Russian state-sponsored hackers have targeted Polish government institutions in a recent espionage campaign, according to a new report.
Poland's computer emergency response team, CERT-PL, said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia's military intelligence agency, the GRU. Last week, several NATO countries accused the Kremlin of conducting a series of cyberattacks on their critical infrastructure.
Germany, in particular, attributed an attack against its Social Democratic Party to APT28.
The same threat actor also targeted government services, critical infrastructure operators, and other entities across NATO, including in Lithuania, Slovakia and Sweden.
The hackers then tricked recipients into downloading a malicious archive containing a photo of a woman in a swimsuit, along with links to her alleged social media accounts.
The hackers' script saves the downloaded file with the.
Jpg extension on disk, then changes the extension from.
The likely goal of this campaign, researchers said, is to collect information about the infected computers, including IP addresses and lists of files in selected folders, and then send them to the hackers' servers.
Russia hasn't responded yet to the claims made by Polish officials regarding the attack.
In response to alleged Moscow-backed cyberattacks targeting the country's defense, aerospace, and IT companies, Germany has recalled its ambassador to Russia to Berlin for consultations.
Czechia has also announced this week that it will summon the Russian ambassador over 'cyberattacks against Czech institutions and critical infrastructure.
With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge.
Canadian province's networks hit by 'sophisticated cybersecurity incidents'.
Is a reporter for Recorded Future News based in Ukraine.
She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia.
She previously was a tech reporter for Forbes Ukraine.
Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
This Cyber News was published on therecord.media. Publication date: Thu, 09 May 2024 15:13:05 +0000