure arrives weeks following the APT28 was tied to attacks exploiting now-patched security flaws in networking devices to carry out reconnaissance and deploy malware versus find targets.
Google’s Threat Examination Team (TAG), in an advisory posted last thirty day period, thorough a credential harvesting procedure carried out by the danger actor to redirect visitors of Ukrainian government internet sites to phishing domains.
Russian-dependent hacking crews have also been linked to the exploitation of a critical privilege escalation flaw in Microsoft Outlook (CVE-2023-23397, CVSS rating: 9.8) in intrusions directed versus the governing administration, transportation, vitality, and military sectors in Europe.
Upcoming WEBINARLearn to End Ransomware with Actual-Time Defense
Join our webinar and study how to end ransomware attacks in their tracks with real-time MFA and service account protection.
Save My Seat!
The enhancement also arrives as Fortinet FortiGuard Labs uncovered a multi-phase phishing attack that leverages a macro-laced Word doc supposedly from Ukraine’s Energoatom as a entice to provide the open supply Havoc post-exploitation framework.
“It continues to be very very likely that Russian intelligence, army, and legislation enforcement solutions have a longstanding, tacit knowing with cybercriminal threat actors,” cybersecurity agency Recorded Potential stated in a report earlier this yr.
“In some instances, it is pretty much certain that these organizations maintain an founded and systematic partnership with cybercriminal danger actors, both by indirect collaboration or through recruitment.”
Uncovered this report intriguing? Observe us on Twitter and LinkedIn to read more unique content material we submit.
Some sections of this post are sourced from:
thehackernews.com