State-sponsored actors with ties to Russia have been connected to qualified cyber attacks aimed at French diplomatic entities, the country’s info security company ANSSI said in an advisory.
The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard (formerly Nobelium), which overlaps with exercise tracked as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
Even though the monikers APT29 and Midnight Blizzard have been interchangeably made use of to refer to intrusion sets linked with the Russian International Intelligence Services (SVR), ANSSI mentioned it prefers to deal with them as disparate threat clusters along with a third a single dubbed Dark Halo, which has been held liable for the 2020 provide chain attack by means of SolarWinds software.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“Nobelium is characterized by the use of certain codes, strategies, tactics, and strategies. Most of Nobelium campaigns versus diplomatic entities use compromised reputable email accounts belonging to diplomatic employees, and perform phishing strategies from diplomatic institutions, embassies, and consulates,” the agency stated.
It really is worth noting that the concentrating on of diplomatic entities is also monitored less than the identify Diplomatic Orbiter.
The attacks entail sending phishing emails to French public corporations from overseas establishments and folks earlier compromised by the threat actor to initiate a collection of malicious actions.
“In May 2023, several European embassies in Kyiv ended up specific by a phishing marketing campaign done by Nobelium’s operators,” it mentioned. “The French embassy in Kyiv was a person of the targets of this marketing campaign, which was executed by way of an email that was themed about a ‘Diplomatic vehicle for sale.'”
One more attack noticed in the exact same thirty day period focusing on the French Embassy in Romania was finally unsuccessful, ANSSI pointed out.
Other intrusions mounted by the danger actor have leveraged security flaws in JetBrains TeamCity servers as section of an opportunistic marketing campaign. In recent months, it has also been connected to breaches of Microsoft and Hewlett Packard Company (HPE).
“The concentrating on of IT and cybersecurity entities for espionage applications by Nobelium operators perhaps strengthens their offensive abilities and the threat they represent,” the company reported. “The intelligence collected all through recent attacks against IT sector entities could also aid Nobelium’s upcoming functions.”
The disclosure arrives as Poland exposed that Russian hackers could be driving the DDoS attack on Telewizja Polska (TVP) that led to the disruption of an on-line broadcast of the Euro 2024 soccer match on June 16, 2024.
Uncovered this write-up attention-grabbing? Comply with us on Twitter and LinkedIn to browse far more distinctive articles we article.
Some parts of this report are sourced from:
thehackernews.com
Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024