Security News > 2023 > October > France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
The Russian hackers have been compromising peripheral devices on critical networks of French organizations and moving away from utilizing backdoors to evade detection.
ANSSI has mapped the TTPs of APT28, reporting that the threat group uses brute-forcing and leaked databases containing credentials to breach accounts and Ubiquiti routers on targeted networks.
ANSSI has observed the threat actors retrieving authentication information using native utilities and stealing emails containing sensitive information and correspondence.
Finally, ANSSI has seen evidence that the attackers collect data using the CredoMap implant, which targets information stored in the victim's web browser, such as authentication cookies.
Lazarus hackers breach aerospace firm with new LightlessCan malware.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)