Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored threat actor known for targeting government entities, businesses, universities, research institutes, and think tanks in
Western countries and
NATO orgs. The hacking group is known to employ phishing campaigns and
exploit zero-day vulnerabilities in
widely used software.
The latest campaign targeting Ukraine took place between December 15 and 25, 2023, utilizing phishing emails urging recipients to click on a link supposedly to view an important document.
The links redirect victims to malicious web resources that employ JavaScript to drop a Windows shortcut file (LNK) that launches PowerShell commands to trigger an infection chain for a new Python malware downloader called 'MASEPIE.'
