- Since 2022 Fancy Bear was targeted at logistics organizations in the West
- The goal was to monitor foreign assistance that came to Ukraine
- CCTV cameras at border crossings were also monitored
Fancy Bear, the notorious Russian state-sponsored threat actor, has been spying on “dozens” of organizations from Western and NATO countries and monitored foreign aid moving into Ukraine. This is according to a common cybersecurity —Door advice [PDF]Published by 21 government agencies from the US, UK, Canada, Germany, France, the Czech Republic, Poland, Austria, Denmark and the Netherlands.
According to the report, Fancy Bear (also known as APT28) targeted logistics providers, technology companies and government organizations involved in the transport of help to Ukraine.
All transport modes were covered, including air, sea and rail, and the organizations span various industries, from defense, to transport, to maritime and air traffic management and eventually – to IT services.
Legitimation Filling
The targeted companies operated in Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine and the United States. In addition, the hackers also monitored CCTV cameras at border crossings for the same purpose.
To gain initial access, APT28 was dependent on the credentials and brute-force attacks. They also ran spirfishing campaigns and utilized software vulnerability.
By utilizing the CVE-2023-23397, they targeted Microsoft Exchange, Roundcube Webmail and WinRar, enabling them to infiltrate the systems. Finally, they went after the company’s VPNs and vulnerable SQL databases, and after compromising a network, moved laterally with tools such as PSEXEC and IMPACKET.
The attackers manipulated E -mail mailboxes and used TOR and VPNs to remain hidden while watching sensitive communication.
The Russo Ukrainian conflict demonstrated how much warning has changed in recent years. In addition to the usual fronts – land, sea and air, cyberspace has become an important battlefield with hackers and cyber criminals on both sides targeting sensitive information and critical infrastructure.
The attack must “serve as a reminder that cyber-physical systems are now strategic targets for opponents,” commented Andrew Lintell, General Manager, EMEA, at Claroty. “To combat this, organizations need full visibility in these environments and a risk -based approach to securing them. Many of these devices, such as security cameras, were not designed with modern threats in mind, so are increasingly vulnerable entry points.”
Via Registered
