Security News > 2022 > December > Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier.
The cybersecurity firm said it discovered 38 domains, nine of which contained references to companies like UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability, and the Russian Ministry of Internal Affairs.
The development comes nearly four months after Microsoft disclosed that it took steps to disrupt phishing and credential theft attacks mounted by the group with the goal of breaching defense and intelligence consulting companies as well as NGOs, think tanks, and higher education entities in the U.K. and the U.S. Enterprise security company Proofpoint has further called out the group for its sophisticated impersonation tactics to deliver rogue phishing links.
The use of typosquatted Russian ministry domains further adds weight to Microsoft's assessment that SEABORGIUM targets former intelligence officials, experts in Russian affairs, and Russian citizens abroad. SEKOIA.IO also characterized the targeting of CIJA as an intelligence gathering mission designed to amass "War crime-related evidence and/or international justice procedures, likely to anticipate and build counter narrative on future accusations."
The disclosures arrive as threat intelligence firm Lupovis revealed that Russian threat actors have compromised the networks belonging to several companies in the U.K., the U.S., France, Brazil, South Africa, and are "Rerouting through their networks" to launch attacks against Ukraine.
Microsoft, in the meanwhile, has warned of "Potential Russian attack in the digital domain over the course of this winter," pointing out Moscow's "Multi-pronged hybrid technology approach" of conducting cyber strikes against civilian infrastructure and influence operations seeking to fuel discord in Europe.
News URL
https://thehackernews.com/2022/12/russian-hackers-spotted-targeting-us.html
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)