Russian hackers are being blamed for an tried phishing assault towards the Latvian Ministry of Defence.
Gamaredon, a Russian state-sponsored cyberespionage group, used a website title (admou[.]org) beforehand linked to the gang in earlier assaults designed to steal data and achieve entry to networks run by Ukraine and its allies.
Researchers at French safety outfit Sekoia defined that the hackers despatched spear phishing emails to the Latvian MoD whereas posing as officers of the Ukrainian Ministry of Defence.
It seems that at the very least one of many recipients was suspicious of the message and its attachment, because it was uploaded to the VirusTotal service for scanning.
Smuggled inside the e-mail attachment was malicious code which launched a sequence of processes, designed to assist hackers steal data from their meant targets inside Latvia’s Ministry of Defence.
As The Record describes, what made the investigation into the assault uncommon is that after the Gamaredon hacking group realised its assault was being investigated, it started to speak with the researchers:
A CERT-LV spokesperson advised The Record that hackers despatched a meme depicting a Russian bear holding a paw on Ukraine, whereas the U.S. and EU attempt to include it.
FSB-linked Gamaredon (which is often known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder) has been attacking organsiations exterior of Russia for at the very least ten years.
Last yr, as an example, Gamaredon hackers reportedly tried to hack right into a petroleum-refining firm positioned in a NATO nation, and focused navy and authorities establishments in Ukraine with boobytrapped Word paperwork.
The Latvian Ministry of Defence says that the tried phishing assault launched towards it by the Gamaredon group was unsuccessful.
Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyberattacks within the nation have risen 30% for the reason that begin of the battle in Ukraine, with essentially the most severe threats posed by pro-Russian hacktivists and Kremlin-backed hackers concentrating on crucial infrastructure, companies, and Latvia’s authorities.