Security News > 2023 > June > Russian APT28 hackers breach Ukrainian govt email servers

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities.
In these attacks, the cyber-espionage group leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails that would exploit Roundcube Webmail vulnerabilities to hack into unpatched servers.
After breaching the email servers, the Russian military intelligence hackers deployed malicious scripts that redirected the incoming emails of targeted individuals to an email address under the attackers' control.
"We identified BlueDelta activity highly likely targeting a regional Ukrainian prosecutor's office and a central Ukrainian executive authority, as well as reconnaissance activity involving additional Ukrainian government entities and an organization involved in Ukrainian military aircraft infrastructure upgrade and refurbishment," the Insikt Group said.
Notably, Recorded Future says this campaign overlaps with previous attacks linked to APT28 when they exploited a critical Microsoft Outlook zero-day vulnerability to target European organizations in attacks that also didn't require user interaction.
Google's Threat Analysis Group also recently revealed that roughly 60% of all phishing emails targeting Ukraine in the first quarter of 2023 were sent by Russian attackers, with the APT28 hacking group one of the major contributors to this malicious activity.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Orange Group confirms breach after hacker leaks company documents (source)
- Rubrik rotates authentication keys after log server breach (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)