Fancy Bear (APT28) has been actively targeting Ukrainian officials and defense contractors worldwide using spearphishing and webmail vulnerabilities, including a suspected zero-day exploit. This ongoing campaign focuses on collecting military and political intelligence related to Ukraine and other global targets.
Affected: Ukrainian government and defense organizations, European and Latin American governmental and military systems, defense contractors.
Affected: Ukrainian government and defense organizations, European and Latin American governmental and military systems, defense contractors.
Keypoints
- Fancy Bear is targeting high-level Ukrainian officials and defense contractors globally through cyberattacks.
- The group exploits vulnerabilities in popular webmail software, including a suspected zero-day (CVE-2024-11182).
- Since 2023, the campaign has used spearphishing with fake news headlines to infect targets.
- The malware can exfiltrate email data and bypass two-factor authentication by exploiting security flaws.
- This cyber operation is primarily driven by espionage to gather military and political intelligence related to Ukraine.
Read More: https://cyberscoop.com/russia-fancy-bear-gru-ukrainian-military-contractors/