Security News > 2022 > May > Russian hackers compromise embassy emails to target governments
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 targeting diplomats and government entities.
In a new campaign spotted by threat analysts at Mandiant, APT29 is targeting diplomats and various government agencies through multiple phishing campaigns.
The email used the HTML smuggling technique to deliver an IMG or ISO file to the recipient, a technique that APT29 has used numerous times in the past with great success, including in the SolarWinds attacks.
In later efforts, APT29 replaced BEATDROP with a new C++ BEACON loader based on Cobalt Strike that features higher-level capabilities.
After establishing a presence in an environment, APT29 escalates privileges in less than 12 hours, using various methods like writing files that contain Kerberos tickets.
No matter the persistent and tight tracking of APT29 by competent threat intelligence teams, the group remains a top-level espionage threat for high-interest targets.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)