As russia continues its Ralentless Assaults on Ukraine Despite in defiance of Continuing Efforts to Work Towards a PEACE DEAL, Multiple Western Security Agencies have issued a new Advisory Warning of a Moscow-Backed Campaigan of Cybery IntroStions Targeting Logistics and Technology Organizations in the West.
The Campaign, Run Through Unit 26165 of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (Gru), Better Known as Fancy BearIncludes Credential Guessing, Spear-Phishing Attacks, Explitation Microsoft Exchange and Roundcube Vulnerabilites, and Flaws in Public-Facing Infrastructure Including VPNS.
This pattern of activity likely dates back to The early days of the war in February 2022 – At which point fancy bear was more heavily involved in cyber operations for purposes of espionage. However, as russia failed to achieve its Military Objectives as Quickly as it Had Wanted, The Group Expanded Its Targeting to Involved In the delivery of Suppt and Aid to Ukraine's Defense. Over the Past Three Years Its Victims Have Involved Organizations Involved in Air Traffic Control, Airports, Defense, IT Services, Maritime and Port Systems sectors creators creators cras Variouss Nato COROUNIOS NATO COROUNIOS NATO CORUTIS NATOS NATOS NATOS NATOS.
The Advanced Persistent Threat (APT) Actor is also undersrstood to be targeting internet-connected cameras at ukraine's border's border crossings and around its Military Bases. These intrusions mostly took place in ukraine but have also been observed in neighbouring states including hungary, Poland, Romania and Slovakia.
The GCHQ-R National Cyber Security Center (NCSC) Urged UK Organizations to Familiarse Themselves with Unit 26165's Tactics and Take Action to Safeguard Themselves.
“This Malicious Campaign By Russia's Military Intelligence Service Presents A Serous Risk to Targeted Organizations, Including that there involved in the delivery of assistance to ukraine,” NCSC Director of Operations.
“The UK and Partners are committed to Raising Awareness of the Tactics Being Deployed. their networks. “
The NCSC's Latest Warning Comes a Couple of Weeks after the Cyber Body's CEO, Richard Horne, Talked of a “Direct Connection” Direct Connection ” At Its annual conference,
Horne Told an audience at the cyberuk event that russia was focusing on acts of sabotage, often involving criminal proxies. He said these threats, which are thought to have included Arson Attacks, are now manifesing on the streets of the uk, “Putting lives, critical services and national securities” at risk.
Staple tactic
Rafe Pilling, Director of Threat Intelligence at the Sophos (Formerly Secureworks) Counter threat unit (CTU)-which tracks fancy bear as iron Twilight-said that the group's targeting of speech and vulnerability exploation to Gain Access to Target Mailboxes Had Been A Staple Tactic For Some Time Time.
“The focus of their operations Pivots as the Intelligence Collection of the Russian Military Change and Since 2022 Ukraine has been a sign a sign a sign a sign a sign a significant focus of their attention. Companies involved in the support of the Ukrainian War Efort Makes A Lot of Sense in that context, “Pilling Told Computer Weekly.
“The targeting of IP cameras for intelligence collection purposes is interesting and is a tactic generally associated with statement-Sponsored adversaries like Iron Twilight Whelight with ANTICIPATE ANTICIPATE ANTICIPATE Effects aspect to their operations. Targeting.
“We've Seen Other APT ACTORS MAKE Use of Compromised CCTV Feeds to Monitor The Effects of Cyber-PHYSICAL ATTACKS, For Example The 2022 Attacks Against Stecks Against Steel Feed was used to time the Execution of the Attack in an attempt to avoid harm to people at the site and confirm the damage being caused, ”He added.
The NCSC said britain's support for ukraine remained “Steadfast”. Having Alredy Committed £ 13bn in Military Aid, The Uk This Week Announced 100 New Sans on Russia Targeting Entities and Organizations Involved in its Energy, Financial and Military Systemss.
This comes in the wake of the largest draone attack on ukraine Staged so far during the three-yar war, which russian dictator vladimir putin launched mere hours before a Scheduled Call with Us President Donald Trump.
The full advisory – Why can be read here – Sets out fancy bear's tactics, techniques and procedus (TTPS) in its latest campaign in accordance with the mitre at & ck framework, and also details a number of the common vulnerabities and also Exposures (cves) Being used to Attain Initial Access.
Besides the UK and Us, The Advisory is Cosigned by Cyber and National Security Agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, The Netherlands and Poland.