1. Forum
  2. FidoNet
  3. POLITICS

  • Microsoft says Russia is

    From Mike Powell@1:2320/105 to All on Thu Dec 12 10:36:00 2024
    Microsoft says Russia is hacking Ukrainian military tech by stealing points
    of entry from third-parties

    Date:
    Wed, 11 Dec 2024 17:00:00 +0000

    Description:
    Microsoft Threat Intelligence has observed Secret Blizzard using attack
    vectors gained by other threat actors to compromise Ukrainian military
    devices.

    FULL STORY

    Microsoft Threat Intelligence has revealed notorious Russian threat actor Secret Blizzard has been working with other cybercriminals to conduct
    espionage on targeted organizations of interest in South Asia as well as installing multiple backdoors on devices in Ukraine.

    The team has highlighted Secret Blizzard is using cyber attacks conducted by Russian threat actors as a vector of entry to install the Amadey bot malware and backdoors onto Ukrainian devices for espionage purposes.

    Secret Blizzard is assessed to either purchase or steal points of entry onto Ukrainian devices from other Russia-aligned state sponsored threat actors in order to diversify its ability to monitor devices and conduct attacks.

    Espionage and monitoring

    The initial point of access for Secret Blizzard is usually conducted via spearphishing attacks before moving laterally through networks of interest
    via server-side and edge device compromise.

    One access to a device is gained, Secret Blizzard was observed deploying a Powershell dropper via the Amadey malware-as-a-service (MaaS), which allows Secret Blizzard to see device configurations and collect information through
    a command and control (C2) server.

    The Amadey would then gather and relay information on the type of antivirus software installed on the device, before installing two plugins on the target device that Microsoft Threat Intelligence theorizes are used to gather clipboard data and browser credentials.

    Secret Blizzard would also seek out and target devices that use a Starlink IP address as a favoured target, before deploying a custom algorithm that allows the threat actor to steal data from the targeted device including the
    directory tree, system information, active sessions, IPv4 route table, SMB shares, enabled security groups, and time settings.

    Microsoft Threat Intelligence also observed a cmd prompt being used to gather information from Windows Defender as to whether previous versions of the
    Amadey malware had been spotted on the system in order to gauge if the target device was of interest.

    Secret Blizzard is actively adapting its attack techniques to specifically target Ukrainian military devices, with Microsoft assessing that footholds
    are likely being exploited to escalate toward strategic access at the
    Ministry level.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-says-russia-is-hacking-ukrain ian-military-tech-by-stealing-points-of-entry-from-third-parties

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)