Security News > 2023 > October > France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
The Russian hackers have been compromising peripheral devices on critical networks of French organizations and moving away from utilizing backdoors to evade detection.
ANSSI has mapped the TTPs of APT28, reporting that the threat group uses brute-forcing and leaked databases containing credentials to breach accounts and Ubiquiti routers on targeted networks.
ANSSI has observed the threat actors retrieving authentication information using native utilities and stealing emails containing sensitive information and correspondence.
Finally, ANSSI has seen evidence that the attackers collect data using the CredoMap implant, which targets information stored in the victim's web browser, such as authentication cookies.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
News URL
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)