Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group

The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, pretending to be Ukrainian government officials. The attempted cyberattack was unsuccessful, the ministry added. The sample of the malicious email was first shared on Twitter by French cybersecurity company Sekoia.io this week. The company obtained it from VirusTotal, a Google-owned service that analyzes suspicious files, where one of the targeted users may have downloaded it to verify its sender, according to Sekoia threat intelligence researcher Felix Aime. Researchers attributed this phishing campaign to Gamaredon because the hackers used the same domain as previous cyberattacks, Aime said. Earlier in December, the cybersecurity company Unit 42 also linked this domain to Gamaredon. A spokesperson for Latvia's Ministry of Defense confirmed that the latest attack was "Most likely" linked to Gamaredon, although the investigation is still ongoing. According to the Latvian computer emergency response team, CERT-LV, the attack was "Unusual" because the Russian hackers communicated with researchers in the final stages of the attack when they learned they were being investigated. A CERT-LV spokesperson told The Record that hackers sent a meme depicting a Russian bear holding a paw on Ukraine, while the U.S. and EU try to contain it. Hacker groups tied to the Russian government, including Gamaredon, have targeted Latvian organizations for several years, but their activity rapidly increased since the start of the war in Ukraine. Most cyberattacks by pro-Russian hackers "Achieve nothing more than publicity," Varis Teivans, the deputy manager of CERT-LV told The Record in an interview in October. Latvia has supported Ukraine since the beginning of the war, providing weapons, humanitarian aid and shelter for Ukrainian refugees. Other Ukrainian allies, especially former Soviet Union members including Estonia and Lithuania, are also reporting an increase in cyberattacks. Ukraine's CERT told The Record that Gamaredon is responsible for the largest number of cyberattacks on Ukraine. "Not a week went by that we didn't detect some new mass phishing email campaign with Gamaredon malware," a CERT-UA spokesperson said. In 2022, Ukraine registered more than 70 incidents related to this group, according to CERT-UA. Ukraine claims that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine. Ukrainian cybersecurity officials described Gamaredon's attacks as intrusive and audacious, and said the group's main purpose was "To conduct targeted cyberintelligence operations."

This Cyber News was published on therecord.media. Publication date: Mon, 30 Jan 2023 01:58:03 +0000


Cyber News related to Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group

Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group - The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, ...
1 year ago Therecord.media
Encouraging Ethical Hacking Skills in Students - This article delves into the significance of encouraging ethical hacking skills in students and the numerous benefits it offers to individuals and society as a whole. Possessing ethical hacking skills can provide students with a competitive advantage ...
11 months ago Securityzap.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
9 months ago Techrepublic.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
10 months ago Helpnetsecurity.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 month ago Securelist.com
Critics of Putin and his allies targeted with spyware inside the EU - At least seven journalists and activists who have been vocal critics of the Kremlin and its allies have been targeted inside the EU by a state using Pegasus, the hacking spyware made by Israel's NSO Group, according to a new report by security ...
5 months ago Packetstormsecurity.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
11 months ago Bleepingcomputer.com
Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
11 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
10 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
10 months ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
9 months ago Gbhackers.com
UK and allies expose Russian FSB hacking group, sanction members - Callisto is an advanced persistent threat actor that has been active since late 2015 and has been attributed to Russia's 'Centre 18' division of the Federal Security Service. Last year, Microsoft's threat analysts disrupted a group's attack targeting ...
11 months ago Bleepingcomputer.com
Ukrainian activists hack Trigona ransomware gang, wipe servers - A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. The Ukrainian Cyber Alliance fighters say they exfiltrated ...
11 months ago Bleepingcomputer.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
11 months ago Bleepingcomputer.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
8 months ago Apnews.com
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including ...
11 months ago Bbc.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
11 months ago Bleepingcomputer.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
8 months ago Cyberdefensemagazine.com
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks. The Kazuar backdoor was used by the Russian hacking group Turla to target the Ukrainian defense sector in July 2023, the ...
11 months ago Infosecurity-magazine.com
Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure - Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. "Between ...
1 month ago Bleepingcomputer.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
6 months ago Hackread.com
The release of 128 GB of information from a Russian internet service provider Convex by an unknown source - Caxxii, an affiliate of the hacktivist group Anonymous, has released a large amount of data that reveals the Russian government's illegal surveillance tactics to spy on its citizens. The 128 gigabytes of data was taken from Convex, a leading Russian ...
1 year ago Hackread.com
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)