An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors.
The threat actor used Zulip for command-and-control, a chat application for command and control, and a TOR hidden service to access the device on the local network via the Internet, Dutch cybersecurity company EclecticIQ reported last week.
The findings corroborate prior research from the Anheng Threat Intelligence Center released last month.
EclecticIQ said it identified a second PDF file, likely used by APT29 for reconnaissance or for testing purposes.
Also used in the attacks is a Tor hidden service , which allows remote services to access an infected computer through the LAN.This report corroborates prior researches from the Netherlands Telecommunications and Electronics Consortium (Netherlands) and other security companies.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply