Security News > 2022 > January > Hackers take over diplomat's email, target Russian deputy minister
One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America.
The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool associated with the cyber activity from North Korean hackers known as APT37.
Cybersecurity firm Cluster25 last week published research about a phishing campaign towards the end of December 2021 that delivered Konni RAT to individuals in the Russian diplomatic apparatus.
The researchers found that the hackers used the New Year theme as a decoy in emails to staff at the Russian embassy in Indonesia.
The recipients of the malicious messages were the Russian embassy in Indonesia and Russian politician Sergey Alexeyevich Ryabkov, currently serving as Deputy Foreign Minister.
Black Lotus Labs researchers say that this was a highly targeted campaign that "Downloaded a first-stage agent which is nearly identical to the agent" discovered by Malwarebytes in a Konni attack against Russian targets.
News URL
Related news
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)
- New Russian cyber-spy crew Laundry Bear joins the email-stealing pack (source)