February 4, 2024 at 12:19PM
Russian state-sponsored APT28 group has been actively conducting NTLM v2 hash relay attacks since April 2022, targeting various industries worldwide. Managed by Russia’s GRU military intelligence, the group employs multiple aliases and has a history of spear-phishing and using router vulnerabilities to carry out attacks. Their tactics continue to evolve to avoid detection.
From the meeting notes, the key takeaways are:
– Russian state-sponsored actors, specifically the APT28 group, have been conducting NTLM v2 hash relay attacks targeting high-value targets worldwide since April 2022.
– The attacks primarily targeted organizations in foreign affairs, energy, defense, transportation, labor, social welfare, finance, parenthood, and local city councils.
– APT28 is also known as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422.
– The group, believed to be operated by Russia’s GRU military intelligence service, has a track record of spear-phishing campaigns and exploiting vulnerabilities in networking equipment and software to gain unauthorized access to targeted networks.
– APT28 has been observed continuously improving its operational playbook to evade detection. This includes the use of anonymization layers such as VPN services, Tor, data center IP addresses, and compromised routers to carry out scanning and probing activities.
– The group has also been observed carrying out credential harvesting campaigns using bogus login pages mimicking Microsoft Outlook and deploying malware such as HeadLace, OCEANMAP, MASEPIE, and STEELHOOK.
– APT28 has been observed conducting phishing campaigns against embassies and high-profile entities and impersonating researchers and academics to redirect prospective victims to credential harvesting pages.
These clear takeaways from the meeting notes can serve as a foundation for any further action or decision-making needed. Let me know if there is anything else you would need assistance with.