Hacker attack on defense companies: Fancy Bear endangers Ukraine deliveries!

Hacker attack on defense companies: Fancy Bear endangers Ukraine deliveries!

The Russian hacker group Fancy Bear, also known as APT28 or Sednit, has targeted defense companies that supply weapons to Ukraine. These attacks focus primarily on manufacturers of Soviet weapons technology in Bulgaria, Romania and Ukraine. But the effects are global, as arms factories in Africa and South America are also affected. Experts see these activities as part of a broader strategy by Russian intelligence services for political influence and destabilization the Süddeutsche reports.

As part of their current espionage campaign, dubbed “Operation RoundPress,” the hackers are exploiting vulnerabilities in webmail software such as Roundcube, Zimbra, Horde and MDaemon. It has been shown that many of the affected companies operate outdated webmail servers, making the attacks easier. In one particularly alarming case, an unknown vulnerability was used in MDaemon. The attacks usually begin with manipulated emails that disguise themselves as legitimate news reports, allowing access to the company's systems.

Common methods and techniques

The malware “SpyPress.MDAEMON” in use has the ability to read access data, track emails and bypass security measures such as two-factor authentication (2FA). This shows that the hackers are extremely sophisticated in their attacks. In several cases, they managed to outwit 2FA protection and thus permanently access mailboxes. Eset researcher Matthieu Faou highlights that simply viewing an email in the browser can be enough to execute malicious code, highlighting the vulnerability of many platforms.

In addition, German security authorities participated in a US-led operation to dismantle a Russian computer espionage network. This includes the fight against APT28, which acts on behalf of the Russian military intelligence service (GRU). The attacks on hundreds of routers in offices and households created a botnet structure that is used as a global cyber espionage platform Watson reports.

Protective measures and outlook

The attacks not only targeted military support for Ukraine, but also affected other EU and NATO states. The methods used, such as compromising routers, show that hackers are using strategy to disguise their attacks. Devices that used standard administrator passwords were attacked, highlighting the need to take basic security precautions.

In the ever-changing cybersecurity landscape, the challenge of countering these highly organized and sophisticated hacker groups like Fancy Bear becomes ever greater. The current situation shows that both state and private actors urgently need to work on improving their security systems in order to better protect themselves against such targeted cyberattacks.