Ukraine Targeted by a Russian APT Hacker Team

Russian Apt Hacker Team Strikes Out

Russian APT Hacker Team Strikes Out

The Military and the Government are under the gun once again. The country of Ukraine was very recently targeted by a Russian APT Hacker team. The intended targets of this attack weren’t just high-ranking decision makers, but also lower level officials working under the Government in fields like Journalism, Law Enforcement, Diplomacy, NGOs and Foreign Affairs.

We will be taking a closer look at the attack and understand how it different and yet very similar to all phishing attacks at once. But first let us understand about APT.

Advanced Persistent Threats

According to CSO Online, an Advanced Persistent Threat (APT) is a cyberattack executed by criminals or nation-states with the intent to steal data or survey systems over an extended time period. The attacker has a specific target and goal in mind. He/she has spent time and resources to identify which vulnerabilities they can exploit to gain access, and to design an attack that will likely remain undetected for a long time. That attack often includes the use of custom malware.

The Attack

The attack was carried out through a dangerous Word file, with a .dot extension (Document Template) file forced in externally through Template Injection techniques. The file was then blasted off to several victims through spear-phishing emails. Through these fraudulent emails, the hacker team hinted that the word file contained official details of requirements instituted by the Chief of the General Staff, and some other bogus claims that would provoke officials to download the attachment. On download, the .dot file would start triggering VBA macros that commence their damaging work discreetly in the background.

What the macro does is write a VBA script in the start-up registry of the machine. This script then changes the security settings in the System Root Registry of Windows (or its equivalent for other operating systems). By doing so, the script attempts to disable security blockages that keep VBA macros from executing.

If this operation is successful, the victim is targeted with a second stage payload, otherwise left alone.

What is the significance of such an attack?

This type of attack — rare, but definitely not unprecedented — works in levels and not all at once. The malicious code written has evolved to check for the conditions it finds conducive for its working. It also means showing just vigilance about downloading attachments from the mail won’t be enough as malware can be injected separately, after you’ve let down your guard. What this means is you need a full-proof security solution stack that takes care of all-round online security for you.


What are we passionate about?

Logix since 1999, is a committed and acknowledged provider of managed services, solutions and products in the Cyber security space with a dedicated team of nearly 20+ professionals supporting Business enterprises across PAN India from Banks, Government entities to Financial Institutions. With a strong focus on research and innovation, we have built extensive capability around Big Data for Security Analytics, Response, and Security Automation.

With more than 19 Years of experience in Enterprise Email & Email Security Logix is well positioned with its experts to discover, interpret, assess and analyze your DMARC compliance. Make your Domain a “NO Phishing Zone” with DMARC Monitor, our comprehensive compliance based analytics that safeguards business enterprises against domain phishing & spoofing.

Over 82% Business enterprises worldwide fall prey to domain spoofing/impersonation crimes by Cyber Criminals leading

to enormous irrevocable financial loss jeopardizing the Brand’s repute.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system, designed to detect and prevent email spoofing. It is an email authentication standard for receiving mail servers to determine how to evaluate emails that claim to be from your/sender domain & works on “mail from” address.

We have also launched an online platform to make your product/services procurement hassle free and convenient.


Leave a Reply

Your email address will not be published. Required fields are marked *

Continue to chat
Hello 👋
Let us know how we can help you!