Return to Threat Reports

Mandiant Insight on Russia & Ukraine

March 08, 2022

Mandiant’s review of the conflict between Russia and Ukraine warns of retaliation by Russia against organizations that condemn Russia and/or support Ukraine.

Anonymous Hacking Group Takes Aim at Russia

March 01, 2022

Anonymous Hacking Group Takes Aim at Russia

Industry: N/A | Level: Strategic | Source: Joe.co.uk

Russian aggression has provoked hacking group Anonymous who have declared “cyber war” against Russia. From the group’s Twitter handle @YourAnonOne, the group posted the following tweet “The Anonymous collective is officially in cyber war against the Russian government.” The hacking group is making an impact quickly as they have already taken down Russian news websites, “The #Anonymous collective has taken down the website of the #Russian propaganda station RT News.”

APT29/Nobelium Targets Embassies

March 01, 2022

APT29/Nobelium Targets Embassies

Industry: Government | Level: Tactical | Source: Fortinet

Research from FortiGuard has identified threat actor group, APT29/Nobelium/Cozy Bear to be targeting embassies as an observed email impersonating the “Embassy of the Republic of Turkey.” Analysis of the email’s malicious HTML attachment uncovers a malicious JavaScript, which creates an ISO file requiring the user to execute the ISO file. A shortcut pointing to a malicious DLL file is executed for Cobalt Strike. This tactic is likely conducted to monitor activity in embassies to assist in Russian operations.

  • Anvilogic Scenario: Malicious Document Delivering Malware
  • Anvilogic Use Cases:
    • Rundll32 Command Line
    • Suspicious File written to Disk

Ukraine & Russia Cyber Update

February 22, 2022

Consolidating available advisory information from the Cybersecurity and Infrastructure Security Agency (CISA), regarding the Ukraine and Russia crisis, provided technical guidance on threat TTPs, associated with Russian threat actors, continuing to urge organizations to have increased awareness of cybersecurity.