Ukraine foils Russian cyberespionage group’s attack on critical energy facility
CERT-UA claims cybersecurity expert in a critical energy facility thwarted a cyber attack by Fancy Bear.
Ukraine’s computer emergency response team (CERT-UA) has revealed that an attack by a Russia backed cyber espionage group, Fancy Bear or APT28, on a critical energy facility in Ukraine was thwarted by a cybersecurity expert working in that organisation.
CERT-UA reported that Fancy Bear tried to get initial access to the systems of the energy facility by using phishing emails.
The sample phishing email shared by CERT-UA included three images and the message: “Hi! I talked to three girls, and they agreed. Their photos are in the archive; I suggest checking them out on the website.”. The archive contained a file in BAT format.
It may be mentioned that BAT files are scripts used in Windows to automate various tasks. If any victim runs a BAT file, it opens into fake web pages which look harmless but are capable to execute a harmful script on the targeted device.
The report mentioned that the hackers installed ToR in the system attacked.