In accordance with the Polish CERT and Military Counterintelligence Service, an ongoing cyberespionage effort linked to a Russian nation-state entity is targeting European government agencies and diplomats in order to collect Western government intelligence on the Ukraine war.
According to a Thursday advisory from the two federal agencies, a campaign linked to the Russian
APT organization Nobelium is targeting government agencies and diplomats involved with NATO and the European Union, as well as African states to a lesser extent.
Per the Polish authorities, the hackers are targeting victims using spear-phishing emails that look to be from European embassies, inviting them to a meeting or event at one of the embassies.
The emails comprise malicious documents masquerading as calendar invites or meeting agendas. When victims open these files, they are sent to a hijacked website hosting a trademark Nobelium malware dropper dubbed EnvyScout, which sends malicious .img or .iso files to the victim’s machine.
Nobelium previously employed malware concealed in.zip or.iso files, but in the latest operation, hackers load additionally .img files that lack the Mark of the Web feature, a security mechanism designed to prevent people from downloading harmful files. The spyware launches without informing system users.
Once executed, the malware loads
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: