BleepingComputer reports that French government agencies, universities, businesses, research institutes, and think tanks had their networks compromised by Russian state-sponsored threat operation APT28, also known as Fancy Bear and Strontium, in cyberespionage attacks that commenced during the last six months of 2021.
Attacks by APT28 against French critical networks involved the targeting of Ubiquiti routers and network accounts through brute-force techniques and credentials from leaked databases, according to a report from the ANSSI, or the French National Agency for the Security of Information Systems.
APT28 was noted to have exploited a Microsoft Outlook vulnerability, tracked as CVE-2023-23397, and a Windows Support Diagnostic Tool bug, tracked as CVE-2022-30190, as well as several flaws in the Roundcube app, tracked as CVE-2020-12641, CVE-2020-35730, CVE-2021-44026, to facilitate network compromise between March 2022 and June 2023.
Several VPN clients have also been leveraged by the Russian APT, which performed data exfiltration using the CredoMap implant, Mockbin, and the Pipedream service, said ANSSI.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.