APT29/Nobelium Targets Embassies
Government
APT29/Nobelium Targets Embassies
Industry: Government | Level: Tactical | Source: Fortinet
Research from FortiGuard has identified threat actor group, APT29/Nobelium/Cozy Bear to be targeting embassies as an observed email impersonating the "Embassy of the Republic of Turkey." Analysis of the email's malicious HTML attachment uncovers a malicious JavaScript, which creates an ISO file requiring the user to execute the ISO file. A shortcut pointing to a malicious DLL file is executed for Cobalt Strike. This tactic is likely conducted to monitor activity in embassies to assist in Russian operations.
- Anvilogic Scenario: Malicious Document Delivering Malware
- Anvilogic Use Cases:
- Rundll32 Command Line
- Suspicious File written to Disk