Categories: World

Russian-linked APT29 continues to target foreign ministries and diplomatic entities in NATO member states and Africa

Evolution of Tactics by Russia-linked APT29

The Russia-linked APT29 hacking group, also known as Cozy Bear, is continuing its espionage campaign targeting foreign ministries and diplomatic entities in NATO member states and Africa. This ongoing campaign represents an evolution of tactics used by the Russian hacking group. The APT29 hacking group is persistently working to improve its cyber weaponry for intelligence gathering.

Spearphishing Emails As a Mode of Attack

The spearphishing emails are sent to targeted diplomats impersonating European embassies. These emails are designed to entice the targeted diplomats into opening a malware-laced attachment under the guise of an invitation or a meeting. The PDF attachment contains a booby-trapped URL that leads to the deployment of an HTML dropper called EnvyScout (aka ROOTSAW).

Malware Strains Used by APT29 Group

After using EnvyScout as a conduit, three previously unknown strains of malware are delivered, namely SNOWYAMBER, HALFRIG, and QUARTERRIG. SNOWYAMBER leverages the Notion notetaking service for command-and-control (C2) and downloading additional payloads like Brute Ratel. QUARTERRIG functions as a downloader capable of retrieving an executable from an actor-controlled server.

HALFRIG acts as a loader to launch the Cobalt Strike post-exploitation toolkit contained within it, once again proving the APT29 group’s extremely high level of technical sophistication.

Attribution to APT29/Nobelium

This cyber-espionage campaign has been attributed to the state-sponsored hacking group APT29, which shares tactical overlaps with a cluster tracked by Microsoft as Nobelium. Nobelium was responsible for the infamous high-profile attack on SolarWinds in 2020. This recent attack has been observed across NATO member states, the European Union, and Africa.

Warnings from Cybersecurity Authorities

Poland’s Military Counterintelligence Service and the CERT Polska team have reported on the ongoing campaign. They issued an alert with indicators of compromise warning potential targets of the espionage campaign about the threat and recommended configuration changes to disrupt the delivery mechanism that was used in the described campaign.

Canada’s Prime Minister Justin Trudeau also made public statements about a recent spate of Russian-linked cyberattacks aimed at Canadian infrastructure, including denial-of-service attacks on Hydro-Québec, electric utility, the website for Trudeau’s office, the Port of Québec, and Laurentian Bank. Canada’s Centre for Cyber Security boss warned that “the threat is real.”

APT29 Continues its efforts amid Conflit in Ukraine

Russian cybercrime efforts have continued amid the ongoing conflict in Ukraine. The APT29 group’s primary goal is to gather intelligence from foreign governments and diplomatic bodies. This recent cyber-espionage campaign again underscores Russia’s continued efforts to target countries in NATO and other Western-related entities.

The Russian Intelligence services continue to employ multiple clandestine means to gain advantages over political rivals and foreign intelligence agencies. These actions remain a challenge for cybersecurity experts globally.

In summary, the APT29 group remains a clear threat to global cybersecurity with its sophisticated hacking methods employed against high-value targets globally. The recent spate of attacks is concerning as it highlights their persistent attempts to improve their tactics continually. Governments worldwide must recognize this threat and take measures to protect themselves from it.

Image Source: Wikimedia Commons

Amber Fletcher

Amber Fletcher is a seasoned journalist who specializes in writing high-quality news articles on various topics. Amber has a knack for finding the most interesting stories, and she has been published on several popular websites. With years of experience in the industry, Amber knows how to turn complex information into digestible pieces that engage and inform readers. Her writing style is engaging and authoritative, making her an invaluable asset to any news outlet.

Share
Published by
Amber Fletcher

Recent Posts

Thousands to Participate in Belfast City Marathon Despite Road Closures

Belfast City Marathon 2023 Road Closures ConfirmedBelfast City Marathon organizers have confirmed the details of…

2 years ago

Fowler Native Adysen Koenigsknecht Overcomes Battle with Celiac Disease to Run Boston Marathon

Adysen Koenigsknecht's Remarkable Journey to the Boston MarathonAdysen Koenigsknecht has come a long way since…

2 years ago

ESPN Anchor John Anderson to Lead Boston Marathon Broadcast

Anderson's Passion for Track and Field Leads to Boston Marathon RoleESPN's SportsCenter anchor John Anderson…

2 years ago

Seth Rollins appeals to fans for help in funding friend’s lung transplant surgery

Seth Rollins, WWE superstar and former Universal Champion, has appealed to his fans for support…

2 years ago

2023 Boston Marathon to Showcase Elite Runners and Star-Studded Celebrities

The 2023 Boston Marathon is gearing up to be a historic event, as it will…

2 years ago

Community of Golden Retrievers Honors Spencer and Penny, the Beloved Boston Marathon Dogs

A Heartwarming Tribute to Spencer and PennyA group of golden retrievers participated in a touching…

2 years ago