Microsoft revealed on Thursday that it had obtained a court order to seize control of seven domains used by APT28, a Russian military intelligence service-sponsored group, in order to neutralize its attacks on Ukraine.
Because of this, Microsoft's corporate vice president of customer security and trust Tom Burt said that the domains in question are no longer being used by Strontium and that victims are now receiving notifications.
There are many names for APT28, but the group has been around since 2009 and has been known to target media outlets as well as government agencies as well as non-governmental organizations (NGOs) that work in the field of security. APT28 has also been referred to as Sofacy and Sednit in the past.
To maintain long-term access and exfiltrate sensitive information from the sinkholed infrastructure, the threat actor targeted Ukrainian institutions as well as governments and think tanks in the US and EU, the tech giant said.
Ghostwriter and Phosphorus are targets of Meta's wrath.
MSNBC reports that Microsoft has revealed that it has taken action against covert adversarial networks from Azerbaijan and Iran on its platform, by shutting down the accounts of those networks and blocking their domains from being shared.
Credential phishing and espionage are believed to have been targeted at democracy activists, opposition groups, and national and international journalists, as well as government critics, in the Azerbaijani operation.
Another was Charming Kitten, TA453, or Phosphorus, a government-linked hacking group that has a history of conducting surveillance operations in support of Iranian strategic priorities.
A combination of low-sophistication fake accounts and more elaborate fictitious personas, which they likely used to build trust with potential targets and trick them into clicking on phishing links or downloading malicious applications, Meta outlined in its first quarterly Adversarial Threat Report.
An Android malware known as HilalRAT impersonated a legitimate Quran app in order to steal personal information such as contacts, text messages, files, and GPS coordinates.
Tortoiseshell-like hacking tactics were used to target or spoof companies in the energy, IT, maritime logistics, semiconductor, and telecom industries, according to Meta.
This campaign used a sophisticated set of bogus profiles on Instagram, LinkedIn, Facebook, and Twitter, with actors posing as recruiters of real and front companies to trick users into clicking on phishing links that delivered information-stealing malware disguised as VPN, calculator, audiobook, and messaging apps.
VMWare ThinApp virtualization platform allowed them to run malware on many different systems and hold the malicious payload back until the last minute, making malware detection more difficult," Meta explained.
Last but not least, the Belarus-aligned Ghostwriter group attempted to hack into the Facebook accounts of several Ukrainian military personnel, which Meta also disrupted.
Some of the attacks, which had some success, used victims' social media accounts to spread misinformation and call for their surrender as if the posts were coming from legitimate account owners, which is how access to the accounts was gained.
Post a Comment
Your suggestions and comments are welcome