Russia's APT28 targets Ukraine government with bogus Windows updates

2023-05-02 06:37

The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.

Executing the command simulates a Windows update but actually downloads and executes a PowerShell script that collects basic system information about using such commands as "Tasklist" and "Systeminfo".

The notorious APT28 group has been around since 2008.

Two years later, the US and UK accused APT28 and another Russian-linked group, APT29 - or Cozy Bear - of trying to steal information about COVID-19 vaccines.

More recently, APT28 has been active in Ukraine on the cyber front of Russia's illegal invasion of its neighbor.

US and UK agencies said in an April 2023 joint statement APT28 exploited an older flaw in unpatched Cisco routers to steal network data from US and European governments as well as about 250 Ukrainian network devices.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/02/russia_apt28_ukraine_phishing/

#russia #ukraine #windows

News URL

Related news