Sneaky Cyberattacks by Russia's Fancy Bear on Arms Suppliers to Ukraine
Cybercriminals infiltrate weapons manufacturers in Ukraine - Unknown entities launch cyberattacks on Ukrainian ammunition merchants
Hold onto your horses! The infamous Russian hacker group, Fancy Bear (also known as Sednit or APT28), has been causing a ruckus, launching attacks on arms manufacturers supplying weapons to Ukraine. That's right, ya'll! A recent study by Slovak security firm ESET from Bratislava confirmed these stealthy shenanigans.
But guess who's not just playing in Ukraine's backyard? The enemies are lurking around Bulgaria, Romania, Ukraine, Africa, and South America's arms factories, too! Why? These guys supply crucial weaponry that helps protect Ukraine from Russia's invasion. Damn!
Now, you might know that Fancy Bear has been all over the news for their malicious activities, such as attacking the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD's headquarters (2023). Talk about a handful! Experts consider them part of a bigger plot by Russian intelligence services to spread chaos and influence politics.
So, how are they pulling off these underhanded moves? In the latest espionage campaign, Operation RoundPress, hackers have been sneaking into webmail systems using vulnerabilities in popular webmail software like Roundcube, Zimbra, Horde, and MDaemon. Many of these weaknesses could have been fixed with proper maintenance, but hey, who's got time for that these days, right? In some cases, the attackers exploited an unknown vulnerability in MDaemon that couldn't be patched right away, leaving the companies defenseless.
But that's not all. Fancy Bear likes to trick their victims with crafty emails posing as news alerts from sources like the Kyiv Post or Bulgarian news portal News.bg. As soon as the user opens the email in their browser, malware gets triggered, bypassing spam filters and infecting their systems. Yikes!
Next up, these hackers are using the malicious software "SpyPress.MDAEMON" to snoop around and even bypass two-factor authentication (2FA). You heard that right! If a password isn't enough, these cybercrooks can find ways to get through 2FA and gain access to your accounts.
And you thought your emails were safe behind a double layer of protection! According to Matthieu Faou, a researcher from ESET, viewing an email in your browser can be enough to trigger malware without you even clicking on anything. Keep that in mind!
So, stay smart when browsing the web. Keep those webmail servers up-to-date, stay suspicious of emails from unverified sources, and make sure your 2FA game is on point. Because in this wild cyberworld we live in, you never know when the next sneaky attack will happen!
Tips for Cybersecurity:
- Keep your webmail software updated
- Stay vigilant when opening emails from unknown sources
- Strengthen your 2FA security measures
- Have a solid incident response plan in place
- The employment policy in EC countries should prioritize cybersecurity, especially in industries like arms manufacturing, as they are often targeted by cyberattacks, as seen in the recent attacks on Ukrainian arms suppliers by Fancy Bear.
- Given the increasing cyber threats, it is essential for technology companies to focus on improvement and regular maintenance of webmail software like Roundcube, Zimbra, Horde, and MDaemon, to protect against known vulnerabilities that cyberattackers exploit.
- As cybercriminals use politics, war-and-conflicts, and general news as themes to launch phishing attacks, it is crucial for employment policy in the crime-and-justice sector to emphasize cybersecurity training for employees, encouraging vigilance and suspicion when receiving emails from unverified sources.
