Security News > 2022 > May > Russian hackers compromise embassy emails to target governments
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 targeting diplomats and government entities.
In a new campaign spotted by threat analysts at Mandiant, APT29 is targeting diplomats and various government agencies through multiple phishing campaigns.
The email used the HTML smuggling technique to deliver an IMG or ISO file to the recipient, a technique that APT29 has used numerous times in the past with great success, including in the SolarWinds attacks.
In later efforts, APT29 replaced BEATDROP with a new C++ BEACON loader based on Cobalt Strike that features higher-level capabilities.
After establishing a presence in an environment, APT29 escalates privileges in less than 12 hours, using various methods like writing files that contain Kerberos tickets.
No matter the persistent and tight tracking of APT29 by competent threat intelligence teams, the group remains a top-level espionage threat for high-interest targets.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)