Global cyberespionage operations mounted by Russia-linked Winter Vivern APT

Russian advanced persistent threat operation Winter Vivern has launched recent attacks aimed at government agencies in Ukraine, Poland, Italy, and India, as well as telecommunications firms in Ukraine, SecurityWeek reports. Attacks by Winter Vivern involved the delivery of malicious Office documents through government email credential phishing webpages, according to a SentinelOne report. Aside from leveraging shared toolkits and legitimate Windows utilities, Winter Vivern has also been deploying the Aperetif remote access trojan with system information, command-and-control server communication, and persistent access capabilities. Known security vulnerabilities are also being exploited by the Russian APT in its attacks, the report showed. "The Winter Vivern cyber threat actor has been able to successfully carry out their attacks using simple yet effective attack techniques and tools. Their ability to lure targets into the attacks, and their targeting of governments and high-value private businesses demonstrate the level of sophistication and strategic intent in their operations," said SentinelOne.