home.social

#russianapt β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #russianapt, aggregated by home.social.

  1. "🚨 #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! πŸ‡·πŸ‡ΊπŸ”“"

    In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! πŸŽ£πŸ“§

    The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.

    This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.

    Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (webhook.site/e2831741-d8c8-497) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.

    Source: Cluster25 Blog

    Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT

  2. "🚨 #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! πŸ‡·πŸ‡ΊπŸ”“"

    In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! πŸŽ£πŸ“§

    The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.

    This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.

    Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (webhook.site/e2831741-d8c8-497) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.

    Source: Cluster25 Blog

    Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT

  3. "🚨 #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! πŸ‡·πŸ‡ΊπŸ”“"

    In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! πŸŽ£πŸ“§

    The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.

    This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.

    Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (webhook.site/e2831741-d8c8-497) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.

    Source: Cluster25 Blog

    Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT

  4. "🚨 #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! πŸ‡·πŸ‡ΊπŸ”“"

    In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! πŸŽ£πŸ“§

    The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.

    This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.

    Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (webhook.site/e2831741-d8c8-497) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.

    Source: Cluster25 Blog

    Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT

  5. "🚨 #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! πŸ‡·πŸ‡ΊπŸ”“"

    In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! πŸŽ£πŸ“§

    The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.

    This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.

    Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (webhook.site/e2831741-d8c8-497) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.

    Source: Cluster25 Blog

    Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT