- Since 2022, Fancy Bear was aimed at logistics organizations in the West
- The objective was to monitor foreign aid to Ukraine.
- CCTV cameras were also monitored at border crossings.
Fancy Bear, the infamous actor of threats sponsored by the Russian State, has been spying on “dozen” of organizations from Western countries and NATO, monitoring the foreign aid that moves to Ukraine. This is in accordance with a joint cybersecurity notice [PDF]Published by 21 government agencies of the United States, the United Kingdom, Canada, Germany, France, Czech Republic, Poland, Austria, Denmark and the Netherlands.
According to the report, Fancy Bear (also known as APT28) was addressed to logistics suppliers, technology companies and government organizations involved in the transport of help to Ukraine.
All transport modes were covered, including air, sea and rail, and organizations covered different industries, from defense, to transport, maritime and air traffic management, and ultimately, to IT services.
Filling of credentials
Objective companies operated in Bulgaria, Czech Republic, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia, Ukraine and the United States. In addition, the hackers were also monitoring the CCTV cameras in border crossings for the same purpose.
To obtain initial access, APT28 was based on credentials and brute force attacks. They also conducted Spearphishing campaigns and took advantage of software vulnerabilities.
By taking advantage of CVE-2023-23397, they went to Microsoft Exchange, Roundcube Webmail and Winrar, allowing them to infiltrate the systems. Finally, they were for corporate VPNs and vulnerable SQL databases, and after compromising a network, they moved laterally with tools such as Psexec and Implet.
The attackers manipulated the email mailbox permits, and used Tor and VPN to remain hidden while maintaining eyelashes in sensitive communication.
The Russian-Ukrainian conflict demonstrated how much war has changed in recent years. In addition to the usual fronts: land, sea and air, cyberspace has become an important battlefield, with computer and cybercriminal pirates on both sides aimed at confidential information and critical infrastructure.
The attack should “serve as a reminder that cybernetic systems are now strategic objectives for adversaries,” said Andrew Lentell, general manager of EMEA, in Clarooty. “To combat this, organizations need total visibility in these environments and a risk -based approach to ensure. Many of these devices, such as security cameras, were not designed with modern threats in mind, so they are increasingly vulnerable entry points.”
Through The registration
