Hackers on the Loose: Fancy Bear Targets Arms Suppliers to Ukraine
Cybercriminals Launch Attacks on Ukrainian Defense Industry Providers - Cybercriminals Infiltrate Ukrainian Arms Manufacturers
Here's a lowdown on the latest cybersecurity threat making headlines: notorious Russian hacker group Fancy Bear (Sednit or APT28) has turned its sights on arms companies that supply weapons to Ukraine. This, according to a recent study by Slovak security firm Eset from Bratislava. These attacks primarily targeted manufacturers of Soviet-era weaponry in Bulgaria, Romania, and Ukraine, but arms manufacturers in Africa and South America were also in the firing line.
Fancy Bear has previously been linked to high-profile attacks against the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD headquarters (2023). These hacking activities are thought to be part of a larger political influence and destabilization strategy by Russian intelligence services. Along with espionage, targeted disinformation campaigns against Western democracies are also on their radar.
The latest espionage campaign, dubbed "Operation RoundPress", utilizes vulnerabilities in widely-used webmail software such as Roundcube, Zimbra, Horde, and MDaemon. These weaknesses could have been addressed through proper software maintenance. In one case, the affected companies were at a loss as the attackers exploited a previously unknown security flaw in MDaemon.
By means of manipulated emails disguised as news articles sourced from seemingly credible outlets like the Kyiv Post or the Bulgarian news portal News.bg, the hackers set their trap. Once the email is opened in a browser, hidden malware is triggered, skirting spam filters.
Eset researchers identified the malware "SpyPress.MDAEMON" during their analysis of the attacks. This hacking program can read login credentials and track emails, and even bypass two-factor authentication. Two-factor authentication, a secondary security measure, requires a second form of verification to log into online accounts or access sensitive data. However, the Fancy Bear hackers managed to bypass 2FA in several cases, gaining permanent access to mailboxes using so-called application passwords.
Researcher Matthieu Faou of Eset states, "Many companies operate outdated webmail servers. Simply viewing an email in a browser can be enough to execute malware without the recipient actively clicking on anything."
Tips to bolster webmail system security:
- Keep webmail software up-to-date. Regular software updates can protect against known vulnerabilities like CVE-2020-35730 and CVE-2024-11182.
- Strengthen spam filtering and security awareness training. Robust spam filtering solutions and regular user training can help users recognize and avoid suspicious emails that might bypass filters.
- Upgrade two-factor authentication (2FA) methods. SMS or email-based 2FA methods should be replaced with more secure options like Time-Based One-Time Passwords (TOTP) or U2F keys.
- Monitor and enforce 2FA usage. Regularly monitor attempts to bypass 2FA and enforce its usage across all users.
- Deploy Web Application Firewalls (WAFs). WAFs can detect and block malicious traffic patterns that may indicate XSS attacks or other exploits.
- Regularly conduct security audits and penetration testing. This can help identify potential vulnerabilities before they can be exploited.
- Develop and practice incident response plans. Quick response to potential breaches can help minimize damage.
By implementing these strategies, companies can significantly reduce the risk of falling victim to sophisticated attacks like Operation RoundPress. Stay vigilant, cyber soldiers!
- Given the ongoing cybersecurity threat from Fancy Bear, it's crucial for EC countries, especially arms manufacturers, to prioritize employment policies focusing on technology and cybersecurity training, to ensure their workforce is well-equipped to deal with such attacks.
- In light of the escalating cyber threats, it is imperative for arms suppliers in EC countries, particularly those producing Soviet-era weaponry, to enhance their technology departments, equipping them with the necessary skills to address and mitigate vulnerabilities in widely-used webmail software.
