December 28, 2023 at 12:46PM Ukraine’s CERT warns of a new phishing campaign by APT28, a Russian hacker group known for targeting government and Western entities. The attack, occurring between December 15 and 25, 2023, deploys a new Python malware downloader, ‘MASEPIE,’ via phishing emails. APT28 also uses various tools for data theft and network … Read more
December 12, 2023 at 10:18AM Russian threat actor APT28, also known as ITG05, is using the Israel-Hamas war as a lure to distribute a custom backdoor called HeadLace. The campaign targets at least 13 nations and uses authentic documents to deliver the malware. The attacks exploit security flaws in WinRAR and Microsoft Outlook, focusing on … Read more
December 8, 2023 at 10:18AM Russian threat actor APT28 is exploiting a no-interaction Outlook vulnerability in attacks across 14 countries. This was reported on SecurityWeek. Based on the meeting notes, the key takeaway is that a Russian threat actor known as APT28 has been utilizing a zero-click Outlook exploit to carry out attacks on 14 … Read more
December 7, 2023 at 05:26PM Russian APT28 hackers exploited a Microsoft Outlook zero-day (CVE-2023-23397) to target European NATO members and a NATO corps. Over 20 months, they attacked at least 30 organizations in 14 countries. Despite the patch in 2023, they continued using it for credential theft and lateral network movement. Unit 42 linked the … Read more
December 5, 2023 at 03:12AM Microsoft identified activity by Russian-supported threat group Forest Blizzard (also known as APT28 and other names) exploiting a severe Outlook security flaw, CVE-2023-23397, to access email accounts on Exchange servers. The group targeted various sectors and used the bug to maintain unauthorized mailbox access. Microsoft patched the bug in March … Read more
December 4, 2023 at 03:19PM Microsoft warns of APT28 exploiting a critical Outlook flaw, CVE-2023-23397, to hijack Exchange accounts, targeting governmental and key sectors in the US, Europe, and the Middle East. The attacks, using various vulnerabilities, have been ongoing since April 2022. Urgent mitigation includes applying security updates and enabling MFA. Meeting Takeaways: 1. … Read more
October 26, 2023 at 12:45PM The Russian APT28 hacking group, also known as ‘Strontium’ or ‘Fancy Bear,’ has been targeting various entities in France since the second half of 2021. They have exploited vulnerabilities in WinRAR and Microsoft Outlook, compromised peripheral devices, and utilized VPN clients. ANSSI recommends focusing on email security to defend against … Read more
October 19, 2023 at 12:33AM State-backed threat actors from Russia and China are exploiting a security flaw in the WinRAR archiver tool for Windows. The vulnerability (CVE-2023-38831) allows attackers to execute code when a user tries to view a benign file in a ZIP archive. The attackers include FROZENBARENTS (Sandworm), FROZENLAKE (APT28), and ISLANDDREAMS (APT40). … Read more
October 18, 2023 at 12:49PM Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, … Read more
October 18, 2023 at 11:16AM State-backed hacking groups, including Sandworm, APT28, and APT40, are exploiting a vulnerability in WinRAR to execute arbitrary code on targeted systems. The bug, known as CVE-2023-38831, has been exploited since April 2023, enabling threat actors to deliver various malware payloads. Despite a patch being available, many users remain vulnerable. Google … Read more