Subj : Russian hackers use fake "Windows update" to attack government ta To : All From : TechnologyDaily Date : Tue May 02 2023 11:15:03 Russian hackers use fake "Windows update" to attack government targets Date: Tue, 02 May 2023 10:05:29 +0000 Description: Ukrainian government staff targeted with sophisticated phishing emails pushing fake Windows updates. FULL STORY ====================================================================== Russian cybercriminals have been observed targeting Ukrainian government employees with information-stealing malware by posing as IT staff working in these institutions. Cybersecurity researchers from the Computer Emergency Response Team of Ukraine (CERT-UA) spotted the hacking campaign in which Russian state-sponsored hackers from the APT28 threat actor (also known as Fancy Bear) were sending emails to Ukraine government employees. These emails claimed to be from the government's IT department, and urged them to update their Windows devices immediately in order to prevent possible cyberattacks. Posing as Ukrainians The researchers could not say how the attackers obtained this information, but to improve their credibility, the hackers would create @outlook.com email addresses, using the names of real people working in these organizations. If any victims took the bait, the attackers would advise them to run a PowerShell command which, instead of updating the device, downloaded an information-stealing malware. This malware abuses the tasklist and systeminfo commands to harvest sensitive data and send them to a Mocky service API via an HTTP request. Read more > These are the best firewalls right now > Russia's quest to seize control of the internet in Ukraine > Ukraine wants Russia kicked off the internet To make sure no one falls for the trick, CERT-UA recommends actual IT departments restrict the ability to run PowerShell commands on critical devices and monitor network traffic for suspicious activity, especially if somethings connecting to the Mocky service API. The Russo-Ukrainian war thats been raging for more than a year now is being fought on two fronts - one physical, and one in cyberspace. Russian hackers have been hard at work, trying to infect government endpoints with malware, as well as trying to bring down key government and media websites. In fact, almost two-thirds (60%) of all phishing emails that targeted Ukrainian targets in the first quarter of the year came from Russian threat actors, Googles Threat Analysis Group (TAG) says. TAG also claims APT28 is one of the key players in this campaign. Here's our rundown of the best endpoint protection right now Via: BleepingComputer ====================================================================== Link to news story: https://www.techradar.com/news/russian-hackers-use-fake-windows-update-to-atta ck-government-targets --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .