Russian hackers target NATO country’s oil refinery

Share post:

According to new Unit42 research, a hacking group known as Gamaredon APT, which the Ukrainian government claims is a unit of Russian intelligence, attempted to compromise a large petroleum refining company based inside a NATO member earlier this year.

Unit 42 claims that on August 30, a failed attempt to compromise a large petroleum refining company within a NATO member nation was launched using numerous changes in their tactics, techniques, and procedures (TTPs). Immediately after the initial invasion, an individual who appears to be associated with Trident Ursa threatened to harm a cybersecurity researcher based in Ukraine.

Since the beginning of the invasion, Unit 42 researchers have discovered over 500 new domains and 200 malware samples associated with Gamaredon APT. It was also stated that the Gamaredon group used the fast flux DNS technique to increase the resilience of the infrastructure against law enforcement takedown and to perform hard denylisting of the IP addresses associated with it.

The Ukrainian assessment and the Unit 42 report both agree that the group heavily relies on phishing as a malware vector. It spreads by tricking users into opening attached HTML files, clicking on a seemingly harmless link, or opening a Word document.

When Unit 42 examined a phishing sample with a low detection rate on VirusTotal, it discovered that the Word attachment itself contained no malicious code. It instead downloaded a remote template containing a macro, which then executed malicious code.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways