State-sponsored actors with ties to Russia have been linked to focused cyber assaults aimed toward French diplomatic entities, the nation’s info safety company ANSSI mentioned in an advisory.
The assaults have been attributed to a cluster tracked by Microsoft beneath the title Midnight Blizzard (previously Nobelium), which overlaps with exercise tracked as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
Whereas the monikers APT29 and Midnight Blizzard have been interchangeably used to consult with intrusion units related to the Russian Overseas Intelligence Service (SVR), ANSSI mentioned it prefers to deal with them as disparate risk clusters alongside a 3rd one dubbed Darkish Halo, which has been held liable for the 2020 provide chain assault by way of SolarWinds software program.
“Nobelium is characterized by the use of specific codes, tactics, techniques, and procedures. Most of Nobelium campaigns against diplomatic entities use compromised legitimate email accounts belonging to diplomatic staff, and conduct phishing campaigns against diplomatic institutions, embassies, and consulates,” the company mentioned.
It is price noting that the concentrating on of diplomatic entities can also be monitored beneath the title Diplomatic Orbiter.
The assaults entail sending phishing emails to French public organizations from overseas establishments and people beforehand compromised by the risk actor to provoke a collection of malicious actions.
“In May 2023, several European embassies in Kyiv were targeted by a phishing campaign conducted by Nobelium’s operators,” it mentioned. “The French embassy in Kyiv was one of the targets of this campaign, which was conducted through an email that was themed about a ‘Diplomatic car for sale.'”
One other assault noticed in the identical month concentrating on the French Embassy in Romania was in the end unsuccessful, ANSSI famous.
Different intrusions mounted by the risk actor have leveraged safety flaws in JetBrains TeamCity servers as a part of an opportunistic marketing campaign. In latest months, it has additionally been linked to breaches of Microsoft and Hewlett Packard Enterprise (HPE).
“The targeting of IT and cybersecurity entities for espionage purposes by Nobelium operators potentially strengthens their offensive capabilities and the threat they represent,” the company mentioned. “The intelligence gathered during recent attacks against IT sector entities could also facilitate Nobelium’s future operations.”
The disclosure comes as Poland revealed that Russian hackers may very well be behind the DDoS assault on Telewizja Polska (TVP) that led to the disruption of a web-based broadcast of the Euro 2024 soccer match on June 16, 2024.
