Cybercriminals Launch Attacks on Ukrainian Armored Vehicle Manufacturers - Cybercriminals initiate attacks on Ukrainian weapon suppliers
Let's get this straight, folks! The infamous Russian hacker troupe, Fancy Bear (also known as Sednit or APT28), has been launching sly attacks against suppliers of gadgets of destruction aimed at Ukraine. This juicy bit of intel comes straight from Eset, a Slovak security firm based in Bratislava.
These attacks primarily homed in on manufacturers of old-school Soviet-era weapons in Bulgaria, Romania, and Ukraine, which play a pivotal defensive role against Russia's unwelcome invasion. But get this, arms factories in Africa and South America weren't left out of the chaos either!
Now, Fancy Bear isn't just some weekend hacker; they're the masterminds behind the attacks on the German Bundestag (2015), that crafty witch Hillary Clinton (2016), and even the SPD headquarters (2023)! Experts believe they're part of a broader strategy cooked up by Russian intelligence to make use of cyberattacks as a tool for political maneuvering and destabilization. Add to that a scrunchy focus on spewing disinformation campaigns against Western democracies.
The latest attack scheme dubbed "Operation RoundPress" is roughly as subtle as a sledgehammer to the face. You know what they say, spycraft ain't pretty! They exploited vulnerabilities in common webmail software like Roundcube, Zimbra, Horde, and MDaemon. Crazy part is, many of these vulnerabilities could've been nipped in the bud with a bit of software TLC. In one wild case, though, the affected companies were at the mercy of the attackers, who exploited a never-before-seen security loophole in MDaemon to wreak havoc!
Eset researchers have found that the attacks kicked off with phony emails that looked like news alerts from credible sources such as the Kyiv Post or Bulgarian news outlet News.bg. Once the email is opened in the browser, bam! Malware sneaks in undetected, dodging spam filters.
The researchers also stumbled upon this nifty piece of malware called "Spypress.MDAEMON." This bad boy can read login credentials, track emails, and even bypass two-factor authentication! Two-factor authentication is like that second lock on your apartment door, folks. Even if a keyswipe can't get in, a password can't be enough to open the door to your sensitive data. So, it's a bummer that Fancy Bear's magicians managed to bypass 2FA in several cases and score some long-term access to mailboxes—all by using so-called application passwords!
Eset's Matthieu Faou sums it up best: "Companies running outdated webmail servers are running a high risk. Simply displaying an email in a browser can be enough to execute malware without the recipient having to click on anything." So there you have it, kids—stay vigilant and don't let your guard down!
- Cybersecurity, Ukraine, Hacker group, Bratislava, Arms companies, Russia, Software, Bulgaria, Romania, Africa, South America, Bundestag, Hillary Clinton, SPD
Behind the Scenes:
Fancy Bear's dirty tricks include spearphishing emails, exploiting Cross-Site Scripting (XSS) vulnerabilities, custom JavaScript payloads, and non-persistent malware. The ultimate aim? To disrupt Ukraine's defense mechanisms, steal sensitive data, and potentially swing political outcomes in Russia's favor.
- Eset, a cybersecurity firm based in Bratislava, Slovakia, has exposed the infamous Russian hacker group Fancy Bear's continued attempts to disrupt Ukraine's defense mechanisms.
- The hacker group, also known as Sednit or APT28, has launched cyberattacks against arms companies in EC countries like Bulgaria and Romania, as well as in Africa and South America.
- Fancy Bear is known for its involvement in high-profile cyberattacks, including the attacks on the German Bundestag, Hillary Clinton, and SPD headquarters.
- The latest scheme, Operation RoundPress, exploits vulnerabilities in common webmail software, bypassing two-factor authentication in some cases, and potentially gaining long-term access to mailboxes.
