Skip to content
CybersecurityPoliticsTechnologyWar-and-conflictsGeneral-news

Cybercriminals Launch Attacks on Ukrainian Weapons Vendors

Unethical digital intruders demonstrate intent to disrupt Ukrainian weapons vendors' operations

 and  Administrator
3 min read
Russian Hackers' Group Fancy Bear Assaults Defense Companies Providing Arms to Ukraine (Possible...
Russian Hackers' Group Fancy Bear Assaults Defense Companies Providing Arms to Ukraine (Possible Evidence Included)

Cybercriminals Mounted Attacks on Ukrainian Weapons Vendors - Cybercriminals Launch Attacks on Ukrainian Weapons Vendors

Rewritten Article:

Russian Hackers Go After Ukraine's Arms Suppliers: Operation RoundPress

Eset Research has exposed the latest plot by the notorious Russian hacker group, Fancy Bear, who've been targeting arms manufacturers providing weapons to Ukraine. This targeted attack primarily impacted companies in Bulgaria, Romania, and Ukraine, producing Soviet-era military equipment, playing a crucial role in Ukraine's defense against Russia's invasion. Notably, arms factories in Africa and South America were also affected.

Known as Sednit or APT28, Fancy Bear is infamous for the attacks on the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD headquarters (2023). Experts believe Fancy Bear operates as part of a broader strategy unveiled by Russian intelligence services to use cyberattacks as instruments of political influence and destabilization, with espionage and targeted disinformation campaigns against Western democracies at the heart of their objectives.

The hackers employed a new tactic dubbed "Operation RoundPress," where they exploited vulnerabilities in popular webmail platforms like Roundcube, Zimbra, Horde, and MDaemon. These exploits could have been eliminated through routine software maintenance. In some cases, companies found themselves powerless against attackers who leveraged a previously unknown security flaw in MDaemon, initially unpatchable.

The attacks began with manipulated emails disguised as news alerts, claiming to be from prestigious news outlets such as Kyiv Post or Bulgarian news portal News.bg. When recipients opened these emails in their browsers, hidden malware was triggered, evading spam filters.

Eset researchers found the attacking malware, named "SpyPress.MDAEMON." This malicious software not only steals login credentials and tracks emails but can also circumvent two-factor authentication (2FA). 2FA is an additional security measure used during online logins or access to sensitive data, requiring a second form of verification besides the password. However, Fancy Bear hackers triumphantly bypassed 2FA in numerous instances, gaining unfettered access to email accounts using application passwords.

Matthieu Faou, an Eset researcher, remarked, "Many companies continue to operate outdated webmail servers. Merely opening an email in a browser can trigger malware execution, without the recipient intentionally clicking on anything."

To safeguard against such targeted hacking attempts, businesses must adopt a multi-layered cybersecurity strategy concentrated on the following key areas:

  1. Regular patching and software maintenance: Staying up-to-date with webmail software and its associated infrastructure limits attackers' ability to exploit known and zero-day vulnerabilities.
  2. Mitigating cross-site scripting (XSS) vulnerabilities: Implement stringent input validation, sanitization, and employ Content Security Policy (CSP) headers to prevent the injection of malicious JavaScript code.
  3. Strengthening email security and user awareness: Implement advanced email filtering, sandboxing, and user training to detect phishing attempts more effectively.
  4. Hardening two-factor authentication (2FA): Instead of text messages or app-generated OTPs, use hardware security keys, which offer stronger phishing protection. Implement adaptive authentication measures and monitor login sessions for suspicious activity.
  5. Network and endpoint defense: Deploy network-level protections like web application firewalls, utilize endpoint detection and response tools, and practice segmentation and the principle of least privilege to reduce exposure if an account is compromised.
  6. Incident response and monitoring: Continuously monitor webmail logs, user activity, and anomaly detection systems, and have an incident response plan ready for email system breaches.

Brace up, businesses! A well-orchestrated approach encompassing all these areas helps thwart cyberattacks like Operation RoundPress and protect sensitive data from being extracted by unscrupulous players like Fancy Bear.

  1. Given the ongoing cyberattacks by Fancy Bear, a Russian hacker group, on arms manufacturers supplying weapons to EC countries like Ukraine, it is essential for these companies to prioritize their employment policy to include robust cybersecurity measures.
  2. In light of the growing threat posed by hacker groups, the employment policy in the technology sector should focus on hiring professionals experienced in cybersecurity, particularly in defending against attacks like Operation RoundPress.
  3. As the world becomes increasingly interconnected through technology, employment policy in the general news sector should also prioritize journalists with expertise in cybersecurity and war-and-conflicts, enabling them to report accurately on cyberattacks and related political implications.

Read also:

    Related

    Latest