Russian hackers are being blamed for an tried phishing assault in opposition to the Latvian Ministry of Defence.
Gamaredon, a Russian state-sponsored cyberespionage group, used a website title (admou[.]org) beforehand linked to the gang in previous attacks designed to steal data and acquire entry to networks run by Ukraine and its allies.
Researchers at French safety outfit Sekoia explained that the hackers despatched spear phishing emails to the Latvian MoD whereas posing as officers of the Ukrainian Ministry of Defence.
It seems that no less than one of many recipients was suspicious of the message and its attachment, because it was uploaded to the VirusTotal service for scanning.
Smuggled inside the e-mail attachment was malicious code which launched a sequence of processes, designed to assist hackers steal data from their meant targets inside Latvia’s Ministry of Defence.
As The Report describes, what made the investigation into the assault uncommon is that when the Gamaredon hacking group realised its assault was being investigated, it started to speak with the researchers:
A CERT-LV spokesperson instructed The Report that hackers despatched a meme depicting a Russian bear holding a paw on Ukraine, whereas the U.S. and EU attempt to comprise it.
FSB-linked Gamaredon (which is also referred to as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder) has been attacking organsiations exterior of Russia for no less than ten years.
Final 12 months, as an illustration, Gamaredon hackers reportedly tried to hack into a petroleum-refining company positioned in a NATO nation, and focused army and authorities establishments in Ukraine with boobytrapped Word documents.
The Latvian Ministry of Defence says that the tried phishing assault launched in opposition to it by the Gamaredon group was unsuccessful.
Latvia’s Laptop Emergency Readiness Group (CERT-LV) says that cyberattacks within the nation have risen 30% for the reason that begin of the warfare in Ukraine, with probably the most severe threats posed by pro-Russian hacktivists and Kremlin-backed hackers concentrating on important infrastructure, companies, and Latvia’s authorities.