XDSpy attcks Russian industries
A cyberespionage group called XDSpy has recently attacked Russian military-industrial enterprises, as per new research.
XDSpy is said to be a state-controlled hacker, in the game since 2011, that mainly targets counties across Eastern Europe and the Balkans. In its recent November campaign, attackers tried to get entry into the Russian metallurgical enterprise systems and a research organization involved in the production and development of guided missile weapons, as per Russian cybersecurity form F.A.C.C.T.
F.A.C.C.T. — an offshoot of Singapore-based cybersecurity firm Group IB — reported earlier this week that hackers sent phishing emails to their victims, posing as a research organization dealing in nuclear weapon design.
Similiar tacticts used from previous attacks
The group's tactics were similar to those used in their earlier attack on Russian companies, which included a well-known scientific facility in July. During that event, the hackers pretended to be Russia's Ministry of Emergency Situations and sent phishing emails with malicious PDF files. Researchers did not say whether attackers could break into the victims' systems and steal data.
According to F.A.C.C.T., Russia is the major target of XDSpy hackers. According to analysts, the gang used to target the country's government, military, financial institutions, and energy, research, and mining firms.
Even though the group has been active for years, there is no proof of its strikes on Russia, particularly since many foreign cybersecurity companies fled the country following the Russian takeover of Ukraine.
Spearphishing attacks used in attacks
ESET, a cybersecurity firm based in Slovakia, has been monitoring XDSpy's behavior since 2020, and researcher Matthieu Faou said that the group has constantly undertaken spearphishing efforts aimed mostly at important companies in Eastern Europe.
ESET lost first-hand visibility of cyberattacks occurring in Russia and Belarus after leaving these countries, both targets of XDSpy. However, the business announced last week that it had spotted the group's attack on a Ukrainian aerospace company.
Hackers utilized a breach chain nearly identical to the one described by F.A.C.C.T. in this attempt, which was not officially reported by Ukrainian security services and was likely unsuccessful. "We do agree with their analysis and also attribute this to XDSpy," stated Faou.
Despite the group's extensive history, analysts have not been able to pinpoint the country that is funding it. XDSpy may not have an exceptionally sophisticated toolbox, but "they have very good operative defense," according to Faou. "So far, we haven't found any errors that could point toward a specific country."
Russia: Victim of Cyberattack
Because many Western corporations have little access to computer systems in the region, reports about cyberattacks against Russia are rare.
This week, on the other hand, has been jam-packed with reports from Russian cybersecurity organizations. In addition to the XDSpy attack, F.A.C.C.T. recorded a DarkWatchman malware-based strike on Russian banks, telecom providers, logistics organizations, and IT firms. A phishing email was disguised as a newsletter from a Russian courier delivery firm by the hackers. The outcome of these strikes is uncertain.
According to the Russian cybersecurity firm Positive Technologies, which has been sanctioned by the US, another cyberattack was carried out by a new hacker gang called Hellhounds. Hellhounds has already infiltrated at least 20 Russian businesses, including government institutions, technology firms, and space and energy industries.
Rare Wolf hackers were also recorded by the cybersecurity firm BI.ZONE. According to researchers, the gang has targeted approximately 400 Russian companies since 2019.
These assessments do not reveal which countries are responsible for the attacks against Russia. However, analysts at the cybersecurity firm Solar stated in a November report that the majority of state-sponsored attacks against Russia come from North Korea and China, with a primary focus on data theft.