October 16, 2023 at 10:03AM
Russian hacking groups have been exploiting a security vulnerability in the WinRAR archiving utility to launch a phishing campaign. The attack involves malicious archive files that exploit the vulnerability, allowing the attacker to gain remote access to compromised systems. The campaign also steals data from Google Chrome and Microsoft Edge browsers. This development comes as APT29, a Russian nation-state actor, increases its phishing operations targeting diplomatic entities, particularly focusing on Ukraine. Ukrainian cybersecurity agencies reported that Kremlin-backed threat actors have targeted domestic law enforcement entities to gather information on investigations into war crimes committed by Russian soldiers.
Meeting Takeaways:
– Pro-Russian hacking groups are exploiting a security vulnerability in the WinRAR archiving utility for a phishing campaign aimed at harvesting credentials.
– The attack involves malicious archive files that exploit the CVE-2023-38831 vulnerability and launch PowerShell commands to gain remote access.
– The attackers also use a PowerShell script to steal data, including login credentials, from Google Chrome and Microsoft Edge browsers.
– APT29, a Russian nation-state actor, is conducting rapidly evolving phishing operations targeting diplomatic entities, with a focus on Ukraine.
– APT29 has made significant changes in their tooling and tradecraft to hinder forensic analysis, including the use of compromised WordPress sites and additional obfuscation.
– The Turla group, another Russian-backed threat actor, has been involved in attacks using the Capibar malware and Kazuar backdoor for espionage against Ukrainian defensive assets.
– Ukrainian cybersecurity agencies report that Kremlin-backed threat actors targeted domestic law enforcement entities to gather information about Ukrainian investigations into war crimes by Russian soldiers.
– CERT-UA recorded a decrease in destructive cyber-attacks affecting operations in H1 2023 compared to previous periods.
Please note that these takeaways are a summary of the meeting notes and may not capture all details or nuances.