Security News > 2022 > December > Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
2022-12-07 11:58

A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier.

The cybersecurity firm said it discovered 38 domains, nine of which contained references to companies like UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability, and the Russian Ministry of Internal Affairs.

The development comes nearly four months after Microsoft disclosed that it took steps to disrupt phishing and credential theft attacks mounted by the group with the goal of breaching defense and intelligence consulting companies as well as NGOs, think tanks, and higher education entities in the U.K. and the U.S. Enterprise security company Proofpoint has further called out the group for its sophisticated impersonation tactics to deliver rogue phishing links.

The use of typosquatted Russian ministry domains further adds weight to Microsoft's assessment that SEABORGIUM targets former intelligence officials, experts in Russian affairs, and Russian citizens abroad. SEKOIA.IO also characterized the targeting of CIJA as an intelligence gathering mission designed to amass "War crime-related evidence and/or international justice procedures, likely to anticipate and build counter narrative on future accusations."

The disclosures arrive as threat intelligence firm Lupovis revealed that Russian threat actors have compromised the networks belonging to several companies in the U.K., the U.S., France, Brazil, South Africa, and are "Rerouting through their networks" to launch attacks against Ukraine.

Microsoft, in the meanwhile, has warned of "Potential Russian attack in the digital domain over the course of this winter," pointing out Moscow's "Multi-pronged hybrid technology approach" of conducting cyber strikes against civilian infrastructure and influence operations seeking to fuel discord in Europe.


News URL

https://thehackernews.com/2022/12/russian-hackers-spotted-targeting-us.html