Security News
Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident Response Team and CERT Polska, Russian APT28 state hackers attacked multiple government institutions in a large-scale phishing campaign.
Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which acts as a conduit to launch Cobalt Strike Beacon and njRAT. "The attacks used a multistage infection chain initiated with malicious Microsoft Office documents, most commonly using Microsoft Excel and PowerPoint file formats," Cisco Talos researcher Vanja Svajcer said in a new report.
The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as GhostWriter. The Polish believe Russian hackers target their country due to the continued support they have provided Ukraine in the ongoing military conflict with Russia.
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The Microsoft Threat Intelligence Center is now tracking the threat actor under its element-themed moniker Iridium, citing overlaps with Sandworm.
Microsoft says new Prestige ransomware is being used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks. "This activity was not connected to any of the 94 currently active ransomware activity groups that Microsoft tracks. The Prestige ransomware had not been observed by Microsoft prior to this deployment," MSTIC added.
The name "Kaseya" has become one of the biggest words in ransomware infamy. Cybercriminals penetrated the IT management business Kaseya earlier this year and used the company's own remote management tools to wreak simultaneous ransomware havoc across its customer base.
A recent "Large scale" cyberattack targeting top Polish politicians was launched from Russia, Jaroslaw Kaczynski, the leader of Poland's governing right-wing party, said on Friday. "Analyses by our services and the secret services of our allies allow us to unequivocally say that the cyberattack was carried out from the territory of the Russian Federation," Kaczynski said in a statement.
Poland's deputy prime minister Jaros?aw Kaczy?ski says last week's breach of multiple Polish officials' private email accounts was carried out from servers within the Russian Federation. "After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers, and deputies of various political options were subject to a cyber attack," Kaczy?ski said in a statement published today.
Poland's parliament said it will hold a closed-door session Wednesday to discuss a wave of cyber attacks against the EU member that the government called "Unprecedented". Morawiecki, who had requested the session, plans to present secret documents concerning the "Wide scale" of the attacks, according to government spokesman Piotr Muller.
NATO member Poland will launch a cyberspace defense force by 2024 made up of around 2,000 soldiers qualified in cybersecurity, the defense minister said on Thursday after formally approving it. read more