Security News > 2023 > September > Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure
The Computer Emergency Response Team of Ukraine on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country.
"Visiting the link will download a ZIP archive containing three JPG images and a BAT file 'weblinks.cmd' to the victim's computer," CERT-UA said, attributing it to the Russian threat actor known as APT28.
"When a CMD file is run, several decoy web pages will be opened,.bat and.vbs files will be created, and a VBS file will be launched, which in turn will execute the BAT file."
The next phase of the attack involves running the "Whoami" command on the compromised host and exfiltrating the information, alongside downloading the TOR hidden service to route malicious traffic.
Site, which was recently disclosed as used by a threat actor known as Dark Pink.
Discover how Identity Threat Detection & Response identifies and mitigates threats with the help of SSPM. Learn how to secure your corporate SaaS applications and protect your data, even after a breach.
News URL
https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html
Related news
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Lynx ransomware behind Electrica energy supplier cyberattack (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Why cybersecurity is critical to energy modernization (source)