France’s cybersecurity agency has issued a warning about a hacking group linked to Russia‘s Foreign Intelligence Service (SVR), threatening the nation’s diplomatic interests. The French information security agency, ANSSI, revealed in an advisory that state-sponsored actors with ties to Russia have launched targeted Russian cyber attacks against French diplomatic entities.
The cyber attacks Russia have been traced to a group known as Midnight Blizzard, previously referred to as Nobelium by Microsoft. This group is also known by other names such as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes. While APT29 and Midnight Blizzard are often used interchangeably to describe these Russian-linked intrusion sets, ANSSI prefers to distinguish them as separate threat clusters. Another related group, Dark Halo, was responsible for the 2020 SolarWinds supply chain attack.
ANSSI, the Agence Nationale de la Sécurité des Systèmes d’Information, confirmed several compromises previously attributed to the Nobelium hacking group. The advisory highlighted that Western diplomatic entities, including embassies and Ministries of Foreign Affairs, have been the primary targets of Nobelium’s cyber activities. French public organizations have also been targeted multiple times through phishing emails originating from previously compromised foreign institutions.
Notable incidents include the compromise of email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion. While the attackers could not access parts of the networks beyond the compromised inboxes, they used these accounts to target other organizations, such as France’s Ministry of Foreign Affairs. Nobelium attempted to install Cobalt Strike, a penetration testing tool often misused by malicious actors, to gain remote access to the network, but these attempts were unsuccessful.
One particularly alarming incident involved a compromised email account of a French diplomat being used to send a fake message about the closure of the French Embassy in South Africa due to an unspecified terror threat. In another instance, ANSSI reported that an attempt by Nobelium to compromise the French Embassy in Romania in May 2023 was thwarted due to the vigilance of the diplomatic staff.
The primary objective of these major Russian cyber attacks is to gather strategic intelligence from government and diplomatic targets, according to ANSSI. However, technology companies have also been affected. Earlier this year, Microsoft confirmed that Nobelium successfully compromised the email accounts of its senior leaders. Around the same time, Hewlett Packard Enterprise reported a similar breach.
Russian cyber attacks Europe continue to be a significant concern for regional cybersecurity experts and governments alike. ANSSI warned that the targeting of IT and cybersecurity entities by Nobelium for espionage purposes enhances the group’s offensive capabilities, posing a significant threat. The intelligence gathered during recent attacks on IT sector entities could facilitate Nobelium’s future operations. The agency observed a high level of activity linked to Nobelium against the backdrop of geopolitical tensions, particularly in Europe, in relation to Russia’s aggression against Ukraine.
Nobelium’s activities against government and diplomatic entities represent a significant national security concern, endangering French and European diplomatic interests. ANSSI emphasized that the ongoing geopolitical tensions have amplified the threat posed by these cyber actors, urging heightened vigilance and robust cybersecurity measures to protect against such intrusions.
The recent Russia cyber attack Europe incident has raised serious concerns about the region’s digital security. The warning from France’s cybersecurity agency underscores the persistent and evolving threat posed by state-sponsored cyber attackers with ties to Russia. It highlights the need for continued vigilance and strengthened cybersecurity protocols to safeguard diplomatic and governmental institutions from such sophisticated cyber threats.
The sources for this piece include articles in The Hacker News and The Record.
The post Alert: French Diplomats Targeted By Russian Cyber Attacks appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/alert-french-diplomats-targeted-by-russian-cyber-attacks/