December 12, 2023 at 10:18AM Russian threat actor APT28, also known as ITG05, is using the Israel-Hamas war as a lure to distribute a custom backdoor called HeadLace. The campaign targets at least 13 nations and uses authentic documents to deliver the malware. The attacks exploit security flaws in WinRAR and Microsoft Outlook, focusing on … Read more
December 8, 2023 at 01:52PM The espionage group Fighting Ursa, also known as Forest Blizzard or Fancy Bear, has been targeting government agencies in NATO countries, the UAE, and Jordan. They are using a zero-click vulnerability in Microsoft Outlook to compromise systems. This APT has targeted at least 30 organizations and continues to pose a … Read more
December 5, 2023 at 07:22PM Fancy Bear, a Russian cyber-spy group, has been targeting US and European agencies using patched Outlook and WinRAR flaws for phishing campaigns. Microsoft and Polish Cyber Command observed unauthorized access to high-value email accounts. Over 10,000 emails were used to exploit the vulnerabilities. Proofpoint expects continued exploitation of unpatched systems … Read more
December 4, 2023 at 03:19PM Microsoft warns of APT28 exploiting a critical Outlook flaw, CVE-2023-23397, to hijack Exchange accounts, targeting governmental and key sectors in the US, Europe, and the Middle East. The attacks, using various vulnerabilities, have been ongoing since April 2022. Urgent mitigation includes applying security updates and enabling MFA. Meeting Takeaways: 1. … Read more
October 26, 2023 at 12:45PM The Russian APT28 hacking group, also known as ‘Strontium’ or ‘Fancy Bear,’ has been targeting various entities in France since the second half of 2021. They have exploited vulnerabilities in WinRAR and Microsoft Outlook, compromised peripheral devices, and utilized VPN clients. ANSSI recommends focusing on email security to defend against … Read more