430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Espionage campaign hit embassies of former Soviet states

Security experts at Symantec detected a large-scale cyber espionage campaign which hit personnel at embassies of former Soviet states. Security researchers at Symantec discovered a large-scale cyber attack which is targeting embassies of former soviet states worldwide. The experts detected a huge cyber attack that has been carried out across more than 15 countries, the […]

Espionage campaign hit embassies of former Soviet states

Security experts at Symantec detected a large-scale cyber espionage campaign which hit personnel at embassies of former Soviet states.

Security researchers at Symantec discovered a large-scale cyber attack which is targeting embassies of former soviet states worldwide. The experts detected a huge cyber attack that has been carried out across more than 15 countries, the embassies in France, Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, Germany and other countries have been targeted by hackers. In time I’m writing, there aren’t further news on the specific state embassies targeted.

In cases like this, the first thought is that the operations are conducted by state-sponsored hackers, the bad actors used a couple of known malware in the attacks, named Wipbot and Tavdig, to infect systems in the targeted embassies probably for cyber espionage.

According to the researchers the attackers used a watering hole technique to infect victims at the embassies, it is likely that bad actors compromised websites visited by embassy personnel, it has been estimated that at least 84 websites have been hacked with this intent.

Watering hole attacks are very difficult to be detected and allow attackers to infect only the targeted communities of users.

The researchers speculated that the malware detected could have been used by bad actors in a first stage of the attack, in successive stages more complex malware (like Turla, Uroboros, Snake and Carbon) would then be spread.

turla

” It appears that this combination of malware has been used for classic espionage-type operations for at least four years. Because of the targets chosen and the advanced nature of the malware used, Symantec believes that a state-sponsored group was behind these attacks.” states Symantec.

Some experts believe that the US is the State behind the attacks, but the analysis of the source of the hacking has been traced back to the UTC +4 timezone, which includes Moscow.

“In one instance, the malware delivered was disguised as a Shockwave installer bundle,” “”Wipbot was then used to gather further information about the infected computer.”

“If the attackers deemed the victim of interest, it appears likely that a second back door trojan with far greater capabilities was downloaded on to the victim’s computer.” said a Symnatec researcher in a statement. 

Victims of the attacks were being redirected to Web servers where a ‘fingerprinting’ script was executed to gather identifying information about the visitor’s PC. The bad actors in this phase were collecting data which would be used to choose the best exploits to compromise the targeted machine.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Turla APT group, cyber espionage)