To perform espionage, an advanced hacking group known as ‘Winter Vivern’ targets European government organizations and telecommunications service providers.
Since this group’s activities align with the interests of the Russian and Belarusian governments, it is presumed to be a pro-Russian APT (advanced persistent threat) group.
According to SentinelLabs, the threat group operates with limited resources; however, their creativity compensates for these constraints.
Winter Vivern was first observed targeting government organizations in Lithuania, Slovakia, the Vatican, and India in 2021, according to DomainTools.
Winter Vivern was first observed targeting government organizations in Lithuania, Slovakia, the Vatican, and India in 2021, according to DomainTools.
Sentinel Labs has observed hackers targeting individuals working in the governments of Poland, Italy, Ukraine, and India in recent campaigns. In addition to high-profile state targets, hackers have targeted telecommunications companies, such as those that have been supporting Ukraine since Russia’s invasion.
Beginning in early 2023, the hackers imitated the websites of Poland’s Central Bureau for Combating Cybercrime, the Ukraine Ministry of Foreign Affairs, and the Ukrainian Security Service. These sites send malicious files to visitors who arrive after clicking on links in malicious emails.
SentinelLabs has previously observed spreadsheet files (XLS) containing malicious macros that launch PowerShell being dropped on APT-cloned site
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: