Threat Intelligence, Malware

Ukraine targeted by APT28 with novel malware

Ukraine has been noted by its Computer Emergency Response Team to be subjected to attacks by Russian state-backed threat operation APT28, also known as Strontium or Fancy Bear, deploying the novel MASEPIE malware downloader, according to BleepingComputer. Intrusions by APT28, which occurred from Dec. 15 to 25, commenced with the delivery of phishing emails which included malicious links that prompted the downloading of MASEPIE, said CERT-UA. After ensuring persistence on impacted devices, MASEPIE facilitates further installation of information-stealing malware. Aside from leveraging the MASEPIE loader, APT28 has also utilized the "STEELHOOK" PowerShell script collection to enable the theft of Chromium browser-stored data, including passwords, browsing history, and authentication cookies, as well as the "OCEANMAP" backdoor for base64-encoded command execution. APT28's latest attack campaign also involved the usage of the "IMPACKET" Python class collection and remote code execution-facilitating "SMBEXEC" tools to allow reconnaissance and lateral movement efforts. All of the tools were reported by CERT-UA to have been delivered within an hour of initial compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.