Several government entities and a military aviation organization in Ukraine had their email servers targeted by the Russian state-sponsored hacking operation APT28, also known as Fancy Bear and BlueDelta, in a new spear-phishing campaign that began in November 2021, according to The Record, a news site by cybersecurity firm Recorded Future.
APT28 deployed the campaign to advance Russia's military intelligence gathering efforts amid the ongoing war with Ukraine, a report from Ukraine's Computer Emergency Response Team and Recorded Future's Insikt Group found. Such an attack involved the delivery of phishing emails with malicious scripts redirecting to an email address controlled by attackers that would then enable inbox spying and data exfiltration activities.
"We assess that BlueDelta [APT28] activity is likely intended to enable military intelligence-gathering to support Russia's invasion of Ukraine and believe that BlueDelta will almost certainly continue to prioritize targeting Ukrainian government and private sector organizations to support wider Russian military efforts," said the Insikt Group.