Sponsored by

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Take control of your AWS spend and cut backup bills by 50%

As cloud adoption increases to run modernized applications, costs can quickly rise out of control. How do best-in-class companies manage their storage spend while continuing to grow the business? Clumio, a cloud-native backup solution, depends on cloud storage to run their entire business. They took a FinOps approach to optimizing their costs, and reduced their AWS dev costs by over 50%.

APT28 Global Phishing Alert

The notorious threat actor APT28, also known as Fancy Bear and ITG05, has resurfaced with a series of sophisticated phishing campaigns spanning across Europe, the South Caucasus, Central Asia, as well as North and South America. These campaigns, outlined in a recent report by IBM X-Force, employ lure documents masquerading as government and non-governmental organizations (NGOs) to lure unsuspecting victims.

According to IBM X-Force, the lure documents used in these campaigns cover a wide range of sectors, including finance, critical infrastructure, executive engagements, cyber security, and healthcare. The breadth of these lures suggests a strategic and multifaceted approach by APT28 to target organizations across various industries.

In addition to their phishing activities, APT28 has been observed leveraging vulnerabilities in Microsoft Outlook to deploy bespoke implants such as MASEPIE, OCEANMAP, and STEELHOOK. These implants are designed to exfiltrate sensitive data, execute arbitrary commands, and steal browser information.

Notably, APT28's tactics have evolved to exploit weaknesses in Microsoft Windows, utilizing the "search-ms:" URI protocol handler to deceive victims into downloading malware from actor-controlled WebDAV servers. Furthermore, evidence suggests that compromised Ubiquiti routers may be hosting both the WebDAV servers and the command-and-control (C2) servers for the malware implants.

Despite recent takedowns of related infrastructure, APT28 continues to demonstrate adaptability and resilience, leveraging commercially available infrastructure and evolving their malware capabilities. This underscores the importance of ongoing vigilance and robust cybersecurity measures to mitigate the threat posed by APT28 and similar threat actors.

Stay informed, stay vigilant, and stay protected against the landscape of evolving cyber threats.