Subscribe to our Telegram channel
Microsoft: hackers used news from Ukrainian media to attack users
Microsoft experts have detected a surge in cyberattacks from the Russian group Midnight Blizzard. During the hacks, hackers use resident proxy services to hide their own IP address. The attacks mostly target governments, IT service providers, and the defense sector.
According to the Center for Cyber Defense and Counteraction to Cyber Threats of Ukraine, this time the Russians exploited the vulnerabilities found in Roundcube, an email client. Phishing emails from the hackers contained newsletters related to Ukraine. The topics and content of the news reflected the agenda of real media, so they inspired trust among users. The successful hack allowed the hackers to deploy a malware program that redirected the victims' incoming emails to an email address managed by the attackers. The malware also stole lists of necessary contacts.
Back in December 2020, Midnight Blizzard (Nobelium, APT29, Cozy Bear, Iron Hemlock, and The Dukes) attracted worldwide attention by compromising the supply chain of the American software company SolarWinds. Russian cybercriminals have continued to attack the Foreign Ministry and diplomatic missions around the world.
Microsoft claims that the criminal activity of Russian hackers is consistent with attacks that exploit a zero-day vulnerability in Microsoft Outlook (CVE-2023−23 397). The tech giant has already blamed APT28 (Fancy Bear, Sofacy) for this.
Earlier, Microsoft’s cybersecurity experts uncovered the criminal activities of hackers from the Cadet Blizzard group, who cooperate with the Russian military intelligence service. The main target of the attacks is Ukraine, but hackers often attack NATO member states that support our country. This group of attackers was responsible for the attacks on Ukrainian web resources before Russia’s full-scale invasion in February 2022. However, the negative impact of Cadet Blizzard’s activities is low compared to other groups affiliated with the occupier’s GRU, such as Seashell Blizzard (Iridium) and Forrest Blizzard (Strontium).