APT28 Employs Windows Update Lures to Trick Ukrainian Targets

  /     /     /  
Publicated : 23/11/2024   Category : security

APT28 Employs Windows Update Lures to Trick Ukrainian Targets


The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.


The Russia-linked APT28 hacking group targeted Ukrainian government bodies in a
spear-phishing campaign
that uses phony Windows Update guides.
In April, CERT-UA observed malicious emails being sent on Microsoft Outlook from what appeared to be system administrators at government bodies — with a subject line that read Windows Update. The emails sought to trick the recipients into launching a command line and executing a PowerShell command.
Operating out of military unit 26165 of the Russian General Staff Main Intelligence Directorate (GRU), the
APT28 group has been known to be active since 2007
and has targeted a variety of operations globally, including governments, security organizations, militaries, and the 2016 US presidential election.
The mentioned command will download a PowerShell script that, simulating the process of updating the operating system, will download and execute the following PowerShell script designed to collect basic information about the computer using the tasklist, systeminfo commands, and send the received results using HTTP request to the Mocky service API, the
CERT-UA alert stated.
Going forward, CERT-UA recommends that organizations placing restrictions on PowerShell use and monitor network connections to the Mocky service API. The NCSC, NSA, CISA, and FBI was also released a joint advisory with information on tactics, techniques, and procedures (TTPs) connected with
APT28s attacks
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
APT28 Employs Windows Update Lures to Trick Ukrainian Targets