Summary: France’s cybersecurity agency warns of hacking group linked to Russia’s Foreign Intelligence Service (SVR) targeting French diplomatic entities.
Threat Actor: Russia’s Foreign Intelligence Service (SVR) | Russia’s Foreign Intelligence Service (SVR)
Victim: French diplomatic entities | French diplomatic entities
Key Point :
- A hacking group linked to Russia’s SVR, known as Midnight Blizzard or APT29, has launched targeted cyber attacks against French diplomatic entities.
- The group is also known by other names such as BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
- ANSSI, the French cybersecurity agency, has issued a warning about the threat to France’s diplomatic interests.
France’s cybersecurity agency has issued a warning about a hacking group linked to Russia‘s Foreign Intelligence Service (SVR), threatening the nation’s diplomatic interests. The French information security agency, ANSSI, revealed in an advisory that state-sponsored actors with ties to Russia have launched targeted Russian cyber attacks against French diplomatic entities.
Russia Cyber Attack Explained
The cyber attacks Russia have been traced to a group known as Midnight Blizzard, previously referred to as Nobelium by Microsoft. This group is also known by other names such as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes. While APT29 and Midnight Blizzard are often used interchangeably to describe these Russian-linked intrusion sets, ANSSI prefers to distinguish them as separate threat clusters. Another related group, Dark Halo, was responsible for the 2020 SolarWinds supply chain attack.
Details of the Russian Cyber Attacks
ANSSI, the Agence Nationale de la Sécurité des Systèmes d’Information, confirmed several compromises previously attributed to the Nobelium hacking group. The advisory highlighted that Western diplomatic entities, including embassies and Ministries of Foreign Affairs, have been the primary targets of Nobelium’s cyber activities. French public organizations have also been targeted multiple times through phishing emails originating from previously compromised foreign institutions.
Specific Incidents in France
Notable incidents include the compromise of email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion. While the attackers could not access parts of the networks beyond the compromised inboxes, they used these accounts to target other organizations, such as France’s Ministry of Foreign Affairs. Nobelium attempted to install Cobalt Strike, a penetration testing tool often misused by malicious actors, to gain remote access to the network, but these attempts were unsuccessful.
Broader Impact and Further Attempts
One particularly alarming incident involved a compromised email account of a French diplomat being used to send a fake message about the closure of the French Embassy in South Africa due to an unspecified terror threat. In another instance, ANSSI reported that an attempt by Nobelium to compromise the French Embassy in Romania in May 2023 was thwarted due to the vigilance of the diplomatic staff.
.ai-rotate {position: relative;}
.ai-rotate-hidden {visibility: hidden;}
.ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;}
Strategic Intelligence Gathering
The primary objective of these major Russian cyber attacks is to gather strategic intelligence from government and diplomatic targets, according to ANSSI. However, technology companies have also been affected. Earlier this year, Microsoft confirmed that Nobelium successfully compromised the email accounts of its senior leaders. Around the same time, Hewlett Packard Enterprise reported a similar breach.
Implications for IT and Cybersecurity
Russian cyber attacks Europe continue to be a significant concern for regional cybersecurity experts and governments alike. ANSSI warned that the targeting of IT and cybersecurity entities by Nobelium for espionage purposes enhances the group’s offensive capabilities, posing a significant threat. The intelligence gathered during recent attacks on IT sector entities could facilitate Nobelium’s future operations. The agency observed a high level of activity linked to Nobelium against the backdrop of geopolitical tensions, particularly in Europe, in relation to Russia’s aggression against Ukraine.
National Security Concerns
Nobelium’s activities against government and diplomatic entities represent a significant national security concern, endangering French and European diplomatic interests. ANSSI emphasized that the ongoing geopolitical tensions have amplified the threat posed by these cyber actors, urging heightened vigilance and robust cybersecurity measures to protect against such intrusions.
Conclusion
The recent Russia cyber attack Europe incident has raised serious concerns about the region’s digital security. The warning from France’s cybersecurity agency underscores the persistent and evolving threat posed by state-sponsored cyber attackers with ties to Russia. It highlights the need for continued vigilance and strengthened cybersecurity protocols to safeguard diplomatic and governmental institutions from such sophisticated cyber threats.
The sources for this piece include articles in The Hacker News and The Record.
The post Alert: French Diplomats Targeted By Russian Cyber Attacks appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/alert-french-diplomats-targeted-by-russian-cyber-attacks/
Source: https://securityboulevard.com/2024/07/alert-french-diplomats-targeted-by-russian-cyber-attacks
“An interesting youtube video that may be related to the article above”