Russia's APT28 Cyber Espionage Group Targets Czechia, Germany Using Outlook Exploit

Czechia and Germany have exposed a long-running cyber espionage campaign conducted by the notorious Russia-linked APT28 hacking group, drawing harsh criticism from international organizations like the European Union (EU), the North Atlantic Treaty Organization (NATO), the United Kingdom, and the United States. The Czech Republic's Ministry of Foreign Affairs revealed that certain entities within the country were targeted using a critical Microsoft Outlook vulnerability (CVE-2023-23397), allowing Russian state-sponsored hackers to escalate privileges and potentially gain unauthorized access. Germany Accuses APT28 of Targeting Social Democratic Party Similarly, Germany's Federal Government attributed the APT28 threat actor, also known as Fancy Bear, Pawn Storm, and Sofacy, to a cyber attack aimed at the Executive Committee of the Social Democratic Party, exploiting the same Outlook flaw over a "relatively long period" to compromise numerous email accounts. The targeted industries spanned logistics, armaments, air and space, IT services, foundations, and associations located in Germany, Ukraine, and other European regions. Germany also implicated APT28 in the 2015 cyber attack on the German federal parliament (Bundestag). Widespread Condemnation of Russia's Malicious Cyber Activities NATO stated that Russia's hybrid actions "constitute a threat to Allied security," while the Council of the European Union condemned Russia's "continuous pattern of irresponsible behavior in cyberspace." The UK government described the recent APT28 activity, including targeting the German Social Democratic Party, as "the latest in a known pattern of behavior by the Russian Intelligence Services to undermine democratic processes across the globe." The US Department of State acknowledged APT28's history of engaging in "malicious, nefarious, destabilizing and disruptive behavior," and reiterated its commitment to upholding a "rules-based international order, including in cyberspace." Disruption of APT28's Criminal Proxy Botnet Earlier in February, a coordinated law enforcement action disrupted a botnet comprising hundreds of SOHO routers in the US and Germany believed to have been used by APT28 to conceal their malicious activities, such as exploiting CVE-2023-23397 against targets of interest. Cybersecurity researchers warn that Russian state-sponsored cyber threats, including data theft, destructive attacks, DDoS campaigns, and influence operations, pose severe risks to upcoming elections in regions like the US, UK, and EU, with multiple hacking groups like APT28, APT44 (Sandworm), COLDRIVER, and KillNet expected to be active. Securing Critical Infrastructure from Pro-Russia Hacktivist Attacks Government agencies from Canada, the UK, and the US have released a joint fact sheet to help critical infrastructure organizations secure against pro-Russia hacktivist attacks targeting industrial control systems (ICS) and operational technology (OT) systems since 2022, often exploiting publicly exposed internet connections and default passwords. The recommendations include hardening human-machine interfaces, limiting internet exposure of OT systems, using strong and unique passwords, and implementing multi-factor authentication for all access to the OT network. Read the full article

history of the internet and fantasy novel about magic, reviewed here.

#fancybear goes phishing #magician and fool #books #Macmillan

#bearboy🐻🐾 #fatbelly #bearmex #cubbears #bearboy #cubbears #bearathome #fancybear #nakedbears #fatboy #shirtlessbear https://www.instagram.com/p/Bvp7t-DA1oAbzUTUTNOnKoaUwGj-rTan3PvP0I0/?utm_source=ig_tumblr_share&igshid=pp2k9xjo0hsc

Ukraine: Google blocks Russian and Belarusian groups 'phishing'

Ukraine: Google blocks Russian and Belarusian groups ‘phishing’

(ANSA) – ROME, MARCH 08 – After Microsoft, Google also takes the field to monitor security in this period of conflict. The security division of the tech giant, the Threat Analysis Group (Tag), has identified spying and phishing campaigns by cybercriminal groups already known to law enforcement agencies, including FancyBear and Ghostwriter, attributable to Russia and Belarus. In particular, the…

View On WordPress

Once Again, APT28 Gets Linked to U.S. Election Interference Efforts | Cyware Alerts - Hacker News https://cyware.com/news/once-again-apt28-gets-linked-to-us-election-interference-efforts-8e6d143b @jeskalana @ilana.olsen #hacking #espionage #cyberwarfare #ww3 #fancybear #russians #germany #us https://www.instagram.com/p/CFVJnOmBz7q/?igshid=haz58892j6xl

#Cyber #Espionage #Group Fancy #Bear   http://www.redbubble.com/people/znamenski/works/40394638-cyber-espionage-group-fancy-bear?p=leggings&asc=u #findyourthing #redbubble

Fancy boys with @alexkalokerinos for the occasion of @pyrodarknessanny's wedding #fashionturntotheright #fashionturntotheleft #fancybears #bearsofbrisbane #bearsofinstagram #wedding https://www.instagram.com/p/CRIy37wNbIZ/?utm_medium=tumblr

#FancyBears ✨🐻 - - - #gaystagram #gaycouple #bearsofinstagram #bearded #atx (at Perry's Steakhouse & Grille) https://www.instagram.com/p/B51Q4rWJX2h/?igshid=1lpcynrww8rd3

Do any of you sleep with a stuffed plushy?

Larry: Sometimes, I liked to sleep with Puppy, my stuffed animal.

Morton: MORTON SLEEPS WITH BLUE STUFFED FROG, NYAH. BLUE IS NAME. ^^

Wendy: I do have Ms Felicity, my stuffed cat, but she's the rarest collectable of my collection of Cute Cats. So, I cannot sleep with it.

Me: Uh...*blushes* I like sleeping with my Iggy Plushie. I always wanted to cuddle and kiss the big snout, and play with the tiniest feet he has right before I sleep.

Iggy: Aww, that's sweet, Di! Chloe, I believe you would know my answer is. Of course I sleep with Sir Fancybear III! Then I gave it away to Izzy! ^^

Roy: Bah, this is such a stupid question, chomp. Why am I answering this? I don't even have a stuffed animal, little lady!

Iggy and Me: Of course you do, Roy! *shows Roy his stuffed bunny*

Roy: Bucky? Where do you chomps get her?💦💢

Iggy: Oh we don't know. We jus-th-t love being a s-th-nitch! Haha! 😂

Roy: Grr...💢

Me: Moving on!

Lemmy: Chloe, you would know my answer is too. I always sleep with Lemonade! 😁

Ludwig: Well, I used to sleep with my stuffed lion named... well Mr Lion, as a child. I still have him today, but I do not sleep with him.

Iggy: *pats Ludwig on his shoulder* We-he- he-ll, Luddy, at least you and Roy are finally an adult.

Ludwig and Roy: WHAT!? 💢

Me: Oof.😮 Anyway, thanks for asking! ^^

Hacker russi pronti a minare elezioni europee, l'allarme di Microsoft

Un gruppo di hacker avrebbe  preso di mira istituzioni democratiche europee tra cui gruppi Think-tank e no-profit, in vista delle attese elezioni parlamentari europee in maggio, ha riferito Microsoft. Il 19 febbraio la compagnia di informatica ha precisato che un gruppo chiamato Strontium ha preso di mira account di posta elettronica  di oltre 100 persone in sei paesi europei che lavorano per il Consiglio tedesco - dipartimento relazioni estere, gli Aspen Institutes in Europa e il Fondo tedesco Marshall. Microsoft ha detto, in un post, che sta continuando a indagare, ma è sicura che molti degli attacchi siano originati da Strontium, un gruppo noto anche come Fancy Bear o APT28. Le autorità degli Stati Uniti avevano  già  legato il gruppo alla principale agenzia di intelligence della Russia, nota come GRU. Le compagnie di internet  sono state, spesso, accusate di non fare abbastanza per prevenire attacchi di hacker e la diffusione di notizie false, che come visto avrebbero già influenzato elezioni importanti come il voto presidenziale negli Stati Uniti e il referendum sulla Brexit. Centinaia di milioni di persone voteranno per più di 700 parlamentari parlamentari dell'Unione europea a maggio, e il recente aumento dei partiti populisti ha sollevato la possibilità  che  politici euroscettici possano costituire la maggioranza parlamentare e minare, quindi, l'Unione Europea stessa. Il Fondo Marshall tedesco ha svolto ricerche approfondite e ha documentato i tentativi russi di interferire nelle elezioni europee al fine di minare  la democrazia e la cooperazione transatlantica. In una dichiarazione, la presidente del Fondo Marshall tedesco, Karen Donfried, ha detto che gli attacchi sono sorprendenti e tendono a minare  un'organizzazione "impegnata da sempre a promuovere i valori democratici". L'organizzazione ha affermato, comunque, che i suoi sistemi non sembrano essere stati compromessi in maniera grave. Il Consiglio tedesco delle relazioni estere ha rifiutato di fornire dettagli, citando le indagini in corso. Ma una portavoce del consiglio, Eva-Maria McCormack, ha chiesto "una forte attenzione politica e pubblica" sulla questione degli attacchi informatici. Read the full article

#bearboy🐻🐾 #fatbelly #bearmex #cubbears #bearboy #cubbears #bearathome #fancybear #nakedbears #fatboy #shirtlessbear https://www.instagram.com/p/Bvp7p99Aq-fQH5E6rYEWgpm4nZKSt_Wc2nbydw0/?utm_source=ig_tumblr_share&igshid=1ouz3swbox80m

Does Trump Work For Putin Directly? The FBI Has Been Asking Since May of 2017.

Does Trump Work For Putin Directly? The FBI Has Been Asking Since May of 2017.

One of the biggest bombshells yet in the Russiagate case was dropped on America this evening. As the #TrumpShutdown entered its third week and the first missing paycheck came up for millions of Americans, the Federal Bureau of Investigation has announced that it has been pursuing an investigation into whether Donald Trump was working for Vladimir Putin directly, either knowingly or unwittingly.

T…

View On WordPress

Microsoft: We've just messed up Russian plans to attack US 2018 midterm elections

Microsoft has once again turned to US courts to seize six internet domains it says the notorious Fancy Bear hackers had set up for spearphishing US politicians and think-tanks ahead of the midterm elections in November. Along with the domain seizures, Microsoft has launched a new security service dubbed Microsoft AccountGuard, which will be available at no charge to all current US federal, state and local candidates, so long as they're using Office 365. The service includes threat detection and notifications for eligible Office 365, Outlook.com, and Hotmail accounts. Microsoft will directly notify these organizations if it detects new threats targeting users' corporate email addresses and personal accounts, while offering early access to security features usually reserved for large business and government customers. The domains seized were designed to mimic websites of the International Republican Institute, whose board includes six Republican senators, conservative think-tank the Hudson Institute, the ADFS (Active Directory Federation Services) email service of the US Senate, and Microsoft's Office 365 and OneDrive services. Microsoft said the sites were created by Fancy Bear hackers, widely believe to be linked to the Russian military. US intelligence accused Fancy Bear of hacking the Democratic National Committee's computers in 2016 and leaking sensitive emails via WikiLeaks to sway the presidential election in favor of Donald Trump and harming his opponent, Hillary Clinton. That hack occurred after a spearphishing attack against officials from Clinton's campaign team. "Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week's order fit this description," said Microsoft president and chief legal officer Brad Smith. He said Microsoft was concerned the attempts posed security threats to a broadening array of groups connected with both US political parties in the lead-up to the midterm elections. However, he noted that Microsoft has no evidence the domains have been used in any successful attack and does not have evidence who the ultimate targets were. "Despite last week's steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups, and think-tanks across the political spectrum in the United States," he noted. "Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France." The domain seizure was led by Microsoft's Digital Crimes Unit, which has used similar court orders 12 times in two years to shut down 84 bogus websites linked to the Fancy Bear, which Microsoft calls Strontium, and is also known as APT28. Microsoft's action follows the indictment by the Justice Department in July of 12 officials from the GRU, Russia's main intelligence directorate, over the DNC hack. via Microsoft: We've just messed up Russian plans to attack US 2018 midterm elections | ZDNet Read the full article

Evaluating Dutch Claims to Have Hacked Russia's 'Fancy Bear Hackers of the DNC'

Dutch Accounts of Plucky Intelligence Successes That Sound Too Good to Be True --  Because They Are...Why Would SVR Put a Top Secret Hacking Facility in the Most Touristy and Foreigner Foot Trafficked Part of Moscow Next to the Kremlin?

"In the Summer of 2015, Dutch intelligence services were the first to alert their American counterparts about the cyberintrusion of the Democratic National Committee by Cozy Bear, a hacking group believed to be tied to the Russian government. Intelligence hackers from Dutch AIVD (General Intelligence and Security Service) had penetrated the Cozy Bear computer servers as well as a security camera at the entrance of their working space, located in a university building adjacent to the Red Square in Moscow. Over the course of a few months, they saw how the Russians penetrated several U.S. institutions, including the State Department, the White House, and the DNC. On all these occasions, the Dutch alerted the U.S. intelligence services, Dutch tv programme Nieuwsuur and de Volkskrant, a prominent newspaper in The Netherlands, jointly report on Thursday. This account is based on interviews with a dozen political, diplomatic and intelligence sources in The Netherlands and the U.S. with direct knowledge of the matter. None of them wanted to speak on the record, given the classified details of the matter."  -- https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first-to-alert-u-s-about-russian-hack-of-democratic-party.html

The 2 1/2 year old Dutch intel is released, as we've reported here at RogueMoney, at a time when the RussiaGate narrative is floundering back in the U.S. The FBI's declaration that it lost five months of texts between the FBI's ranking Russian counterintelligence agent Peter Strzok and his lover, an attorney for the Bureau Lisa Page, have angered GOP members of Congress. The House Democrats led by the perpetually accusing but never proof of Russia collusion producing Rep. Adam Schiff (D-CA) are promising to release their own memo 'debunking' the four page document prepared by Rep. Devin Nunes (R-CA) and his Intel Committee staff. Schiff insists the four pager is full of inaccuracies and false accusations against the FBI, and has insisted together with Sen. Dianne Feinstein, citing the Dem-neocon #Hamilton68 agitprop project, that 'Russian bots' are promoting the #ReleasetheMemo hashtag. However even the Democrats propaganda  rag The Daily Beast had to admit, citing sources inside Twitter, that most of the hash tag's spread has been homegrown, the result of pissed off deplorables, tired of the media and Democrats #MuhRussia BS.

Employing #Hamilton68's 'so and so is retweeting something ergo they must be linked' standards of 'logic' is tempting, especially when observing #NeverTrump er neocon scumbags like Rick Wilson claiming other European intelligence services besides the Dutch have dirt on Trump and the Russians. In reality the St. Tatiana's Day 'coincidence' is likely more of a tell than the pressing need for the three letter agencies to deflect from the online and public groundswell to release the Nunes memo detailing DOJ/FBI FISA abuses -- actions which were justified to a FISA court in the name of countering Russian intelligence activities.

The Global Cold War 2 Context for the Latest 'Revelations' of Russian Hacking Perfidy

Although it's entirely possible that the publication date of the Dutch reporters was moved up in response to messages to their editors to bolster the (wildly flawed and to date never supported with declassified evidence) January 2017 U.S. intelligence assessment pushed by the Clapper/Brennan/Comey troika, the broader international context is growing Anglo-American deep state pressure on Russia ahead of the March 2018 elections and hosting of the World Cup. Since President Trump's decision announced several weeks ago to ship Javelin anti-tank missiles to the U.S./NATO propped up government in Ukraine, we've seen: 1) Secretary of State Rex Tillerson, usually thought of as a moderate on Russia in light of his oilman and business background in the country, declaring an open ended (and flagrantly illegal under international law) occupation of eastern Syria. While Russia was not explicitly named in the announcement, with the focus on countering Iranian influence in the country, the Cold War 2 implication is Washington demanding an occupation zone in the country opposite the Russian presence, as if Syria were Germany after WWII with to the victors going the spoils. Except unlike in the aftermath of that global conflict, Washington has no legal basis whatsoever for its troops presence in the country and its occupation plans remain greatly complicated by the military intervention of a third party, namely its soon to be former NATO ally in Turkey.

2) Tillerson in recent days insisting Moscow is to blame for the use of chlorine gas against civilians in eastern Ghouta near Damascus, despite no UN investigation as of yet concluding it was the Assad government and not Al-Qaeda or its 'moderate rebel' allies that released the toxic gas.

3) Ukraine passing a law revoking any special status for the Donbass, in explicit violation of the Minsk 2 accords it accepted to stop the humiliating retreat of its troops in winter 2015, with the encouragement of American special envoy Kurt Volker (himself a former aide to hardcore neocon Russophobic fanatic, Sen. John McCain). This trend, along with the U.S. having already armed the most vicious units of the Ukrainian volunteer battalions such as the Azov Battalion before the Javelin missiles were sent to the regular Ukrainian Army, is more of a gradual escalation than sudden shift in policy.

4) The British Army's chiefs justifying their desperate need for additional funds using the Russian threat, with Russian long range aviation bomber flights intercepted by the Royal Air Force dozens of miles from UK air space being covered hysterically by the jingoistic Fleet Street press.

"Today, Sen. Grassley reiterated his request to the Justice Department to open a criminal investigation of "ex"-British intelligence agent Christopher Steele. Grassley, as well as Nunes, has a memorandum he is pressing to declassify and make public. Just as Russia-Gate sags, a push for outright war is escalating, instigated by the same British coup crowd, through neo-con/neo-liberal assets. In the latest expression, a new multi-nation entity was formed in Paris Jan. 23, used as a platform to bash Russia: the "International Partnership Against Impunity for the Use of Chemical Weapons." The Syrian government is accused of using chlorine gas this week. Unfortunately, U.S. Sec. of State Rex Tillerson got in on the act of false accusations, saying that Russia is "ultimately responsible" for chemical weapons attacks in Syria. Moreover, he said "Russia's failure to resolve the chemical weapons issue in Syria calls into question its relevance to the resolution of the overall crisis." It is noteworthy that Tillerson came to Paris direct from London, where last weekend, he met with the inner circles of geopolitics. You see the British hand in the White House over Syria; and in the record of the infamous Christopher Steele—British intelligence operative, involvement in Ukraine, and later, in Russia-Gate."  -- https://larouchepac.com/20180125/truth-oozes-out-russia-gate-fraud-escalate-defeat-british-coup

A British Hand Behind the 'Dutch' Operation That Supposedly Caught the Russians in the Act of Hacking the Democrats and Numerous Other U.S. Institutions?

The fact that the Dutch and British security services have been close for centuries, despite the Netherlands never being formally admitted into the post-war (former British Empire Anglophone nations) 5Eyes club, points to the U.K. being privy to any Dutch operation to catch the Fancy/Cozy Bears in the act if not having GCHQ help run it. It is also the British, not the Dutch, who would most feel the need to justify the intelligence behind the opening of the FBI's counterintelligence investigation against the Trump campaign, and 'debunk the myth' of its origins in the work of their own 'former' MI6 man, Christopher Steele. From a logical perspective, based on what we know about Russian opsec, even hacking teams using young hackers still attending classes at the Lomonosov Moscow State University would be very unlikely to be 'hidden in plain sight' just off Red Square. For a Hollywood movie the setting is perfect. But for keeping an SVR/GRU campaign to subvert the West through the dissemination of DNC materials that actually came to Wikileaks from disgruntled (if not one murdered) Bernie bro(s) secret, it makes little sense. Last but not least, the story is interesting for what it also omits: any revealing by the Dutch of how the SVR allegedly conveyed the data trove it stole to Wikileaks.

Sitemize "Russian hackers have been targeting journalists since 2014" konusu eklenmiştir. Detaylar için ziyaret ediniz. http://acayipbisey.com/2017/12/23/russian-hackers-have-been-targeting-journalists-since-2014/