The Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyber-attack campaign carried out by the APT28 threat group, also known as Fancy Bear. This group is thought, with a high degree of confidence, to be affiliated with Russian military intelligence operations. Here’s what we know so far and what you need to watch out for if you think you might be at risk of being targeted.
The APT28 Fancy Bear Cyber Attack Campaign Warning From CERT-UA - The Ukrainian CERT warning, number CERT-UA#11689, was published on 25 October and, courtesy of Google’s on-page language translation tools, detailed an ongoing investigation into a phishing campaign using emails that contain a database table, and a link that delivers what appears to be a Google reCAPTCHA bot-detection dialog.
The frequency of these anti-bot CAPTCHA tools has reduced considerably for most users, in no small part by the sheer number of browser extensions that help to defeat them and the likes of iOS using Apple’s server-based automatic verification system to bypass the need to complete them yourself. However, it’s still not an altogether unexpected event when one does appear and, something that the Fancy Bear threat group is relying upon, certainly not something that would arouse suspicion in the user. If anything, it’s the opposite: the use of such an anti-bot defense tends to suggest a trustworthy outcome rather than a dangerous one.
In the case of this cyber-attack campaign, CERT-UA said that ticking the checkbox asking for confirmation in response to the “I am not a robot” question will initiate a malicious PowerShell command instruction to the user’s clipboard.
Mitigating The Risk of Falling Victim To The CAPTCHA Cyber Attack - OK, so the most important point to be made here is that the cyber-attack campaign in question appears to be highly targeted at local government workers in Ukraine. That immediately filters out a lot of the concern that everyone else might have. However, importantly, that doesn’t mean that the same techniques will not be used by other threat actors now that the methodology is out there and apparently fooling some victims. Therefore, you still need to be aware of the threat and how to mitigate it.
Source: New Cyber Attack Warning—Confirming You Are Not A Robot Can Be Dangerous
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments