Security News > 2023 > April > Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service, to widespread attacks targeting NATO and European Union countries.
The attackers have targeted diplomatic personnel using spear phishing emails impersonating European countries' embassies with links to malicious websites or attachments designed to deploy malware via ISO, IMG, and ZIP files.
APT29 is the Russian Foreign Intelligence Service hacking division which was also linked to the SolarWinds supply-chain attack that led to the compromise of multiple U.S. federal agencies three years ago.
Unit 42 has also observed the Brute Ratel adversarial attack simulation tool being used in attacks suspected to be linked to the Russian SVR cyber spies.
More recently, Microsoft reported that the APT29 hackers are using new malware capable of hijacking Active Directory Federation Services to log in as anyone in Windows systems.
They've also targeted Microsoft 365 accounts in NATO countries in attempts to access foreign policy information and orchestrated a wave of phishing campaigns targeting governments, embassies, and high-ranking officials across Europe.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Evil Corp's deep ties with Russia and NATO member attacks exposed (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)