Warning: Cyber Threat Alert: Fancy Bear Hackers Targeting Arms Suppliers to Ukraine
Cybercriminals Attack Ukraine's Arms Manufacturers - Cybercriminals Attack Arms Manufacturers in Ukraine
Here's the lowdown on the latest cybersecurity threat: the notorious hacker group Fancy Bear, also known as Sednit or APT28, has zeroed in on arms companies supplying weapons to Ukraine. According to a recent study by Slovakian security firm Eset, these attacks primarily affect manufacturers of Soviet-era weaponry in Bulgaria, Romania, and Ukraine, crucial players in Ukraine's defense against Russia's invasion. Other manufacturers in Africa and South America face similar threats.
Fancy Bear has a history of playing dirty, orchestrating attacks on the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD headquarters (2023). These hacker scoundrels represent a larger strategy by Russian intelligence services to exert political influence and destabilization through cyberattacks. Additionally, they're known for running targeted disinformation campaigns against Western democracies.
The current espionage campaign, "Operation RoundPress," finds these cyber ninjas exploiting vulnerabilities in widely-used webmail software, such as Roundcube, Zimbra, Horde, and MDaemon. Despite the fact that many of these vulnerabilities can be eliminated through proper software maintenance, some manufacturers remain defenseless, particularly against an undisclosed security flaw in MDaemon that couldn't initially be patched.
Taking the bait
The attacks commence with phishing attempts that disguise themselves as news alerts, seemingly legit sources like the Kyiv Post or the Bulgarian news portal News.bg serving as sending addresses. As soon as the email is opened in a web browser, hidden malware springs into action, bypassing spam filters undetected.
Zip up your two-factor authentication
Eset researchers have identified the malware "SpyPress.MDAEMON" in their analysis of these attacks. This snooping software can do more than just read login credentials and track emails—it can also bypass two-factor authentication (2FA). A second layer of protection for logging into online accounts or accessing sensitive data, 2FA requires an additional verification method along with a password. However, Fancy Bear hackers have found ways to bypass 2FA in several instances, gaining persistent access to mailboxes via application passwords.
Matthieu Faou, an Eset researcher, stated, "Many companies operate outdated webmail servers. Merely viewing an email in the web browser can trigger malware execution without the recipient even clicking on anything."
To defend against Fancy Bear hackers, especially when utilizing outdated webmail software and vulnerable email systems, companies can follow these proactive measures:
- Regularly update webmail software and use secure communication protocols (HTTPS) with email clients.
- Implement multi-factor authentication (MFA), maintain regular backups, use advanced threat detection tools, and segregate sensitive data.
- Educate employees on phishing awareness and safe email practices.
- transition to more secure email services and store sensitive data securely outside the email system where possible.
- Collaborate with cybersecurity experts for regular security audits, penetration testing, and incident response planning.
By implementing these protective measures, companies can better ward off the devious tactics employed by Fancy Bear hackers and other cyber threats, keeping their businesses—and the broader global community—safer in the digital jungle.
- Given the current cybersecurity threat from Fancy Bear, EC countries that have manufacturers producing Soviet-era weaponry should prioritize updating their webmail software and implementing multi-factor authentication (MFA) to protect against potential attacks, especially manufacturers in Bulgaria, Romania, and Ukraine.
- As Fancy Bear hackers have been known to bypass two-factor authentication (2FA) in several instances, it's crucial for technology companies to be aware of this vulnerability and educate their employees on safe email practices, such as recognizing phishing attempts and avoiding clicking on suspicious links, to minimize the risk of compromise.
