Several French critical networks subjected to Russian APT attacks

BleepingComputer reports that French government agencies, universities, businesses, research institutes, and think tanks had their networks compromised by Russian state-sponsored threat operation APT28, also known as Fancy Bear and Strontium, in cyberespionage attacks that commenced during the last six months of 2021. Attacks by APT28 against French critical networks involved the targeting of Ubiquiti routers and network accounts through brute-force techniques and credentials from leaked databases, according to a report from the ANSSI, or the French National Agency for the Security of Information Systems. APT28 was noted to have exploited a Microsoft Outlook vulnerability, tracked as CVE-2023-23397, and a Windows Support Diagnostic Tool bug, tracked as CVE-2022-30190, as well as several flaws in the Roundcube app, tracked as CVE-2020-12641, CVE-2020-35730, CVE-2021-44026, to facilitate network compromise between March 2022 and June 2023. Several VPN clients have also been leveraged by the Russian APT, which performed data exfiltration using the CredoMap implant, Mockbin, and the Pipedream service, said ANSSI.