Security News > 2023 > June > Russian APT28 hackers breach Ukrainian govt email servers

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities.

In these attacks, the cyber-espionage group leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails that would exploit Roundcube Webmail vulnerabilities to hack into unpatched servers.

After breaching the email servers, the Russian military intelligence hackers deployed malicious scripts that redirected the incoming emails of targeted individuals to an email address under the attackers' control.

"We identified BlueDelta activity highly likely targeting a regional Ukrainian prosecutor's office and a central Ukrainian executive authority, as well as reconnaissance activity involving additional Ukrainian government entities and an organization involved in Ukrainian military aircraft infrastructure upgrade and refurbishment," the Insikt Group said.

Notably, Recorded Future says this campaign overlaps with previous attacks linked to APT28 when they exploited a critical Microsoft Outlook zero-day vulnerability to target European organizations in attacks that also didn't require user interaction.

Google's Threat Analysis Group also recently revealed that roughly 60% of all phishing emails targeting Ukraine in the first quarter of 2023 were sent by Russian attackers, with the APT28 hacking group one of the major contributors to this malicious activity.

News URL

https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/