Diplomatic entities across Eastern Europe have been targeted by Russian state-sponsored threat operation APT29, also known as BlueBravo, Cloaked Ursa, and Midnight Blizzard, with the novel GraphicalProton malware in phishing attacks from March to May, according to The Hacker News.
APT29 has leveraged legitimate internet services to facilitate the obfuscation of Microsoft OneDrive or Dropbox, which served as its command-and-control servers in the GraphicalProton attacks, a Recorded Future report showed.
Phishing emails with vehicle-related lures have been used by threat actors to facilitate the delivery of ISO or ZIP files with PNG image-spoofing .LNK files that trigger GraphicalProton. Such cyberespionage attacks against European government organizations have been linked to Russia's growing interest in collecting intelligence in Europe amid its ongoing war with Ukraine.
Meanwhile, the findings should prompt network defenders to be more vigilant of the potential exploitation of OneDrive and other similar services to enable malware delivery, said researchers.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
While DumpForums claimed to have infiltrated the company's corporate GitLab server, mail server, and software management services, Dr. Web emphasized that the incident had not resulted in any customer data compromise.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.