Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Fancy Bear’s Used Car Scam: Diplomatic Phishing Lure Unveiled
Russian threat actor Fighting Ursa is back, this time using a fake Audi Q7 ad to lure diplomats into malware traps. This campaign, targeting diplomats since March 2024, showcases their knack for recycling old tactics and exploiting known vulnerabilities.
Hot Take:
Who knew car shopping could be so dangerous? Just when you thought you might score a sweet diplomatic deal on an Audi Q7, BAM! You’re hit with a heaping dose of Russian malware. In the digital world, even car salesmen can’t be trusted!
Key Points:
- Fighting Ursa (aka Fancy Bear, APT28, Sofacy) is back with a new phishing campaign targeting diplomats.
- Phishing lure: A fake car advertisement for an Audi Q7 hosted on legitimate services like Webhook.site and ImgBB.
- Malware involved: HeadLace backdoor, delivered via a ZIP archive containing a malicious .jpg.exe file.
- Attack chain: Starts with checking if the visitor’s system is Windows-based and ends with a batch file executing hidden commands.
- Attribution: Medium to high confidence that Fighting Ursa is behind the attack, given their known tactics and malware.
Already a member? Log in here