Threat Intelligence, Critical Infrastructure Security
Fancy Bear attack against Ukrainian energy facility thwarted
Ukraine's Computer Emergency Response Team disclosed the successful disruption of an attack by Russian state-backed hacking operation Fancy Bear, also known as APT28, against an unnamed critical energy facility in the country, reports The Record, a news site by cybersecurity firm Recorded Future.
Fancy Bear has facilitated the attack through phishing emails with a message confirming a conversation with "three girls" and an archive with the girls' photos, which contain a BAT file that triggers fraudulent web pages aimed at malicious script execution, according to a CERT-UA report.
While Tor software was also deployed by the threat actors to evade detection, identification of the malicious activity by an energy facility employee prompted immediate access restrictions to Mockbin service-related web resources, as well as the blocking of the Windows Script Host.
No further information has been provided regarding the intrusion, which was the first new incident against Ukraine's energy infrastructure in some time since the Russia-Ukraine war began.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds