Fancy Bear sighted in Ukrainian in-boxes.
CERT-UA warns that APT28, the GRU operators familiarly often called Fancy Bear, have opened a renewed marketing campaign of exploitation towards techniques nonetheless weak to Follina, the Microsoft Microsoft Diagnostic Device vulnerability tracked as CVE-2022-30190. Fancy Bear is operating two distinct campaigns, Ukraine’s SSSCIP warns, each of which use phishing as their mode of entry. The phishbait appeals to 2 very totally different units of fears. The primary marketing campaign, which Malwarebytes has additionally described, counts on an e mail recipient’s worry of nuclear struggle (topical, given the continuing Russian nuclear saber-rattling described by the Telegram). The malicious doc, “Nuclear Terrorism A Very Actual Menace,” carries CredoMap malware as its payload, CERT-UA says. The opposite marketing campaign makes use of a extra proximate if much less existential dread to induce the recipient to click on: worry of the taxman. Anybody in wartime is likely to be forgiven an comprehensible lapse of reminiscence the place paying taxes is anxious. The phishbait pattern CERT-UA shares is sternly entitled “Imposition of penalties.” and the malicious doc carries a CobaltStrike beacon as its payload. The e-mail’s topic is “Discover of non-payment of tax.” The objective of each campaigns seems to be espionage, though it is price noting that CERT-UA sees the tax-themed marketing campaign as directed towards vital infrastructure.
Comments
0 comments