APT29/Nobelium Targets Embassies

  |  Source: 

APT29/Nobelium Targets Embassies

Industry: Government | Level: Tactical | Source: Fortinet

Research from FortiGuard has identified threat actor group, APT29/Nobelium/Cozy Bear to be targeting embassies as an observed email impersonating the "Embassy of the Republic of Turkey." Analysis of the email's malicious HTML attachment uncovers a malicious JavaScript, which creates an ISO file requiring the user to execute the ISO file. A shortcut pointing to a malicious DLL file is executed for Cobalt Strike. This tactic is likely conducted to monitor activity in embassies to assist in Russian operations.

  • Anvilogic Scenario: Malicious Document Delivering Malware
  • Anvilogic Use Cases:
  • Rundll32 Command Line
  • Suspicious File written to Disk

Get trending threats published weekly by the Anvilogic team.

Sign Up Now