icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

Cyber Security Threat Summary:
A new blog post from IBM’s X-Force highlights APT28’s, a group of Russian military hackers, use of Israel-Hamas conflict lures to deliver Headlace malware. For its part, Headlace is a multi-component malware that includes a dropper, a VBS launcher, and a backdoor using MSEdge in headless mode, designed to download second-stage payloads and exfiltrate credentials as well as other sensitive details. Although it is unclear how many entities have been impacted in the latest campaign, organizations in the following countries are primary targets: Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania.

Security Officer Comments:
To lure potential victims, APT 28 is employing documents associated with the United Nations, the Bank of Israel, the United States Congressional Research Service, the European Parliament, a Ukrainian think tank and an Azerbaijan-Belarus Intergovernmental Commission. In attacks observed, researchers note that the actors are exploiting the WinRAR vulnerability (CVE-2023-38831) to open a .RAR archive on the victim’s system which contains the lure documents, while the Headlace malware is executed in the background. Researchers also have observed the delivery of a legitimate Microsoft Calc.exe binary that is susceptible to DLL-hijacking, to deploy the dropper payload on targeted systems.

Suggested Correction(s):
X-Force recommends organizations to:

  • Stay abreast of newly published exploits likely to be used by APT actors.
  • Hunt for regularly spawned processes containing “msedge –headless-new –disable-gpu”.
  • Hunt for headless MS Edge processes downloading .CSS files.
  • Monitor for downloaded archives containing .CMD files.
  • Monitor for DLL hijacking via modified WindowsCodecs.dll files.
  • Monitor for filenames containing an unusually large number of consecutive whitespaces.
  • Monitor network traffic for unusual or unsanctioned commercial service use.
  • Monitor for suspicious use of browsers in headless mode.
  • Install and configure endpoint security software.
  • Update relevant network security monitoring rules.
  • Educate staff on the potential threats to the organization.
Link(s):
https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html

Contact Us for Threat Assistance
Back to Current Threats