CyberScoop reports that new destructive cyberattacks could be deployed by Russian state-sponsored threat actors in a bid to strengthen their cyberespionage and influence operations.
Aside from ongoing efforts to bolster intelligence gathering and malware attack testing, Russian hackers have also been looking to continue targeting military and humanitarian supply chains, according to a report from Microsoft's Digital Threat Analysis Center.
"It is not that we necessarily think that Russia will launch a stream of cyberattacks, however we are currently seeing patterns of targeted threat activity in Ukraine similar to the early days of the invasion. Russian state actors are working to gain accesses in Ukrainian and European networks and refining their malicious toolkits further suggesting preparations are underway for espionage or destruction," said Microsoft Digital Threat Analysis Center General Manager Clint Watts.
The report follows Mandiant's report that Russian hacking operation APT28 has compromised more than 12 military, transportation, and energy networks from April to December 2022, an intrusion Mandiant Head of Intelligence Analysis John Hultquist refers to as a "propagation event."
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.