Security News > 2024 > August > APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure
2024-08-02 16:16

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.

"The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422.

It's worth noting that car-for-sale phishing lure themes have been previously put to use by a different Russian nation-state group called APT29 since July 2023, indicating that APT28 is repurposing successful tactics for its own campaigns.

Earlier this May, the threat actor was implicated in a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages.

"While the infrastructure used by Fighting Ursa varies for different attack campaigns, the group frequently relies on these freely available services," Unit 42 said.

"Furthermore, the tactics from this campaign fit with previously documented Fighting Ursa campaigns, and the HeadLace backdoor is exclusive to this threat actor."


News URL

https://thehackernews.com/2024/08/apt28-targets-diplomats-with-headlace.html