French Diplomatic Bodies Targeted in Cyber Attacks Linked to Russia
Russian-linked state-backed groups have been tied to focused cyber offensives directed at French diplomatic organizations, as per a bulletin from the country’s cybersecurity authority ANSSI.
The breaching attempts have been traced to a cluster monitored by Microsoft known as Midnight Blizzard (formerly Noble), which aligns with operations related to APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
Although APT29 and Midnight Blizzard are interchangeably attributed to intrusion sets affiliated with the Russian Foreign Intelligence Service (SVR), ANSSI stated a preference in viewing them as distinct threat clusters alongside a third one labeled Dark Halo, which was responsible for the 2020 attack via SolarWinds software.
“The hallmark of Noble is the utilization of specific codes, strategies, methods, and procedures. The majority of Noble campaigns against diplomatic organizations utilize compromised legitimate email accounts of diplomatic personnel and oversee phishing operations aimed at diplomatic institutions, embassies, and consulates,” mentioned the agency.
It is notable that the infiltration of diplomatic bodies is also watched under the designation Diplomatic Orbiter.
The assaults involve dispatching phishing emails to French governmental bodies from foreign organizations and previously hijacked individuals to kickstart a sequence of malicious activities.
“In May 2023, various European embassies in Kyiv were victims of a phishing drive orchestrated by Noble’s operators,” it reported. “The French embassy in Kyiv was among the recipients of this campaign, carried out via an email themed around a ‘Diplomatic car for sale.’“
An additional hack witnessed in the identical month targeting the French Embassy in Romania ended up unsuccessful, as per ANSSI.
Other intrusions orchestrated by the threat actor have exploited vulnerabilities in JetBrains TeamCity servers as part of an opportunistic initiative. Recently, it has also been associated with breaches at Microsoft and Hewlett Packard Enterprise (HPE).
“The targeting of IT and cybersecurity entities for espionage purposes by Noble’s operators potentially bolsters their offensive capabilities and the menace they pose,” the agency stated. “The intelligence amassed during recent penetrations of IT sector entities could serve to enhance the operations of Noble.”
The revelation coincides with Poland’s announcement that Russian hackers might be behind the DDoS assault on Telewizja Polska (TVP) which resulted in disrupting an online coverage of the Euro 2024 football event on June 16, 2024.
About Author
