“Malware targeting Polish government institutions was distributed this week by the APT28 hacker group, linked to Russia’s intelligence services,” NASK informs. The hostile activity was recorded and described by CERT Polska from NASK and the Ministry of National Defense.
The ATP28 hacker group is affiliated with the GRU. This is what the attack looked like
The APT28 group is associated with the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). The first element of the campaign conducted by APT28 is sending e-mails. Its content uses elements of social engineering that are intended to arouse the recipient’s interest and persuade him to click the link. The link directs you to the address in the run.mocky.io domain – it is a free website used by programmers. In this case, however, it was only used to redirect to another website – webhook.site, enabling logging all queries to the generated address and configuring responses to them. This website is also very popular among people related to IT.
The content encouraged people to click on a link to an external site and download alleged photos. To distract your attention, they were packed in a ZIP archive with compressed files whose name suggested that they were photos in JPG format. In fact, the files were simple programs containing commands for the victim’s computer and allowing for checking, among other things, the IP address. In this way, cybercriminals wanted to verify whether a given computer is attractive for further penetration. If confirmed, the running program allowed the hackers to execute other commands on the computer secretly and without the user’s knowledge.
“Using free, commonly used services instead of your own domains allows you to significantly reduce the detection of links as malicious, and at the same time reduces the costs of operations. This is a trend that we observe in many APT groups,” says CERT Polska.
Czechs and Germans also attacked by APT28
A few days ago, the Czech Ministry of Foreign Affairs summoned the Russian ambassador in connection with cyberattacks on state institutions and critical infrastructure. According to the Czech authorities, hackers associated with Russian military intelligence were behind them. “We have called on the Russian Federation to stop actions that are contrary to UN standards and its own obligations,” wrote the head of Czech diplomacy Jan Lipavský on Portal X.
His ministry reported that the Russian-controlled APT28 hacking group had been carrying out attacks since last year using a previously unknown vulnerability in Microsoft Outlook. Germany also reported attacks targeting government agencies and companies from the logistics and defense industries. The local Ministry of Foreign Affairs summoned the Russian chargé d’affaires.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
