Advanced cyberespionage launched against Kazakhstan energy sector

Attacks involving phishing lures against Kazakhstan's oil and gas sector have been launched by the NoisyBear threat operation as part of a sophisticated cyberespionage campaign that began in April and escalated in May, according to GBHackers News.

NoisyBear exploited Kazakhstan state-owned oil and gas firm KazMunaiGas' breached finance department email account to deliver spear-phishing emails masquerading as an updated salary schedule to employees, who were deceived into downloading and extracting a ZIP file, as well as opening a shortcut file, a report from Seqrite Labs found. Included within the ZIP archive were a fake document and a README.txt file, as well as an illicit LNK file, which exploited Windows' PowerShell binary to launch the attack chain.

After deploying batch scripts meant to circumvent sandbox environments, deactivating Windows' Anti-Malware Scan Interface, and injecting the Meterpreter reverse-shell shellcode, attackers proceeded with the distribution of a 64-bit DLL implant with a suspended 'rundll32.exe' process that allowed reverse shell payload injection prior to continued execution, followed by data exfiltration and persistence efforts, said researchers, who also discovered NoisyBear's usage of servers from Russian hosting provider Aeza Group for its infrastructure.

Third-party breach hits Chess.com

BleepingComputer reports that internet chess portal and social networking site Chess.com had data from more than 4,500 of its 100 million users pilfered following a June attack against its third-party file transfer application.

Evolving Russian cyber strategy attributed to intensified Ukrainian efforts

Increasingly advanced cybersecurity defenses were noted by Ukrainian State Service of Special Communications and Information Protection Head Oleksandr Potii to have led Russia to shift toward cyberespionage, distributed denial-of-service attacks, and other non-critical cyber operations after initially launching far-reaching intrusions against the country's critical infrastructure, according to The Record, a news site by cybersecurity firm Recorded Future.

