Russian State Hackers Phish Euro Governments Ahead of Elections (Mar 21, 2019)
Two threat groups believed to be sponsored by the Russian Federation government, Advanced Persistent Threat (APT) group "APT28" and the "Sandworm Team," have been found to be targeting NATO member countries and European countries, according to FireEye researchers. The researchers claimed that the groups are distributing spear phishing emails to said entities with the objective of stealing governmental credentials by directing email recipients to a fake login page to government portals. The two groups' spear phishing campaigns appear to be coordinated except that the Sandworm Team tends to utilize open source tools while APT28 uses customized tools. While this malicious activity is taking place prior to the European Parliament election (May 23-26, 2019), it is yet to be confirmed that the objective of these groups is to gather information about the election.
Recommendation: Spear phishing emails represent a significant security risk because the sending email will often appear legitimate to the target; sometimes a target company email is compromised and used for such emails. Education is the best defense, inform your employees on what to expect for information requests from their managers and colleagues. Employees should also be aware of whom to contact when they suspect they are the target of a possible spear phishing attack. Defense in depth (layering of security mechanisms, redundancy, fail safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host based security, as well as having prevention and detection capabilities in place.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.