Security News > 2022 > June > Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine
The Computer Emergency Response Team of Ukraine has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware.
Attributing the intrusions to a Russian nation-state group tracked as APT28, the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap.
NET-based credential stealer that Google Threat Analysis Group divulged last month as having been deployed against users in Ukraine.
The malware's main purpose is to siphon data, including passwords and saved cookies, from several popular browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox.
"The target, and the involvement of APT28, a division of Russian military intelligence), suggests that campaign is a part of the conflict in Ukraine, or at the very least linked to the foreign policy and military objectives of the Russian state."
The development comes as Ukraine continues to be a target for cyberattacks amidst the country's ongoing war with Russia, with Armageddon hackers also spotted distributing the GammaLoad.PS1 v2 malware in May 2022.
News URL
https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html
Related news
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Ukraine arrests hackers trying to sell 100 million stolen accounts (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)