Russias Fancy Bear APT Targets Ukrainian Energy Facility

  /     /     /  
Publicated : 23/11/2024   Category : security

Russias Fancy Bear APT Targets Ukrainian Energy Facility


The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.


Earlier this week, infamous Russian cyberespionage group Fancy Bear (aka
APT28
, Strontium, or Sofacy) was caught attacking a critical energy facility in Ukraine. The attack was ultimately thwarted by a cybersecurity professional working for the organization that was targeted.
Ukraines Computer Emergency Response Team (CERT-UA)
detected and explored the attack
, it noted in a report. CERT-UA stated that the MO of the group was to use bulk phishing emails from a fake address that linked to a .ZIP archive, so that it could ultimately gain access to the organizations system and data.
The email CERT-UA shared included
a message that read
: Hi! I talked to three girls, and they agreed. Their photos are in the archive; I suggest checking them out on the website. This is notably different from past malicious emails that
Russian hackers
have used, where the correspondence has included false government documents or illegitimate software updates. The recent email also included a BAT formatted file that would have executed harmful script once opened.
In addition to this, researchers noted that the
attackers
installed Tor onto the victims computer, allowing for anonymous Internet browsing and difficulty tracing the datas root source.
This attempt at an attack comes after a period of cyber peace, as Ukraines authorities have not reported an
attack on its energy infrastructure
since autumn 2022. There is concern as to whether these attacks will once again resume now that summer is coming to an end; and, given this most recent incident, those concerns could become a reality.

Last News

▸ Zeus Bank Malware Spreading on Facebook. ◂
Discovered: 26/12/2024
Category: security
▸ WikiLeaks offers Snowden a flight to Iceland. ◂
Discovered: 26/12/2024
Category: security
▸ Examining risks in crucial business apps. ◂
Discovered: 26/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Russias Fancy Bear APT Targets Ukrainian Energy Facility