CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook with a CVSS base score of 9.8. It was first disclosed on March 14, 2023, and attributed to APT28, also known as Fancy Bear or Strontium ā a threat actor associated with the Russian General Staff Main Intelligence Directorate (GRU). The vulnerability is […]
With the ongoing russian cyber offensive operations targeting Ukraine and its allies, the aggressor is continuously launching cyber-espionage campaigns against state bodies and other organizations representing critical infrastructure. Less than a week after CERT-UA researchers warned of a spike in cyber-espionage attacks by russia-linked Shuckworm group, another nefarious hacking group comes back to the scene.Ā […]
On June 16, 2023, CERT-UA researchers issued a new alert covering the recently discovered malicious activity targeting the National Defense University of Ukraine, named after Ivan Cherniakhovskyi, the country’s leading military educational institution. In this ongoing campaign, threat actors spread PicassoLoader and Cobalt Strike Beacon on the compromised systems via a malicious file containing a […]
Since the outbreak of russiaās full-scale invasion of Ukraine, the aggressor has been targeting multiple cyber attacks against Ukraine and its allies, with a growing number of state-sponsored hacking collectives emerging and resurfacing in the cyber threat arena. During the conflict, russiaās offensive forces have launched over 2,100 attacks with disparate levels of sophistication and […]
On February 24, 2022, a little more than a year ago, the russian federation started an offensive invasion of Ukraine by land, air, and sea. The war escalated in cyberspace as well. As a result, we are now witnessing the first-ever full-fledged cyber war in human history, with multiple offensive counterparts engaged in attacks against […]
Hot on the heels of the massive phishing attacks launched by UAC-0006 at the beginning of May 2023, CERT-UA warns cyber defenders of a new wave of cyber attacks resulting in SmokeLoader infections. The latest investigation indicates that adversaries increasingly spread phishing emails with financial subject lures and use ZIP/RAR attachments to drop malicious samples […]
Since the outbreak of the full-scale war in Ukraine, cyber defenders have identified the growing volumes of cyber-espionage campaigns aimed at collecting intelligence from the Ukrainian state bodies. On May 22, 2023, CERT-UA researchers issued a new alert warning the global cyber defender community of an ongoing cyber-espionage campaign targeting the information and communication system […]
With the constantly changing cyber threat landscape and the increasing sophistication of the adversary toolkit, information exchange between cybersecurity experts is of paramount value. On January 25 and 26, 2023, the global cyber defender community welcomed the sixth JSAC2023 conference for security analysts aimed to boost their expertise in the field. This annual cybersecurity event […]
The financially-motivated hacking collective tracked as UAC-0006 comes back to the cyber threat arena exploiting the phishing attack vector and distributing the SmokeLoader malware. According to the latest CERT-UA cybersecurity alert, threat actors massively distribute phishing emails exploiting the compromised accounts with the financially related email subject and using a malicious ZIP attachment to deploy […]
The infamous russian nation-backed hacking collective tracked as APT28 or UAC-0001, which has a history of targeted attacks against Ukrainian government agencies, reemerges in the cyber threat arena. The latest CERT-UA#6562 alert confirms that over April 2023, the hacking collective has been leveraging the phishing attack vector to massively distribute spoofed emails among Ukrainian state […]