company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

APT29

Russia

spear-phishing

loading..
loading..
loading..

Cyberspies linked to Russian Intelligent Forces targeted Slovak Government via phishing campaigns

Cyberspies linked to APT29 group & Russian Intelligence forces targeted Slovak government by deploying malware through malicious emails & spear-phishing campaig...

14-Aug-2021
2 min read

A Cyber-espionage group associated with one of Russia's Intelligent forces affected the Slovak government for several months by deploying malware through phishing campaigns.

Slovak security firms ESET and IstroSec, first identified the group of Cyberspies that conducted the malware campaigns between February and July 2021. The security firms reported that the attacks were associated with a group called Dukes, Nobelium, or APT29, which is supposedly linked to the Russian Foreign Intelligence Service known as SVR involved in the SolarWinds attacks earlier this year.

ESET and IstroSec stated that the attackers recently choreographed multiple spear-phishing campaigns targeting Slovak officials. The operators behind SVR sent several emails to Slovak diplomats pretending to be the Slovak National Security Authority (NBU). The malicious emails included some documents, which after downloading installed a Cobalt Strike backdoor on infected systems.

The security team at IstroSec stated that "Some of the SVR C&C servers also hosted documents that appeared to have been aimed at Czech government officials as well." ESET tracked down the threat group's recent campaign that intended to target diplomats in approximately 13 European countries.

HMTL-ISO

All the attacks followed similar mechanisms (email-> ISO disk image -> LNK shortcut file -> Cobalt Strike backdoor), a similar tactic that was used in two more incidents earlier this year from Volexity and Microsoft.