Security News > 2022 > May > Russian hackers compromise embassy emails to target governments
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 targeting diplomats and government entities.
In a new campaign spotted by threat analysts at Mandiant, APT29 is targeting diplomats and various government agencies through multiple phishing campaigns.
The email used the HTML smuggling technique to deliver an IMG or ISO file to the recipient, a technique that APT29 has used numerous times in the past with great success, including in the SolarWinds attacks.
In later efforts, APT29 replaced BEATDROP with a new C++ BEACON loader based on Cobalt Strike that features higher-level capabilities.
After establishing a presence in an environment, APT29 escalates privileges in less than 12 hours, using various methods like writing files that contain Kerberos tickets.
No matter the persistent and tight tracking of APT29 by competent threat intelligence teams, the group remains a top-level espionage threat for high-interest targets.
News URL
Related news
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)