Organizations across at least 13 countries, including Ukraine, Australia, Italy, and Saudi Arabia, have been subjected to a new cyberespionage campaign by Russian state-backed threat group APT28 also known as Fancy Bear, Forest Blizzard, ITG05, Sednit, Sofacy, Iron Twilight, FROZENLAKE, and TA422 that involved the usage of Israel-Hamas war-related lures to facilitate the deployment of the HeadLace malware, The Hacker News reports.
HeadLace malware, which was identified by Ukraine's Computer Emergency Response Team in earlier attacks against the country's critical infrastructure, was spread through fraudulent documents linked to the United Nations, the U.S. Congressional Research Service, the Bank of Israel, and the European Parliament, suggesting that APT28 may be targeting European organizations helping with humanitarian aid, according to an IBM X-Force report.
"It is highly likely the compromise of any echelon of global foreign policy centers may aid officials' interests with advanced insight into critical dynamics surrounding the International Community's (IC) approach to competing priorities for security and humanitarian assistance," said researchers.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.