Skip to content
CybersecurityPoliticsTechnologyCrime-and-justiceWar-and-conflictsGeneral-news

Cybercriminals launch attacks on Ukrainian weapon manufacturers

Malicious cyber-attackers focus on Ukrainian weapons manufacturers

 and  Administrator
3 min read
Fancy Bear, the infamous Russian cybercriminal collective, launched attacks on defense contractors...
Fancy Bear, the infamous Russian cybercriminal collective, launched attacks on defense contractors providing armament to Ukraine. Visual reference available.

Breaking: Fancy Bear Hacks Arms Suppliers to Ukraine - Here's How to Stay Protected

Cybercriminals Strike Ukrainian Weapons Vendors - Cybercriminals launch attacks on Ukrainian weapon manufacturers

Get the lowdown on the latest cyberattacks from the infamous Russian hacker group, Fancy Bear, targeting arms suppliers to Ukraine. This intel comes from a recent report by Slovak security firm Eset from Bratislava. The attacks mainly hit manufacturers of Soviet-era weaponry in Bulgaria, Romania, and Ukraine, crucial for Ukraine's defense against Russia's invasion. But that's not all, arms factories in Africa and South America were also caught in the crossfire.

Fancy Bear, also known as Sednit or APT28, is infamous for their attacks on the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD headquarters (2023). These cyber-terrorists are thought to be working under Russian intelligence services' command, using cyberattacks as a tool for political influence and destabilization. They're also known for their disinformation campaigns against Western democracies.

The ongoing espionage campaign, named "Operation RoundPress," exploited vulnerabilities in popular webmail software like Roundcube, Zimbra, Horde, and MDaemon. Many of these weaknesses could have been eradicated through regular software maintenance. One instance involved attackers capitalizing on a previously unknown vulnerability in MDaemon that couldn't initially be patched, leaving several companies defenseless.

How'd they do it? Eset researchers reveal that the attacks began with manipulated emails camouflaged as news alerts, pretending to be from credible sources such as the Kyiv Post or the Bulgarian news portal News.bg. When you open these emails in your browser, a hidden malicious code executes - bypassing spam filters.

But what about two-factor authentication (2FA)? Eset researchers discovered the malicious software "SpyPress.MDAEMON." This crafty program can read login credentials, track emails, and even bypass 2FA in some cases, granting perpetual access to your mailboxes using application passwords.

Matthieu Faou, Eset researcher, shares his concerns, "Many companies still operate outdated webmail servers. Just viewing an email in the browser can trigger the execution of malicious code without the recipient actively clicking on anything."

Worried about landing in the crosshairs? Here are some steps to bolster your defenses:

  1. Regular Patches: Make sure you update your webmail software, and other systems, frequently to mitigate known vulnerabilities.
  2. Advanced Threat Detection: Implement advanced threat detection systems that can pick up on sophisticated spearphishing attacks and XSS exploits.
  3. Enhanced 2FA: While traditional 2FA can be bypassed in some attacks, consider using multi-factor authentication (MFA) with behavioral biometrics or U2F keys.
  4. Employee Education: Educate your employees on the risks of spearphishing emails and the importance of not clicking on suspicious links or downloading attachments from unknown sources.
  5. Email Content Inspection: Use tools to inspect email content for malicious code, such as JavaScript payloads that could exploit XSS vulnerabilities.
  6. Regular Security Audits: Run regular security audits to identify and address vulnerabilities in your webmail systems and other infrastructure.
  7. Incident Response Plan: Develop a solid incident response plan to tackle breaches swiftly when they occur.

And there's more:

  • Secure Webmail Solutions: Opt for webmail solutions that come equipped with security features against XSS attacks.
  • Limit Access: Implement least privilege access to minimize damage in case of a breach.
  • Monitor for Suspicious Activity: Keep an eye on your system logs for signs of suspicious activity that might indicate a breach.

By adopting these measures, you can significantly lower the chances of falling prey to complex cyberattacks like Operation RoundPress. Stay vigilant, and keep your defenses tight!

  1. Despite being infamous for attacking EC countries like Germany, the United States, and SPD headquarters, Fancy Bear's latest target is arms suppliers to Ukraine, a movement that is raising concerns in the realm of cybersecurity technology.
  2. In the ongoing Operation RoundPress, Fancy Bear is exploiting vulnerabilities in popular webmail software, a tactic that highlights the importance of employment policy in cybersecurity, especially in regular software maintenance.
  3. As Fancy Bear bypasses two-factor authentication and reads login credentials, the need for enhanced 2FA and employee education on spearphishing risks becomes a critical component of contemporary employment policy in the face of war-and-conflicts, crime-and-justice, general-news, and politics.

Read also:

    Related

    Latest