CISA orders govt agencies to patch bugs exploited by Russian hackers
22-Jun-23
Previously connected to Russia’s General Staff Main Intelligence Directorate (GRU), the nation’s military intelligence organisation, is the cyberespionage group (also known as BlueDelta, Fancy Bear). Insikt Group, a threat research division of Recorded Future, and the Computer Emergency Response Team of Ukraine (CERT-UA) conducted a collaborative investigation.
The attackers used the crisis between Russia and Ukraine to trick users into accepting malicious emails that would allow them to take advantage of Roundcube Webmail software vulnerabilities (CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026) and gain access to unpatched servers.The investigation’s findings indicate that this campaign’s main goal was to exfiltrate military intelligence in order to facilitate Russia’s invasion of Ukraine.
