TZUTC: -0500   
   MSGID: 1144.consprcy@1:2320/105 2c94cc2f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Russian GRU cracks open logistic companies to spy on Ukranian military aid   
      
   Date:   
   Thu, 22 May 2025 14:04:00 +0000   
      
   Description:   
   Fancy Bear has been targeting logistics companies since 2022   
      
   FULL STORY   
      
   Fancy Bear, the infamous Russian state-sponsored threat actor, has been    
   spying on dozens of organizations from Western and NATO countries, monitoring   
   foreign aid moving into Ukraine. This is according to a joint cybersecurity   
   advisory [ PDF ], published by 21 government agencies from the US, UK,    
   Canada, Germany, France, Czech Republic, Poland, Austria, Denmark, and the   
   Netherlands.    
      
   As per the report, Fancy Bear (also known as APT28) targeted logistics   
   providers, technology companies, and government organizations involved in   
   transporting aid to Ukraine.    
      
   All transportation modes were covered, including air, sea, and rail, and the   
   organizations spanned different industries, from defense, to transportation,   
   to maritime and air traffic management, and ultimately - to IT services.    
      
   Credential stuffing   
      
   The targeted companies were operating in Bulgaria, Czech Republic, France,   
   Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia,   
   Ukraine, and the United States. Whats more, the hackers were also monitoring   
   CCTV cameras on border crossings for the same purpose.    
      
   To gain initial access, APT28 relied on credential guessing and brute-force   
   attacks. They also ran spearphishing campaigns, and took advantage of    
   software vulnerabilities .    
      
   By leveraging CVE-2023-23397, they targeted Microsoft Exchange, Roundcube   
   Webmail , and WinRAR, allowing them to infiltrate the systems. Finally, they   
   went for corporate VPNs and vulnerable SQL databases, and after compromising    
   a network, moved laterally with tools such as PsExec and Impacket.    
      
   The attackers manipulated email mailbox permissions, and used Tor and VPNs to   
   remain hidden while keeping tabs on sensitive communication.    
      
   The Russo-Ukrainian conflict demonstrated just how much warfare has changed    
   in recent years. Besides the usual fronts - land, sea, and air, cyberspace    
   has become a major battleground, with hackers and cybercriminals on both    
   sides targeting sensitive information, and critical infrastructure.    
      
   The attack should serve as a reminder that cyber-physical systems are now   
   strategic targets for adversaries, commented Andrew Lintell, General Manager,   
   EMEA, at Claroty. To combat this, organisations need full visibility into   
   these environments and a risk-based approach to securing them. Many of these   
   devices, such as security cameras, werent designed with modern threats in   
   mind, so are increasingly vulnerable entry points.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/russian-gru-cracks-open-logistic-compan   
   ies-to-spy-on-ukranian-military-aid   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426