Russian hackers target NATO country’s oil refinery

Share post:

According to new Unit42 research, a hacking group known as Gamaredon APT, which the Ukrainian government claims is a unit of Russian intelligence, attempted to compromise a large petroleum refining company based inside a NATO member earlier this year.

Unit 42 claims that on August 30, a failed attempt to compromise a large petroleum refining company within a NATO member nation was launched using numerous changes in their tactics, techniques, and procedures (TTPs). Immediately after the initial invasion, an individual who appears to be associated with Trident Ursa threatened to harm a cybersecurity researcher based in Ukraine.

Since the beginning of the invasion, Unit 42 researchers have discovered over 500 new domains and 200 malware samples associated with Gamaredon APT. It was also stated that the Gamaredon group used the fast flux DNS technique to increase the resilience of the infrastructure against law enforcement takedown and to perform hard denylisting of the IP addresses associated with it.

The Ukrainian assessment and the Unit 42 report both agree that the group heavily relies on phishing as a malware vector. It spreads by tricking users into opening attached HTML files, clicking on a seemingly harmless link, or opening a Word document.

When Unit 42 examined a phishing sample with a low detection rate on VirusTotal, it discovered that the Word attachment itself contained no malicious code. It instead downloaded a remote template containing a macro, which then executed malicious code.

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways