1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Russian GRU cracks open logistic companies to spy on Ukranian mil

    From TechnologyDaily@1337:1/100 to All on Thursday, May 22, 2025 15:15:08
    Russian GRU cracks open logistic companies to spy on Ukranian military aid

    Date:
    Thu, 22 May 2025 14:04:00 +0000

    Description:
    Fancy Bear has been targeting logistics companies since 2022

    FULL STORY ======================================================================Since 2022, Fancy Bear was targeting logistics organizations in the west The goal was to monitor foreign aid coming to Ukraine CCTV cameras at border crossings were monitored, as well

    Fancy Bear, the infamous Russian state-sponsored threat actor, has been
    spying on dozens of organizations from Western and NATO countries, monitoring foreign aid moving into Ukraine. This is according to a joint cybersecurity advisory [ PDF ], published by 21 government agencies from the US, UK,
    Canada, Germany, France, Czech Republic, Poland, Austria, Denmark, and the Netherlands.

    As per the report, Fancy Bear (also known as APT28) targeted logistics providers, technology companies, and government organizations involved in transporting aid to Ukraine.

    All transportation modes were covered, including air, sea, and rail, and the organizations spanned different industries, from defense, to transportation, to maritime and air traffic management, and ultimately - to IT services.

    60% off for Techradar readers

    With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus.

    Preferred partner ( What does this mean? ) View Deal Credential stuffing

    The targeted companies were operating in Bulgaria, Czech Republic, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia, Ukraine, and the United States. Whats more, the hackers were also monitoring CCTV cameras on border crossings for the same purpose.

    To gain initial access, APT28 relied on credential guessing and brute-force attacks. They also ran spearphishing campaigns, and took advantage of
    software vulnerabilities .

    By leveraging CVE-2023-23397, they targeted Microsoft Exchange, Roundcube Webmail , and WinRAR, allowing them to infiltrate the systems. Finally, they went for corporate VPNs and vulnerable SQL databases, and after compromising
    a network, moved laterally with tools such as PsExec and Impacket.

    The attackers manipulated email mailbox permissions, and used Tor and VPNs to remain hidden while keeping tabs on sensitive communication.

    The Russo-Ukrainian conflict demonstrated just how much warfare has changed
    in recent years. Besides the usual fronts - land, sea, and air, cyberspace
    has become a major battleground, with hackers and cybercriminals on both
    sides targeting sensitive information, and critical infrastructure.

    The attack should serve as a reminder that cyber-physical systems are now strategic targets for adversaries, commented Andrew Lintell, General Manager, EMEA, at Claroty. To combat this, organisations need full visibility into these environments and a risk-based approach to securing them. Many of these devices, such as security cameras, werent designed with modern threats in mind, so are increasingly vulnerable entry points.

    Via The Register You might also like Russian hackers are attacking innocent companies to get access to their neighbors Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-gru-cracks-open-logistic-compan ies-to-spy-on-ukranian-military-aid


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)