A current cyber espionage marketing campaign concentrating on the international affairs ministries of NATO-aligned nations has been attributed to Russian menace actors. The marketing campaign makes use of phishing assaults with PDF paperwork that include malware referred to as Duke, which is related to APT29. The attackers used an open-source chat utility referred to as Zulip for command-and-control functions, permitting them to evade detection. The PDF paperwork are disguised as coming from Germany, and if a goal falls for the phishing lure and opens the file, a sequence of actions are initiated to drop the malware. APT29 has beforehand been reported to make use of invitation themes of their assaults. The use of the area “bahamas.gov[.]bs” within the marketing campaign additional hyperlinks it to Russian actors.
In a separate improvement, the state-sponsored hacking group Sandworm, affiliated to Russian army intelligence, was noticed making an attempt to realize unauthorized entry to Android tablets used by Ukrainian army personnel. The goal of those assaults was to disrupt crucial operations and collect intelligence. The attackers used numerous malware strains, together with NETD for persistence, DROPBEAR for distant entry, STL for information gathering from the Starlink satellite tv for pc system, DEBLIND for information exfiltration, and the Mirai botnet malware. A TOR hidden service was additionally employed for native community entry by way of the Internet.
These campaigns spotlight the continuing cyber threats posed by Russian menace actors, with APT29 and Sandworm concentrating on authorities organizations and crucial industries in NATO-aligned nations and Ukraine, respectively.
Source hyperlink