The Military Counterintelligence Service and the CERT Polska team (CSIRT NASK) have revealed a wide-ranging spying campaign, probably the responsibility of the Russian special services. they try to obtain information from ministries of foreign affairs and diplomatic missions, mainly from countries and the EU, but also to a lesser extent from Africa. They use a tactic called spear phishing.
Russian hackers attack diplomats
Employees of diplomatic posts are sent e-mails in which hackers impersonate embassies of European countries. They propose a meeting or cooperation on documents. Together with the e-mail, a PDF file is sent, which supposedly directs to the ambassador’s calendar, meeting details or to a downloadable file. This is, of course, a fabricated link that, when clicked, downloads a spyware file. The tools used make it difficult to detect, e.g. because they do not leave mark-of-the-web, which means that the user will not be warned that the files have been downloaded. In addition, the software installation files themselves were hidden so that they looked like a regular document, e.g. many spaces were put in the file name to hide the .exe extension assigned to the installation files.
Russian hackers tricks to install spyware photo: CERT Polska
The Poles neutralized the hackers’ tools
hackers used SNOWYAMBER, HALFRIF and QUARTERIG tools. Previously, these tools in their modified versions were not publicly described. Now, however, the CERT Polska team performed this task, and thus rendered them harmless and prevented further attacks. In this way, the Poles “burned” the Russians’ toys. Hackers will not be able to use the tools mentioned above, because “every antivirus, various EDR solutions and other tools for protecting the network against malware have just started to be detected.” SKW and CERT Polska strongly recommend taking appropriate steps, which are described under . Such actions should in particular be considered by: government entities; diplomatic entities, ministries of foreign affairs, embassies, diplomatic and international personnel; international organizations and non-governmental organizations.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
