1. Forum
  2. FidoNet
  3. CONSPRCY

  • Russian GRU cracks open l

    From Mike Powell@1:2320/105 to All on Thu May 22 16:01:00 2025
    Russian GRU cracks open logistic companies to spy on Ukranian military aid

    Date:
    Thu, 22 May 2025 14:04:00 +0000

    Description:
    Fancy Bear has been targeting logistics companies since 2022

    FULL STORY

    Fancy Bear, the infamous Russian state-sponsored threat actor, has been
    spying on dozens of organizations from Western and NATO countries, monitoring foreign aid moving into Ukraine. This is according to a joint cybersecurity advisory [ PDF ], published by 21 government agencies from the US, UK,
    Canada, Germany, France, Czech Republic, Poland, Austria, Denmark, and the Netherlands.

    As per the report, Fancy Bear (also known as APT28) targeted logistics providers, technology companies, and government organizations involved in transporting aid to Ukraine.

    All transportation modes were covered, including air, sea, and rail, and the organizations spanned different industries, from defense, to transportation,
    to maritime and air traffic management, and ultimately - to IT services.

    Credential stuffing

    The targeted companies were operating in Bulgaria, Czech Republic, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia, Ukraine, and the United States. Whats more, the hackers were also monitoring CCTV cameras on border crossings for the same purpose.

    To gain initial access, APT28 relied on credential guessing and brute-force attacks. They also ran spearphishing campaigns, and took advantage of
    software vulnerabilities .

    By leveraging CVE-2023-23397, they targeted Microsoft Exchange, Roundcube Webmail , and WinRAR, allowing them to infiltrate the systems. Finally, they went for corporate VPNs and vulnerable SQL databases, and after compromising
    a network, moved laterally with tools such as PsExec and Impacket.

    The attackers manipulated email mailbox permissions, and used Tor and VPNs to remain hidden while keeping tabs on sensitive communication.

    The Russo-Ukrainian conflict demonstrated just how much warfare has changed
    in recent years. Besides the usual fronts - land, sea, and air, cyberspace
    has become a major battleground, with hackers and cybercriminals on both
    sides targeting sensitive information, and critical infrastructure.

    The attack should serve as a reminder that cyber-physical systems are now strategic targets for adversaries, commented Andrew Lintell, General Manager, EMEA, at Claroty. To combat this, organisations need full visibility into
    these environments and a risk-based approach to securing them. Many of these devices, such as security cameras, werent designed with modern threats in
    mind, so are increasingly vulnerable entry points.

    Via The Register

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-gru-cracks-open-logistic-compan ies-to-spy-on-ukranian-military-aid

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)