Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
An ART group hides spyware viruses in its emails about its work.
The company F. A. C. C. T. has identified another cyberattack on Russian organizations, carried out by the hacker group Cloud Atlas. The attackers targeted an agricultural enterprise and a state research company.
Cloud Atlas has long been known as a pro-government APT group dedicated to cyber espionage and theft of sensitive data. According to researchers, it has been active since at least 2014. The main attack method is a targeted mailing list with a malicious attachment. Industrial enterprises and state-owned companies in Russia, Belarus, Azerbaijan, Turkey, and Slovenia were most often targeted by Cloud Atlas.
This time, the attackers used addresses registered through popular email services to break into the systems. antonowadebora@yandex.ru and mil.dip@mail.ru and two relevant topics — support for members of the Free Military Service and military registration.
So, in one of the letters on behalf of representatives of the "Moscow City organization of the All-Russian Professional Union of Employees of state Institutions" hackers offered to organize a collection of postcards and greetings for military personnel and their families. At the same time, the contacts indicated in the email were real — they can be found in the public domain.
In another case, the attackers introduced themselves as the "Association of Training Centers" and used the current topic of changes in the legislation on the introduction of military registration and booking of citizens who are in reserve.
According to F. A. C. C. T. experts, the killchain in both cases is similar to what Positive Technologies cited in its report, but in addition uses alternative data flows.
A technical analysis of the new Cloud Atlas attacks, as well as tactics and techniques of the MITRE ATT&CK procedure, can be found on the company's blog.
The company F. A. C. C. T. has identified another cyberattack on Russian organizations, carried out by the hacker group Cloud Atlas. The attackers targeted an agricultural enterprise and a state research company.
Cloud Atlas has long been known as a pro-government APT group dedicated to cyber espionage and theft of sensitive data. According to researchers, it has been active since at least 2014. The main attack method is a targeted mailing list with a malicious attachment. Industrial enterprises and state-owned companies in Russia, Belarus, Azerbaijan, Turkey, and Slovenia were most often targeted by Cloud Atlas.
This time, the attackers used addresses registered through popular email services to break into the systems. antonowadebora@yandex.ru and mil.dip@mail.ru and two relevant topics — support for members of the Free Military Service and military registration.
So, in one of the letters on behalf of representatives of the "Moscow City organization of the All-Russian Professional Union of Employees of state Institutions" hackers offered to organize a collection of postcards and greetings for military personnel and their families. At the same time, the contacts indicated in the email were real — they can be found in the public domain.
In another case, the attackers introduced themselves as the "Association of Training Centers" and used the current topic of changes in the legislation on the introduction of military registration and booking of citizens who are in reserve.
According to F. A. C. C. T. experts, the killchain in both cases is similar to what Positive Technologies cited in its report, but in addition uses alternative data flows.
A technical analysis of the new Cloud Atlas attacks, as well as tactics and techniques of the MITRE ATT&CK procedure, can be found on the company's blog.
