The military counterintelligence service (SKW) of Poland and the CERT cybersecurity group accused the Russian intelligence services of hacking the collection of information from the Foreign Ministry and embassies of several countries in the European Union.
The CERT report says that many elements of this activity overlap or completely coincide with the activities of the group described in the past, which Microsoft calls NOBELIUM, and Mandiant – APT29.
Warsaw claims that the espionage group is linked to, among other things, a group called SOLARWINDS, SUNBURST, ENVYSCOUT and BOOMBOX tools, as well as some other intelligence companies. However, the actions discovered and described by CERT and SKW differ from the previous ones by the use of unique software. It is noted that new tools were used in parallel and independently of each other or sequentially, replacing old solutions.
According to CERT, in all observed cases, a phishing technique was used. Some employees of diplomatic missions received emails masquerading as embassies of European countries. Correspondence contained an invitation to a meeting or to collaborate on documents. Attached to the message was a link purporting to point to the ambassador’s calendar with meeting details or a downloadable file. In reality, the link activated the malware.
We add that Western countries have repeatedly accused the Russian Federation of interfering in internal affairs and cyberattacks. Russia denied all accusations. Moscow claims that Western countries have not provided any evidence.
Source: Rosbalt
Mario Twitchell is an accomplished author and journalist, known for his insightful and thought-provoking writing on a wide range of topics including general and opinion. He currently works as a writer at 247 news agency, where he has established himself as a respected voice in the industry.
