The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 03-23-2020, 08:03 AM
Boats's Avatar
Boats Boats is offline
Senior Member
 

Join Date: Jul 2002
Location: Chicago, IL
Posts: 15,552
Exclamation Russian State-Sponsored APT28 Conducting Cyber Espionage on Middle East Defence Firms

Russian State-Sponsored APT28 Conducting Cyber Espionage on Middle East Defence Firms
By: Cyware News - 03-23-20
Re: https://cyware.com/news/russian-stat...firms-8a2d858f

* Around 38 percent of the attacks targeted defense companies, banking, construction, and government bodies.

* APT28’s spam-sending tactics included the use of VPNs to try and hide their traces.

Researchers from a cybersecurity firm disclosed the details of the Russian state-backed hacking outfit known as APT28 or Fancy Bear, that has been scanning vulnerable email servers for more than a year.

What happened?

Security researchers found that the Russian hacking crew was targeting defense companies with Middle Eastern outposts since May last year.

* Around 38 percent of the attacks targeted defense companies, banking, construction, and government bodies.

* The list of victims also included a couple of private schools in France and the UK and even a kindergarten in Germany.

* The Fancy Bear group used credential-phishing tactics to further target and hack the email accounts for a higher strike rate.

Key findings:

Researchers found that the threat group was port-scanning mail servers such as Microsoft Exchange, via TCP ports 443 and 1433. They would expect to find vulnerable machines to exploit and further explore attack surfaces to support their ongoing campaign.

APT28’s spam-sending tactics included the use of VPNs to try and hide their traces. “Pawn Storm regularly uses the OpenVPN option of commercial VPN service providers to connect to a dedicated host that sends out spam. The dedicated spam-sending servers used particular domain names in the EHLO command of the SMTP sessions with the targets’ mail servers,” as mentioned in the report.

What to do?

The recommendations in such cases have always been straightforward, and most common.

* Stay vigilant to your infrastructure for any unusual, unauthorized access patterns.
* Always patch your systems as and when updates get released from vendors.
* Educate employees for not clicking on the links attached to unsolicited emails.

Closing lines:

Recently, Western governments also publicly called out the APT28 group for its attack campaigns against Georgia, a former Soviet republic. in recent years.
-----------------------------------------------------------------------------------------------------

Personal notes: Cyber warfare is more common than ever.

Boats
__________________
Boats

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

"IN GOD WE TRUST"
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 02:32 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.