Fancy Bear attack against Ukrainian energy facility thwarted

Ukraine's Computer Emergency Response Team disclosed the successful disruption of an attack by Russian state-backed hacking operation Fancy Bear, also known as APT28, against an unnamed critical energy facility in the country, reports The Record, a news site by cybersecurity firm Recorded Future. Fancy Bear has facilitated the attack through phishing emails with a message confirming a conversation with "three girls" and an archive with the girls' photos, which contain a BAT file that triggers fraudulent web pages aimed at malicious script execution, according to a CERT-UA report. While Tor software was also deployed by the threat actors to evade detection, identification of the malicious activity by an energy facility employee prompted immediate access restrictions to Mockbin service-related web resources, as well as the blocking of the Windows Script Host. No further information has been provided regarding the intrusion, which was the first new incident against Ukraine's energy infrastructure in some time since the Russia-Ukraine war began.