Go to listing page

​​High-Profile Spear-Phishing Attack Against Ukrainian Entities

​​High-Profile Spear-Phishing Attack Against Ukrainian Entities
Ever since Russia’s invasion, organizations in Ukraine have constantly been the target of phishing attacks. Google’s Threat Analysis Group (TAG), which has been monitoring the disrupting attacks against Ukraine, revealed that the country received roughly 60% of the phishing attacks originating from Russia between January and March. 

Speaking in the same line, Recorded Future’s Insikt Group in partnership with CERT-UA has uncovered a new spear-phishing campaign targeting high-profile entities in Ukraine. Tracked as BlueDelta activity, the campaign appears to be operational since November 2021.

More about the campaign

The BlueDelta campaign leverages news themes related to Ukraine to convince recipients into opening phishing emails.
  • These emails include exploits to compromise Roundcube webmail servers vulnerable to previously discovered vulnerabilities - CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026.
  • The campaign is attributed to APT28 aka Fancy Bear and overlaps with the phishing activity that exploited a Microsoft Outlook zero-day vulnerability in 2022.
  • The campaign collects intelligence from organizations such as government institutions and military entities associated with aircraft infrastructure.

Ukraine espionage

  • Lately, Symantec shared details of a new Gamaredon campaign that focused on acquiring military and security intelligence on Ukrainian military service members, air strikes, arsenal inventories, and military training activities. 
  • In another campaign, Ukrainian government agencies were targeted by malicious emails containing fake Windows update guides. The campaign was the work of the Fancy Bear APT group, which aimed at extracting data from the victims’ computers. 
  • In February a Russian hacker group, collectively known as Nodaria, used a new Graphiron malware to steal a wide range of system information from government agencies.

Final words

Researchers have suggested a few mitigations against the latest phishing attack. These include configuring IDS, IPS, or any network defense mechanisms to block malicious activities at the endpoints. Further, it is suggested to update the vulnerable Roundcube webmail servers to the latest versions to protect your environment from the exploits.
Cyware Publisher

Publisher

Cyware

Previous

Self Propagating Chinese Malware Inadvertently Affects ...

Threat Actors

Next

Chinese APT15 Re-emerges with New Graphican Malware

Threat Actors

RESOURCES
Cyber Fusion Center Guide
EVENTS
News and Updates, Hacker News

Get in touch with us now!

1-855-692-9927

Download Cyware Social App

Terms of Use Privacy Policy © 2023