TZUTC: -0500
MSGID: 1144.consprcy@1:2320/105 2c94cc2f
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Russian GRU cracks open logistic companies to spy on Ukranian military aid

Date:
Thu, 22 May 2025 14:04:00 +0000

Description:
Fancy Bear has been targeting logistics companies since 2022

FULL STORY

Fancy Bear, the infamous Russian state-sponsored threat actor, has been 
spying on dozens of organizations from Western and NATO countries, monitoring
foreign aid moving into Ukraine. This is according to a joint cybersecurity
advisory [ PDF ], published by 21 government agencies from the US, UK, 
Canada, Germany, France, Czech Republic, Poland, Austria, Denmark, and the
Netherlands. 

As per the report, Fancy Bear (also known as APT28) targeted logistics
providers, technology companies, and government organizations involved in
transporting aid to Ukraine. 

All transportation modes were covered, including air, sea, and rail, and the
organizations spanned different industries, from defense, to transportation,
to maritime and air traffic management, and ultimately - to IT services. 

Credential stuffing

The targeted companies were operating in Bulgaria, Czech Republic, France,
Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia,
Ukraine, and the United States. Whats more, the hackers were also monitoring
CCTV cameras on border crossings for the same purpose. 

To gain initial access, APT28 relied on credential guessing and brute-force
attacks. They also ran spearphishing campaigns, and took advantage of 
software vulnerabilities . 

By leveraging CVE-2023-23397, they targeted Microsoft Exchange, Roundcube
Webmail , and WinRAR, allowing them to infiltrate the systems. Finally, they
went for corporate VPNs and vulnerable SQL databases, and after compromising 
a network, moved laterally with tools such as PsExec and Impacket. 

The attackers manipulated email mailbox permissions, and used Tor and VPNs to
remain hidden while keeping tabs on sensitive communication. 

The Russo-Ukrainian conflict demonstrated just how much warfare has changed 
in recent years. Besides the usual fronts - land, sea, and air, cyberspace 
has become a major battleground, with hackers and cybercriminals on both 
sides targeting sensitive information, and critical infrastructure. 

The attack should serve as a reminder that cyber-physical systems are now
strategic targets for adversaries, commented Andrew Lintell, General Manager,
EMEA, at Claroty. To combat this, organisations need full visibility into
these environments and a risk-based approach to securing them. Many of these
devices, such as security cameras, werent designed with modern threats in
mind, so are increasingly vulnerable entry points. 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/russian-gru-cracks-open-logistic-compan
ies-to-spy-on-ukranian-military-aid

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426