Russian Hackers Infiltrate Ukrainian Organizations via Spear-Phishing

The world is watching with bated breath as Russia lines up its army along the borders of Ukraine. Another less visible form of attack has been taking place off the public stage since October 2021. 

Microsoft’s Threat Intelligence Center (MTIC) and Digital Security Unit (DSU) has revealed that a hacking group linked to the Russian Federal Security Service (FSB), formerly known as the KGB, has been attempting to infiltrate Ukrainian government, defense and security agencies via phishing emails and malware. The group is known under various aliases such as Actinium, Gamaredon, Armageddon and Primitive Bear, and their activity against Ukraine has been detected as early as 2014. 

Focusing their efforts on evading anti-malware efforts and minimizing their presence via targeted spear-phishing, Actinium’s goal is to extract sensitive information, maintain remote access, and use their position to move laterally into associated organizations within Ukraine. 

One of their tricks, whilst not super-sophisticated, certainly preempts the issue of malware detection. They remotely deliver document templates and macro scripts only after making contact via the phishing email, thereby evading static anti-malware attachment scans. Actinium tracks who has opened the phishing emails, maintains that access, and then fully controls the time of delivery of malicious files. 

It’s worth noting, once again, that one of their more “successful” phishing emails has been under the guise of Covid-19 updates from the World Health Organization. 

Warnings to be vigilant towards Russian cyber attacks have been released from UK organization NCSC and The US’s CISA, FBI and NSA. Read CISA’s joint advisory on Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure (Alert AA22-011A) and follow their advice to keep your organization safe. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days