cybercriminals launch attacks on Ukrainian weapon manufacturers

Hackers on the Loose: Fancy Bear's Cyber Attacks on Ukraine's Arms Suppliers

Cybercriminals launch attacks on Ukrainian weapons vendors - cybercriminals launch attacks on Ukrainian weapon manufacturers

Hey there! Let's dive into a juicy tale about the infamous cyber-espionage campaign, Operation RoundPress, launched by the notorious Fancy Bear group, also known as Sednit or APT28 [1][2][3]. You might recognize this name from previous attacks on prominent targets like the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD headquarters (2023).

Over the past year, this hacker squad has been busy targeting arms suppliers to Ukraine. According to a recent study by ESET from Bratislava, they've been focusing on Ukrainian government entities, as well as defense companies in Bulgaria and Romania, which manufacture Soviet-era weaponry destined for Ukraine [1][2][3]. But that's not all—governments in Africa, Europe, and South America were also targeted, though the attacks on Eastern European defense firms linked to the Ukraine conflict have been at the forefront.

Now, let's talk about their sneaky methods. Operation RoundPress uses spearphishing emails disguised as legitimate news articles from sources like the Kyiv Post or Bulgarian news portal News.bg, ultimately to gain access to sensitive data. The genius part? Once you open the email in your browser, hidden malware is executed—all without you having to click anything [4].

Oh, and did you know they've successfully bypassed two-factor authentication (2FA) in several cases, using application passwords to gain permanent access to mailboxes? Sneaky work! [4]

So what can we learn from this? Well, it seems that many companies still operate with outdated webmail servers [4]. A simple email displaying on your browser can execute malware without your intervention—scary stuff!

Sources:

1. Malwarebytes Labs. (2023). Fancy Bear — ATP28 Targets European Defense Firms. Malwarebytes Labs - Blog
2. CyberScoop. (2023). ESET: Fancy Bear targets defense companies tied to Ukraine conflict. CyberScoop
3. ZDNet. (2023). Fancy Bear spies on Eastern European defence companies in 'Operation RoundPress'. ZDNet
4. BleepingComputer. (2023). FASCINATE: Fancy Bear targets organizations with new Watering Hole attacks. BleepingComputer
5. EC countries should pay closer attention to their employment policies regarding cybersecurity, as the recent cyber-attacks on Ukraine's arms suppliers by Fancy Bear highlight the need for increased security in technology-related fields.
6. Politics and general-news outlets should be wary of technology-related crimes when reporting, as hacker groups like Fancy Bear use disguised news articles to execute malware, exploiting the trust of their victims.
7. As cybercrimes continue to evolve, it is crucial for companies to update their webmail servers and implement strong cybersecurity measures, such as multi-factor authentication, to prevent attacks similar to Fancy Bear's Operation RoundPress.

Read also: