APT28 Employs Windows Update Lures to Trick Ukrainian Targets

  /     /     /  
Publicated : 23/11/2024   Category : security


APT28 Employs Windows Update Lures to Trick Ukrainian Targets


The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.



The Russia-linked APT28 hacking group targeted Ukrainian government bodies in a
spear-phishing campaign
that uses phony Windows Update guides.
In April, CERT-UA observed malicious emails being sent on Microsoft Outlook from what appeared to be system administrators at government bodies — with a subject line that read Windows Update. The emails sought to trick the recipients into launching a command line and executing a PowerShell command.
Operating out of military unit 26165 of the Russian General Staff Main Intelligence Directorate (GRU), the
APT28 group has been known to be active since 2007
and has targeted a variety of operations globally, including governments, security organizations, militaries, and the 2016 US presidential election.
The mentioned command will download a PowerShell script that, simulating the process of updating the operating system, will download and execute the following PowerShell script designed to collect basic information about the computer using the tasklist, systeminfo commands, and send the received results using HTTP request to the Mocky service API, the
CERT-UA alert stated.
Going forward, CERT-UA recommends that organizations placing restrictions on PowerShell use and monitor network connections to the Mocky service API. The NCSC, NSA, CISA, and FBI was also released a joint advisory with information on tactics, techniques, and procedures (TTPs) connected with
APT28s attacks
.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
APT28 Employs Windows Update Lures to Trick Ukrainian Targets