20. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

American information security experts from Cluster25 and Black Lotus Labs discovered cyberattacks on employees of the Russian Foreign Ministry before the New Year holidays. They were allegedly carried out by the North Korean hacker group Konni. 

According to Black Lotus Labs, the attackers began a phishing campaign back in October. They sent some diplomats archives with information about vaccination data and sent others links to download a fake program for registering vaccinated people on the federal vaccine registry. As a result, the account of one of the employees of the Foreign Ministry (mshhlystova@mid.ru) was compromised. From this address, hackers sent a phishing email to Deputy Minister Sergei Ryabkov at SRyabkov@mid.ru on December 20. 

In addition, Cluster25 reported that another letter, which contained an infected archive was sent on December 20 to the Russian Embassy in Indonesia, the sender was listed as the diplomatic mission in Serbia. 

The Russian Foreign Ministry confirmed that the attack was real. “However, the attack was timely detected and localized by standard means of active protection of the ministry’s information infrastructure and did not spread further,” the Foreign Ministry said. The ministry stressed that the phishing attack had no destructive impact on the information infrastructure of the Foreign Ministry. 

As Anastasia Tikhonova, the head of the Group-IB threat research group expla

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: