Summary: The French National Cybersecurity Agency (ANSSI) has published a report detailing a long-term cyber-espionage campaign by APT28, a Russian group targeting French institutions since 2021. These activities align with geopolitical tensions, notably Russia’s aggression against Ukraine. APT28 employs advanced tactics including phishing and exploiting vulnerabilities to exfiltrate data from various sectors.
Affected: French governmental entities, diplomatic institutions, research organizations, aerospace and defense sectors
Keypoints :
- APT28, linked to the Russian Federation, has a history of targeting military and government sectors since 2004.
- The group uses sophisticated methods including phishing, brute-force attacks, and exploiting known vulnerabilities like CVE-2023-23397.
- Recent campaigns have focused on rapid data exfiltration rather than maintaining long-term access to compromised systems.
- They leverage low-cost infrastructure and legitimate online resources, complicating detection efforts.
- Since 2021, their targets have included French ministerial bodies, local governments, and economic sectors.
- For 2024, the emphasis remains on governmental, diplomatic, and research entities, underscoring the persistent threat from nation-state actors.
Source: https://securityonline.info/apt28-cyber-espionage-campaign-targets-french-institutions-since-2021/