Hackers Using Sophisticated Techniques to Infiltrate Arms Suppliers to Ukraine
Cybercriminals Launch Attacks on Ukraine's Weapons Manufacturers - Arms providers in Ukraine are subjected to cyberattacks by hackers.
Let's dive into the latest cybersecurity threat targeting arms companies that supply weapons to Ukraine. In a chilling revelation from Slovak security firm Eset, based in Bratislava, the notorious Russian hacker group Fancy Bear (also known as Sednit or APT28) has initiated focused attacks against manufacturers of Soviet-era armaments in Bulgaria, Romania, and Ukraine. This strategic move plays a crucial role in the defensive confrontation against Russia's invasion. In addition, arms factories in Africa and South America have also been victimized.
The cunning tactics of Fancy Bear have been historically linked to high-profile attacks, such as the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD's headquarters (2023). Experts view this organization as a part of a broader strategy devised by Russian intelligence services, employing cyberattacks for political influence and destabilization purposes. Moreover, targeted disinformation campaigns against Western democracies are also a significant focus [1].
The ongoing cyberespionage operation, named "Operation RoundPress", takes advantage of weaknesses in widely-used webmail software. Vulnerabilities in systems like Roundcube, Zimbra, Horde, and MDaemon were exploited by Fancy Bear. It's worth noting that many of these vulnerabilities could have been mitigated with proper software maintenance. However, in one instance, the affected companies found themselves defenseless against the attackers who employed a previously unidentified security flaw in MDaemon [2].[3]
Eset's investigation unveiled the malicious software "SpyPress.MDAEMON" in the attacks. This hacker program isn't just a data thief; it can infiltrate mailboxes and bypass two-factor authentication (2FA) - a supplementary security measure for logging into online accounts and accessing sensitive data. The Fancy Bear hackers were able to bypass 2FA in various instances using application passwords to gain permanent access to mailboxes [4].[5]
"Many companies continue to operate with outdated webmail servers," stated Eset researcher Matthieu Faou. "Opening an email in the browser can unknowingly activate malware and breach security protocols without any explicit action from the receiver."
- Article on Fancy Bear's tactics
- Information on recent vulnerabilities exploited by Fancy Bear
- Blog post about CVE-2024-11182
- Analysis of 2FA bypass used by Fancy Bear
- Deep-dive on SpyPress.MDAEMON and attack techniques
- The cybersecurity threat against arms companies supplying weapons to EC countries, such as Bulgaria, Romania, and Ukraine, has been attributed to the Russian hacker group Fancy Bear, raising concerns about possible interference in employment policies within the arms industry.
- Given the ongoing Operation RoundPress cyberespionage operation, employing proper technology and maintenance of webmail software like Roundcube, Zimbra, Horde, and MDaemon could potentially minimize the risk of exploitation by hacker groups like Fancy Bear, thereby ensuring employment security in the tech sector.
