Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.
The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
Targets of the campaign include companies involved in the coordination, transport, and delivery of foreign assistance to Ukraine, according to a joint advisory released by agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States.
“This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations,” the bulletin said.
The alert comes weeks after France’s foreign ministry accused APT28 of mounting cyber attacks on a dozen entities including ministries, defense firms, research entities, and think tanks since 2021 in an attempt to destabilize the nation.
Then last week, ESET took the wraps off a campaign dubbed Operation RoundPress that it said has been ongoing since 2023 by exploiting cross-site scripting (XSS) vulnerabilities in various webmail services like Roundcube, Horde, MDaemon, and Zimbra to single out governmental entities and defense companies in Eastern Europe, as well as governments in Africa, Europe, and South America.
Source: The Hacker News