Russian military hackers target Ukraine with new MASEPIE malware

Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored threat actor known for targeting government entities, businesses, universities, research institutes, and think tanks in Western countries and NATO orgs.
The hacking group is known to employ phishing campaigns and exploit zero-day vulnerabilities in widely used software.
The latest campaign targeting Ukraine took place between December 15 and 25, 2023, utilizing phishing emails urging recipients to click on a link supposedly to view an important document.
The links redirect victims to malicious web resources that employ JavaScript to drop a Windows shortcut file that launches PowerShell commands to trigger an infection chain for a new Python malware downloader called 'MASEPIE.'.
MASEPIE establishes persistence on the infected device by modifying the Windows Registry and adding a deceptively named LNK file to the Windows Startup folder.
CERT-UA says the malware's primary role is to download additional malware on the infected device and steal data.
The Ukrainian CERT says APT28 also uses a set of PowerShell scripts named 'STEELHOOK' to steal data from Chrome-based web browsers, likely to extract sensitive information like passwords, authentication cookies, and browsing history.
Another tool used as part of the attack is the 'OCEANMAP,' a C# backdoor used primarily for executing base64-encoded commands via cmd.
OCEANMAP establishes persistence on the system by creating a.URL file named 'VMSearch.
OCEANMAP uses the Internet Message Access Protocol as a control channel to receive commands discreetly that are unlikely to raise alarms, storing them as email drafts containing the command, username, and OS version.
After executing the commands, OCEANMAP stores the results in the inbox directory, allowing APT28 to stealthily retrieve the outcomes and adjust their attack if needed.
Other tools deployed in the attacks for network reconnaissance and lateral movement include IMPACKET, a collection of Python classes for working with network protocols, and SMBEXEC, which enables remote command execution.
Ukraine's CERT says these tools are deployed in compromised systems within an hour from the initial compromise, indicating a rapid and well-coordinated attack.
Ukrainian military says it hacked Russia's federal tax agency.
Russian military hackers target NATO fast reaction corps.
UK and allies expose Russian FSB hacking group, sanction members.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 28 Dec 2023 17:45:48 +0000


Cyber News related to Russian military hackers target Ukraine with new MASEPIE malware

Exclusive: Ukraine says joint mission with US derailed Moscow's cyberattacks - On a Wednesday afternoon in late September, the head of the cyber division of Ukraine's intelligence service, Illia Vitiuk, sat down to discuss something that Ukraine had previously kept close to the vest - specifically how much a joint hunt forward ...
1 year ago Therecord.media
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
11 months ago Bleepingcomputer.com
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
10 months ago Bleepingcomputer.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
11 months ago Bleepingcomputer.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
11 months ago Bleepingcomputer.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
9 months ago Bleepingcomputer.com
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack - A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications ...
10 months ago Bleepingcomputer.com
Ukraine: Hack wiped 2 petabytes of data from Russian research center - Planeta is a state research center using space satellite data and ground sources like radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme phenomena, and volcanic monitoring. The ...
10 months ago Bleepingcomputer.com
Russia Set to Ramp Up Attacks on Ukraine's Allies This Winter - Russia is set to ramp up cyber campaigns targeting Ukraine's allies as kinetic warfare slows this winter, according to a report by Cyjax. Researchers noted that Russia's missile production is struggling to keep pace with its tactical, operational and ...
11 months ago Infosecurity-magazine.com
Ukrainian hackers disrupt internet providers in Russia-occupied territories - Ukrainian hackers have temporarily disabled internet services in parts of the country's territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service attack ...
1 year ago Therecord.media
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Ukraine Military Targeted With Russian APT PowerShell Attack - A sophisticated Russian advanced persistent threat has launched a targeted PowerShell attack campaign against the Ukrainian military. The attack is most likely perpetrated by malicious threat actors related to Shuckworm, a group with a history of ...
10 months ago Darkreading.com
Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
10 months ago Darkreading.com
New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
1 year ago Thehackernews.com
Ukraine security services involved in hack of Russia's largest private bank - Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, ...
1 year ago Therecord.media
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group - The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, ...
1 year ago Therecord.media
Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
1 month ago Darkreading.com
Monthly Overview of Global Threats Involving IronNet - At the beginning of each month, we will be releasing blogs that analyze the intersection of geopolitical activity and cyber operations. We will be focusing on the strategies and motivations of Russia, China, Iran, and North Korea that could be a ...
1 year ago Ironnet.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com
Ukraine says Russia hacked web cameras to spy on targets in Kyiv - Ukraine's security officers said they took down two online surveillance cameras that were allegedly hacked by Russia to spy on air defense forces and critical infrastructure in Ukraine's capital, Kyiv. The cameras were installed on residential ...
11 months ago Therecord.media
Feds arrest Russians accused of tech smuggling operation The Register - Three Russian nationals were arrested in New York yesterday on charges of moving electronics components worth millions to sanctioned entities in Russia, pieces of which were later recovered on battlefields in Ukraine. Nikolay Goltsev, a ...
1 year ago Theregister.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
9 months ago Securityboulevard.com
Russian Cyber Offensive Shifts Focus to Ukraine's Military Infrastructure - According to the SSSCIP’s “Russian Cyber Operations (H1 2024)” report, cyber attacks targeting Ukraine’s defence industries more than doubled from 111 to 276 from the latter half of 2023 to the former half of 2024. Recent ...
2 months ago Hackread.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
10 months ago Securityintelligence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)