Global APT28 cyberespionage campaign leverages Israel-Hamas war lures

Organizations across at least 13 countries, including Ukraine, Australia, Italy, and Saudi Arabia, have been subjected to a new cyberespionage campaign by Russian state-backed threat group APT28 also known as Fancy Bear, Forest Blizzard, ITG05, Sednit, Sofacy, Iron Twilight, FROZENLAKE, and TA422 that involved the usage of Israel-Hamas war-related lures to facilitate the deployment of the HeadLace malware, The Hacker News reports. HeadLace malware, which was identified by Ukraine's Computer Emergency Response Team in earlier attacks against the country's critical infrastructure, was spread through fraudulent documents linked to the United Nations, the U.S. Congressional Research Service, the Bank of Israel, and the European Parliament, suggesting that APT28 may be targeting European organizations helping with humanitarian aid, according to an IBM X-Force report. "It is highly likely the compromise of any echelon of global foreign policy centers may aid officials' interests with advanced insight into critical dynamics surrounding the International Community's (IC) approach to competing priorities for security and humanitarian assistance," said researchers.