🇵🇱 🇷🇺 Ruská skupina Sandworm v roce 2025 útočila na polskou energetiku
https://infoek.cz/ruska-skupina-sandworm-v-roce-2025-utocila-na-polskou-energetiku-2026/
🇵🇱 🇷🇺 Russian group Sandworm attacked Polish energy sector in 2025
#RussianAPT #Russia #APT #Poland #CyberSecurity #Tech #Sandworm #ESET
"🚨 #BreakingNews: WinRAR Vulnerability Exploited by Russian APT! 🇷🇺🔓"
In October 2023, a cyber threat linked to a Russian nation-state actor exploited a vulnerability in WinRAR (CVE-2023-38831) for credential harvesting. The attack used a malicious archive file (IOC_09_11.rar) disguised as an IoC sharing file. Beware of phishing lures! 🎣📧
The BAT script initiated a series of PowerShell commands. Firstly, it wrote a Private RSA Key, enabling the attacker to establish a reverse shell for access to the victim's machine. Subsequently, a PowerShell script was executed to exfiltrate data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen data was sent to a designated URL via the legitimate Webhook.site service.
This sophisticated attack was potentially associated with the Russian state-sponsored group APT28 (aka Fancy Bear, Sednit), according to Cluster25. The attack tactics and techniques align with various stages of the MITRE ATT&CK matrix, including spearphishing attachment, malicious file execution, and data exfiltration over a web service.
Indicators of compromise (IoCs) include payload hash values (SHA256, SHA1, MD5) and the IP address (216.66.35.145) and URL (http://webhook.site/e2831741-d8c8-4971-9464-e52d34f9d611) associated with the attacker's infrastructure. This incident underscores the importance of timely software patching and user awareness to prevent such cyber threats.
Source: Cluster25 Blog
Tags: #CVE202338831 #WinRAR #Phishing #CyberSecurity #APT #RussianAPT
infoek.cz 
🛡 