Hacktivist Group Fancy Bear M edges into Ukrainian Arms Suppliers
Armed forces' munitions distributors in Ukraine face cyberattacks from hackers - Cybercriminals Launch Attacks on Ukrainian Weapons Vendors
Step up your cybersecurity game! The Russian hacker collective Fancy Bear is on the prowl again, this time aimed at weapons suppliers to Ukraine. Eset, a renowned Slovak security firm, has sounded the alarm in a recent study. The primary targets are manufacturers of Soviet-era weaponry in Bulgaria, Romania, and Ukraine, which play a key role in Ukraine's defense against Russia. Suppliers in Africa, South America, and beyond have also been hit.
Fancy Bear, also known as Sednit or APT28, has quite the CV: responsible for attacks on the German Bundestag (2015), US politician Hillary Clinton (2016), and the SPD party headquarters (2023). Intelligence experts view the group as a tool of Russian intelligence services, using cyberattacks for political influence and destabilization. They're also known for their espionage and disinformation campaigns against Western democracies.
Operation RoundPress: the new offensive
In their latest endeavor, code-named "Operation RoundPress," Fancy Bear has exploited vulnerabilities in popular webmail software like Roundcube, Zimbra, Horde, and MDaemon. Many of these weaknesses could have been eliminated with regular software maintenance. In some cases, they even cornered companies with a previously unknown security flaw in MDaemail that couldn't be patched right away.
The attacks often start with bogus emails disguised as news articles from credible sources such as the Kyiv Post or News.bg. Once opened in the browser, malware sneakily makes its way, slipping past spam filters unnoticed.
The bypass of two-factor protection
Eset researchers discovered the malware "SpyPress.MDAEMON" during their analysis of the attacks. This malicious software can not only read login credentials and track emails, but it can also bypass two-factor authentication (2FA). Two-factor authentication is an extra layer of security for logging into online accounts or accessing sensitive data, requiring a second form of verification in addition to a password. However, Fancy Bear has managed to bypass 2FA in some cases, gaining permanent access to email accounts using application passwords.
"Too many companies cling to outdated webmail servers," said Matthieu Faou, an Eset researcher. "Merely viewing an email in the browser can be enough to execute malware without the recipient clicking anything."
To improve your defenses against Fancy Bear and similar threats, consider these strategic measures:
- Regular updates and patching
- Stay current with patches for all webmail software, such as Roundcube, Horde, MDaemon, and Zimbra, to prevent known vulnerabilities from being exploited.[1][4]
- Implement zero-day protections with intrusion detection systems (IDS) or web application firewalls (WAFs) that can detect and thwart zero-day attacks.[4]
- Enhanced email account security measures
- Enhance 2FA with advanced methods like U2F for stronger protection.[2]
- Prioritize password hygiene, enforcing strong password policies and encouraging regular changes.
- Spear phishing awareness and protection
- Train employees to spot spear phishing emails, especially those referencing current events or news, which are often used by Fancy Bear.[4]
- Utilize advanced email filtering tools to block suspicious emails from reaching inboxes.
- Network security improvements
- Segment the network to limit the spread of malware in case of a breach.
- Continuously monitor network activity for signs of intrusion or unusual behavior.
- Incident response plan
- Develop a clear incident response plan to rapidly respond to security breaches, minimizing potential attack impact.
Adopting these measures can significantly reduce the risk of data breaches and unauthorized access to sensitive information. Stay vigilant and stay protected!
- Given the escalating cyber threats posed by hacktivist group Fancy Bear, EC countries must reevaluate their employment policies to prioritize cybersecurity training and development.
- With Fancy Bear's latest attack tactics exploiting vulnerabilities in popular webmail software, policymakers should advocate for the integration of technology, specifically intrusion detection systems and web application firewalls, in employment policies for cybersecurity professionals.
- As Fancy Bear continues to evade two-factor authentication in some attacks, it is crucial for employment policies to mandate the implementation of advanced 2FA methods, such as U2F, to enhance the security of digital accounts.
