- Since 2022, Fancy Bear has been targeting logistics organizations in the West
- The objective was to monitor foreign aid to come in Ukraine
- Video surveillance cameras at border passages have also been monitored
Fancy Bear, the infamous actor of threat sponsored by the Russian state, spied on “dozens” of organizations from Western and NATO countries, monitoring foreign aid that settles in Ukraine. It is according to a joint cybersecurity opinion [PDF]Published by 21 government agencies in the United States, the United Kingdom, Canada, Germany, France, the Czech Republic, Poland, Austria, Denmark and the Netherlands.
According to the report, Fancy Bear (also known as Apt28) has targeted logistics suppliers, technological companies and government organizations involved in the transport of assistance in Ukraine.
All modes of transport have been covered, including air, sea and rail, and organizations have lasted various industries, from defense to transport, maritime management and air traffic, and finally – to IT services.
Farce of identification information
The targeted companies operated in Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine and the United States. In addition, the pirates also monitored video surveillance cameras on border passages for the same purpose.
To obtain initial access, APT28 relied on identification outlines and brute force attacks. They also launched spy campaigns and took advantage of software vulnerabilities.
By taking advantage of the CVE-2023-23397, they targeted Microsoft Exchange, RoundCube Webmail and Winrar, allowing them to infiltrate the systems. Finally, they opted for corporate VPNs and vulnerable SQL databases, and after having compromised a network, moved laterally with tools such as PSEXEC and impact.
The attackers manipulated the messaging mailbox authorizations and used Tor and the VPNs to stay hidden while keeping an eye on sensitive communication.
The Russian-Ukrainian conflict has shown how much war has changed in recent years. In addition to the usual fronts – land, sea and air, cyberspace has become a major battlefield, with pirates and cybercriminals on both sides targeting sensitive information and critical infrastructure.
The attack should “recall that cyber-physical systems are now strategic objectives for opponents,” said Andrew Lintell, Managing Director, EMEA, at Claroty. “To fight against this, organizations need full visibility in these environments and a risk -based approach to secure them. Many of these devices, such as security cameras, were not designed with modern threats to mind, it is the same more and more entry points. ”
Via The register
