Czechia and Germany have exposed a long-running cyber espionage campaign conducted by the notorious Russia-linked APT28 hacking group, drawing harsh criticism from international organizations like the European Union (EU), the North Atlantic Treaty Organization (NATO), the United Kingdom, and the United States.
The Czech Republic’s Ministry of Foreign Affairs revealed that certain entities within the country were targeted using a critical Microsoft Outlook vulnerability (CVE-2023-23397), allowing Russian state-sponsored hackers to escalate privileges and potentially gain unauthorized access.
Germany Accuses APT28 of Targeting Social Democratic Party
Similarly, Germany’s Federal Government attributed the APT28 threat actor, also known as Fancy Bear, Pawn Storm, and Sofacy, to a cyber attack aimed at the Executive Committee of the Social Democratic Party, exploiting the same Outlook flaw over a “relatively long period” to compromise numerous email accounts.
The targeted industries spanned logistics, armaments, air and space, IT services, foundations, and associations located in Germany, Ukraine, and other European regions. Germany also implicated APT28 in the 2015 cyber attack on the German federal parliament (Bundestag).
Widespread Condemnation of Russia’s Malicious Cyber Activities
NATO stated that Russia’s hybrid actions “constitute a threat to Allied security,” while the Council of the European Union condemned Russia’s “continuous pattern of irresponsible behavior in cyberspace.”
The UK government described the recent APT28 activity, including targeting the German Social Democratic Party, as “the latest in a known pattern of behavior by the Russian Intelligence Services to undermine democratic processes across the globe.”
The US Department of State acknowledged APT28’s history of engaging in “malicious, nefarious, destabilizing and disruptive behavior,” and reiterated its commitment to upholding a “rules-based international order, including in cyberspace.”
Disruption of APT28’s Criminal Proxy Botnet
Earlier in February, a coordinated law enforcement action disrupted a botnet comprising hundreds of SOHO routers in the US and Germany believed to have been used by APT28 to conceal their malicious activities, such as exploiting CVE-2023-23397 against targets of interest.
Cybersecurity researchers warn that Russian state-sponsored cyber threats, including data theft, destructive attacks, DDoS campaigns, and influence operations, pose severe risks to upcoming elections in regions like the US, UK, and EU, with multiple hacking groups like APT28, APT44 (Sandworm), COLDRIVER, and KillNet expected to be active.
Securing Critical Infrastructure from Pro-Russia Hacktivist Attacks
Government agencies from Canada, the UK, and the US have released a joint fact sheet to help critical infrastructure organizations secure against pro-Russia hacktivist attacks targeting industrial control systems (ICS) and operational technology (OT) systems since 2022, often exploiting publicly exposed internet connections and default passwords.
The recommendations include hardening human-machine interfaces, limiting internet exposure of OT systems, using strong and unique passwords, and implementing multi-factor authentication for all access to the OT network.