June 20, 2024 at 10:58AM
State-sponsored cyber attacks targeting French diplomatic entities have been linked to Russia by the country’s information security agency. The attacks, attributed to a cluster named Midnight Blizzard, use phishing emails and compromised accounts to initiate malicious actions. The threat actor, known as Nobelium, has also targeted European embassies and leveraged security flaws in various servers.
Based on the meeting notes, the main takeaways are:
1. State-sponsored actors with ties to Russia have been linked to targeted cyber attacks on French diplomatic entities, using tactics such as phishing campaigns and security flaws in certain servers. The attacks are attributed to clusters tracked as Midnight Blizzard (formerly Nobelium), APT29, BlueBravo, Cloaked Ursa, Cozy Bear, The Dukes, and Dark Halo.
2. The attacks involve the use of compromised legitimate email accounts belonging to diplomatic staff and conduct phishing campaigns against diplomatic institutions, embassies, and consulates. This has also been monitored under the name Diplomatic Orbiter.
3. There have been specific instances of targeting, such as phishing campaigns against European embassies in Kyiv and the French Embassy in Romania. Additionally, breaches of Microsoft, Hewlett Packard Enterprise, and security flaws in JetBrains TeamCity servers have been linked to the threat actor.
4. The recent DDoS attack on Telewizja Polska (TVP) during the Euro 2024 soccer tournament is also believed to have been carried out by Russian hackers.
These takeaways highlight the ongoing cyber espionage and hacking activities perpetrated by Russian state-sponsored actors and the impact on diplomatic and IT entities.