A Major APT28 Cyberattack on Critical Energy Infrastructure Thwarted by Ukraine’s CERT

A Major APT28 Cyberattack on Critical Energy Infrastructure Thwarted by Ukraine’s CERT

The unnamed important energy infrastructure facility in Ukraine was the target of a cyberattack that was successfully thwarted, according to a report released on Tuesday by the Computer Emergency Response Team of Ukraine (CERT-UA).

According to the agency, the attack was started by a phishing email with a link to a malicious ZIP download, which started the infection process.

According to CERT-UA, clicking the link will cause a ZIP package containing three JPG pictures (decoys) and a BAT file titled “weblinks.cmd” to be downloaded to the victim’s PC. They blamed the Russian threat actor APT28, also known as BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE, for carrying out this attack.

Following the CMD file’s execution, the assault then launches a number of bogus web pages, generates.bat and.vbs files, and starts a VBS program that then launches a BAT file.

Following this step, the attackers use the “whoami” command to gather and exfiltrate the information from the compromised system. They download a TOR hidden service at the same time to direct harmful traffic through.

The attackers use a scheduled job to maintain persistence and remote command execution is made possible using cURL using the legitimate service webhook. site, which has recently been linked to the threat actor Dark Pink.

The attempt was unsuccessful, according to CERT-UA, since access to Mocky and the Windows Script Host (wscript.exe) was blocked. It’s important to note that APT28 has already been linked to the use of Mocky APIs.

This information is crucial given the continuing phishing campaign that targets Ukraine. Some of these assaults have been found to spread AsyncRAT using the commercial malware obfuscation program ScruptCrypt.

Read also:

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.