New phishing attacks leveraging lures related to the ongoing war between Russia and Ukraine have been deployed by state-sponsored cyberespionage group Cloud Atlas against a Russian state-owned research firm and an agro-industrial enterprise, according to The Record, a news site by cybersecurity firm Recorded Future.
Both intrusions, which have been averted, involved the delivery of emails that either offered postcard delivery services to Russian soldiers in the war or detailed military reserve law modifications that included attachments enabling the exploitation of the old Microsoft Office vulnerability, tracked as CVE-2017-11882, a report from Group-IB's Russian offshoot F.A.C.C.T. revealed. The flaw was previously reported by Kaspersky to be exploitable to prompt arbitrary code execution with elevated privileges that could eventually result in total system takeovers. Such a development comes more than a year after Cloud Atlas was noted by Check Point to have escalated its espionage efforts against Russia, Belarus, and parts of Ukraine annexed by Russia.
