Security News Poland says Russian military hackers target its govt networks

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,677
Content source
https://www.bleepingcomputer.com/news/security/poland-says-russian-military-hackers-target-its-govt-networks/
Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week.

According to evidence found by CSIRT MON, the country's Computer Security Incident Response Team (led by the Polish Minister of National Defense) and CERT Polska (the Polish computer emergency response team), Russian APT28 state hackers attacked multiple government institutions in a large-scale phishing campaign.

The phishing emails tried tricking the recipients into clicking an embedded link that would provide them with access to more information regarding a "mysterious Ukrainian woman" selling "used underwear" to "senior authorities in Poland and Ukraine."

Once clicked, the link redirected them through multiple websites before landing on a page that downloaded a ZIP archive. The archive contained a malicious executable disguised as a JPG image file and two hidden files: a DLL and a .BAT script.

If the target opens the camouflaged executable file, it loads the DLL via DLL side loading, which runs the hidden script. The script displays a photo of a woman in a swimsuit in the Microsoft Edge browser as a distraction while simultaneously downloading a CMD file and changing its extension to JPG.

"The script we finally received collects only information about the computer (IP address and list of files in selected folders) on which they were launched, and then send them to the C2 server. Probably computers of the victims selected by the attackers receive a different set of the endpoint scripts," CERT Polska said.
Click to expand...
www.bleepingcomputer.com

Poland says Russian military hackers target its govt networks

Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Idanox, vtqhtr413, Nevi and 3 others
F

ForgottenSeer 109138

Trident said:
It doesn’t necessarily need to be a sophisticated one, as long as it evades detections of the target security system. Sometimes it’s the simple attacks that do the trick.
Click to expand...
Govt networks should be hardened to these simple tactics such as those dlls and scripts disabled and those accessing the systems certainly should be trained on social engineering and phishing attempts while using systems tied to such sensitive data and of course should not be using govt systems to gauk at women in underwear.
 
Last edited by a moderator:
  • Like
Reactions: Gandalf_The_Grey and Trident
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,759
Practical Response said:
Govt networks should be hardened to these simple tactics such as those dlls and scripts disabled and those accessing the systems certainly should be trained
Click to expand...
They should be in theory, but in practice it’s not always possible to disable them, sometimes there is software that may require them. It’s also not always possible to train employees, you’ve got new starters that need plenty of other trainings as well, or you train them, they pass with perfect scores and they still don’t know anything.

So could be, would be, should be are fuzzy.
 
  • Like
Reactions: vtqhtr413 and Gandalf_The_Grey
F

ForgottenSeer 109138

Trident said:
They should be in theory, but in practice it’s not always possible to disable them, sometimes there is software that may require them. It’s also not always possible to train employees, you’ve got new starters that need plenty of other trainings as well, or you train them, they pass with perfect scores and they still don’t know anything.

So could be, would be, should be are fuzzy.
Click to expand...
These are not Walmart employees, they are government workers on systems tied to sensitive data. I have yet to see a system tied to federal that is not locked down and monitored. They do not just let untrained employees loose without supervision, nor would they tolerate employees using their terminals for personal viewing.

I'm not sure what they are doing in Poland but here in the states that wouldn't fly very far. It is why I stated amateur hour in my initial post. Not that the hackers are amateur's but the facility not training or monitoring their employees properly.

These systems usually have set functions per job description on govt networks and can not only be locked down but air gapped as well depending on usage.
 
  • Like
Reactions: Trident

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Wow
Malware News Russian military hackers target Ukraine with new MASEPIE malware
Replies
0
Views
1,202
Security News
Gandalf_The_Grey
Gandalf_The_Grey
scorpionv
    • Like
    • Applause
    • +Reputation
Security News Ukrainian military says it hacked Russia's federal tax agency
Replies
0
Views
794
Security News
scorpionv
scorpionv
Gandalf_The_Grey
    • Like
    • +Reputation
Malware News Google: Russian FSB hackers deploy new Spica backdoor malware
Replies
1
Views
1,548
Security News
Juan2go
J

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top