Russia 'Fancy Bear' APT Targets Ukrainian Energy Facility
Russian cyberespionage group Fancy Bear was caught attempting to attack a critical energy facility in Ukraine using phishing emails offering pictures of women.
Fancy Bear, the notorious Russian cyberespionage group infamous for its interference in the 2016 US election and previous attacks on Ukraine, has recently been caught targeting a critical energy facility in Ukraine. Fortunately, the attack was thwarted by a cybersecurity professional working for the targeted organization.
According to a report by Ukraine's Computer Emergency Response Team (CERT-UA), the group employed a familiar tactic of using bulk phishing emails from a fake address that contained a link to a .ZIP archive. This allowed them to gain unauthorized access to the organization's system and data.
The phishing email shared by CERT-UA had a unique twist compared to previous emails used by Russian hackers. Instead of false government documents or fake software updates, this email enticed victims with the promise of pictures of women. The email read: "Hi! I talked to three girls, and they agreed. Their photos are in the archive; I suggest checking them out on the website." However, the email also contained a BAT formatted file that would execute a harmful script upon opening.
Furthermore, researchers discovered that the attackers had installed Tor on the victim's computer. Tor is a software that enables anonymous internet browsing, making it difficult to trace the origin of the data.
This attack comes after a period of relative cyber peace, as Ukrainian authorities had not reported any attacks on their energy infrastructure since autumn 2022. However, there is growing concern that these attacks may resurface now that summer is ending. The recent incident serves as a reminder that these concerns could indeed become a reality.
Comments on Russia 'Fancy Bear' APT Targets Ukrainian Energy Facility