Researchers report a new wave of cyber espionage aimed at Ukrainian scientific and research institutions, linked to the APT28 group, also known as Fancy Bear or BlueDelta, associated with Russian military intelligence (GRU), as reported by CERT-UA
CERT-UA, Ukraine's computer security incident response team, noted that in early July of the current year, the group UAC-0063 used known malware programs Hatvibe and Cherryspy. These programs had previously been used in a cyber espionage campaign targeting a government agency in Ukraine.
Researchers associate UAC-0063 with APT28 based on medium-confidence analysis. APT28 is known for its actions against countries and organizations, including numerous attacks on Ukraine and its partners.
Hackers operating on behalf of APT28 employed various tactics, including exploiting a vulnerability in HFS, a web server used for file sharing over HTTP. This allowed them to install the Hatvibe backdoor and initiate cyber espionage.
In addition to Ukraine, institutions in other countries, such as Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India, have also been targeted by UAC-0063. Documents related to attacks on the Armenian Ministry of Defense found in the VirusTotal repository confirm the global reach of the group's activities.
