Attempted spear-phishing attack against NATO state-based petroleum refinery sought to obtain intelligence

CyberScoop reports that Russia-linked advanced persistent threat group Trident Ursa, also known as Gamaredon or Armageddon, has deployed a spear-phishing attack against a major petroleum refining firm in a NATO member state. Spear-phishing emails sent by Trident Ursa in the campaign consisted of files with "military assistance" and other similar terms, which aimed to obtain key intelligence and secure better network access amid the ongoing Russia-Ukraine war, a report from Palo Alto Network's Unit 42 revealed. Despite only having less than 10 members, the Trident Ursa operation continues to be among the most active and pervasive APTs impacting Ukraine, researchers said. "This groups operations are regularly caught by researchers and government organizations, and yet they dont seem to care. They simply add additional obfuscation, new domains, and new techniques and try again often even reusing previous samples," said the report, which also detailed the operation's use of geo-blocking in their attacks, as well as pop culture references in their domain names.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.