Russian hackers breach orgs to track aid routes to Ukraine

A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States. Additionally, the hackers have been tracking the movement of materials into Ukraine by compromising access to private cameras installed in key locations (e.g. border crossings, military installations, rail stations). A joint advisory from 21 intelligence and cybersecurity agencies in nearly a dozen countries shares the tactics, techniques, and procedures that APT28 (the Russian GRU 85th GTsSS, military unit 26165) used in attacks. Mixing TTPs for stealthy intrusions The report notes that since 2022, the Russian APT28 threat actor has employed tactics like password spraying, spear-phishing, and Microsoft Exchange v ... Read full article.