Security News > 2023 > April > Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service, to widespread attacks targeting NATO and European Union countries.
The attackers have targeted diplomatic personnel using spear phishing emails impersonating European countries' embassies with links to malicious websites or attachments designed to deploy malware via ISO, IMG, and ZIP files.
APT29 is the Russian Foreign Intelligence Service hacking division which was also linked to the SolarWinds supply-chain attack that led to the compromise of multiple U.S. federal agencies three years ago.
Unit 42 has also observed the Brute Ratel adversarial attack simulation tool being used in attacks suspected to be linked to the Russian SVR cyber spies.
More recently, Microsoft reported that the APT29 hackers are using new malware capable of hijacking Active Directory Federation Services to log in as anyone in Windows systems.
They've also targeted Microsoft 365 accounts in NATO countries in attempts to access foreign policy information and orchestrated a wave of phishing campaigns targeting governments, embassies, and high-ranking officials across Europe.
News URL
Related news
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)