CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

admin by admin
April 15, 2023
in Information Security


Apr 14, 2023Ravie LakshmananUnited States

The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa.

According to Poland’s Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as Nobelium, which is known for its high-profile attack on SolarWinds in 2020.

Nobelium’s operations have been attributed to Russia’s Foreign Intelligence Service (SVR), an organization that’s tasked with protecting “individuals, society, and the state from foreign threats.”

That said, the campaign represents an evolution of the Kremlin-backed hacking group’s tactics, indicating persistent attempts at improving its cyber weaponry to infiltrate victim systems for intelligence gathering.

“New tools were used at the same time and independently of each other, or replacing those whose effectiveness had declined, allowing the actor to maintain a continuous, high operational tempo,” the agencies said.

Espionage Attacks

The attacks commence with spear-phishing emails impersonating European embassies that aim to entice targeted diplomats into opening malware-laced attachments under the guise of an invitation or a meeting.

Embedded within the PDF attachment is a booby-trapped URL that leads to the deployment of an HTML dropper called EnvyScout (aka ROOTSAW), which is then used as a conduit to deliver three previously unknown strains SNOWYAMBER, HALFRIG, and QUARTERRIG.

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!

Save My Seat!

SNOWYAMBER, also referred to as GraphicalNeutrino by Recorded Future, leverages the Notion note-taking service for command-and-control (C2) and downloading additional payloads such as Brute Ratel.

QUARTERRIG also functions as a downloader capable of retrieving an executable from an actor-controlled server. HALFRIG, on the other hand, acts as a loader to launch the Cobalt Strike post-exploitation toolkit contained within it.

It’s worth noting that the disclosure dovetails with recent findings from BlackBerry, which detailed a Nobelium campaign targeting European Union countries, with a specific emphasis on agencies that are “aiding Ukrainian citizens fleeing the country, and providing help to the government of Ukraine.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

AWS Security Profile: Ryan Dsouza, Principal Solutions Architect

Next Post

Innovativequalifier

Related Posts

Information Security

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

by admin
December 9, 2023
Information Security

2023 ISO and CSA STAR certificates now available with ISO 27001 transition from 2013 to 2022 version

by admin
December 9, 2023
Information Security

Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme

by admin
December 8, 2023
Information Security

Simplify workforce identity management using IAM Identity Center and trusted token issuers

by admin
December 8, 2023
Information Security

New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand

by admin
December 7, 2023
Next Post

Innovativequalifier

Recommended

Innovateviastronggovernance

December 9, 2023

Technology Innovation of the Year for Summit’s Service Automation Solution

December 9, 2023

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

December 9, 2023

2023 ISO and CSA STAR certificates now available with ISO 27001 transition from 2013 to 2022 version

December 9, 2023

6 Main Points Gartner® Avoided in the Market Guide™

December 8, 2023

Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme

December 8, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.