Russian state-sponsored hackers have targeted Polish government institutions in a recent espionage campaign, according to a new report.
Poland’s computer emergency response team, CERT-PL, said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU.
Last week, several NATO countries accused the Kremlin of conducting a series of cyberattacks on their critical infrastructure. Germany, in particular, attributed an attack against its Social Democratic Party to APT28.
The same threat actor also targeted government services, critical infrastructure operators, and other entities across NATO, including in Lithuania, Slovakia and Sweden.
During the latest attacks against Poland, the hackers sent phishing emails to their victims, including one regarding a “mysterious Ukrainian woman” purportedly selling used underwear to senior authorities in Poland and Ukraine.
The hackers then tricked recipients into downloading a malicious archive containing a photo of a woman in a swimsuit, along with links to her alleged social media accounts. “This is intended to make the attackers’ narrative credible and to lull the recipient’s vigilance,” CERT-PL said.
The hackers’ script saves the downloaded file with the .jpg extension on disk, then changes the extension from .jpg to .cmd and executes it.
The likely goal of this campaign, researchers said, is to collect information about the infected computers, including IP addresses and lists of files in selected folders, and then send them to the hackers’ servers.
Russia hasn’t responded yet to the claims made by Polish officials regarding the attack. Earlier this week, Moscow called Germany’s accusations of APT28 attacks “unfounded” and said that Berlin is using a narrative about Russian hackers to escalate tensions between the countries.
In response to alleged Moscow-backed cyberattacks targeting the country’s defense, aerospace, and IT companies, Germany has recalled its ambassador to Russia to Berlin for consultations. Czechia has also announced this week that it will summon the Russian ambassador over ‘cyberattacks against Czech institutions and critical infrastructure.
Recorded Future
Intelligence Cloud.