Ukraine War: Russian Hackers Target Arms

Ukraine War: Russian Hackers Target Arms

May 15, 2025 Catherine Williams World

Russian Hackers Target Arms Suppliers Aiding Ukraine, Security Firm Says

Table of Contents

A notorious russian hacking group has been targeting armaments companies involved in supplying weapons to Ukraine, according to a study released by Slovakian security ⁤firm Eset. The group, known as ‍Fancy Bear, has focused​ its efforts on arms manufacturers in Bulgaria, Romania, and Ukraine, whose equipment is crucial​ to Ukraine’s defense against Russia’s ongoing military actions.

⁣ ⁣ The Eset study indicates that companies in South America and Africa have also been affected by what‌ they are calling “Operation Roundpress.” ‌The hackers‌ are exploiting vulnerabilities in widely used webmail software. Researchers found that the attacks typically⁢ begin⁣ with deceptive emails disguised as news reports,sometimes impersonating legitimate news outlets such as​ the Kyiv Post,a Ukrainian weekly newspaper. Opening the email in a browser⁤ triggers the execution ⁤of malicious code.

⁤ ‍ ‍ According ‌to Matthieu Faou, an Eset researcher, many organizations are using​ outdated webmail ‌servers. “Even the mere display of an email ‌in the browser can be ‍enough ‍to carry out malice code without‌ the recipient actively clicking something,” ‌Faou said.

Kremlin’s Cyber Strategy: ‌Influence and Destabilization

⁢ Analysis of the attacks​ revealed malware capable of extracting access credentials and intercepting emails. The study also found that the hackers bypassed two-factor authentication (2FA), a common ‌security measure, by using application passwords to gain persistent access‍ to mailboxes.

⁢ Fancy Bear, also known as Sednit ​or APT28, has⁣ been linked to previous cyberattacks, including those targeting the German ​Bundestag in 2015, U.S. ⁣politician Hillary Clinton in 2016, and the Social Democratic Party (SPD) headquarters in 2023. Experts believe the group is ‌part of a broader ⁤strategy by⁢ Russian intelligence services to use cyberattacks ​for political influence and destabilization. Their activities include espionage ⁤and targeted disinformation campaigns aimed​ at Western democracies.

Correction: An earlier version of this⁢ article incorrectly identified Eset as ‍a German security company. The company is ⁣based in Bratislava, Slovakia.

Russian Hackers Targeting Arms Suppliers: A Q&A

Who⁢ is targeting armaments companies involved​ in supplying weapons to Ukraine?

According to a study by Slovakian ‌security firm eset, a ‌Russian hacking group known as Fancy Bear is targeting arms suppliers aiding Ukraine.

What is ‌”Fancy‍ Bear” ⁢also known as?

Fancy Bear is also known as Sednit or APT28.

Where⁢ are these attacks focused?

The attacks are primarily focused on arms manufacturers in:

⁢ Bulgaria

Romania

Ukraine

these countries are key to Ukraine’s defense due to their equipment supply. Additionally,​ the Eset study indicates that companies in South America and Africa have also ⁢been affected.

What kind‌ of cyberattacks are being used?

The attackers‌ are exploiting vulnerabilities in widely‍ used webmail software. The attacks typically begin with deceptive emails disguised as news reports.

How do these attacks⁣ work?

The attacks often impersonate legitimate news outlets, such as the Kyiv Post. Opening these emails in a browser triggers the ⁢execution of⁤ malicious code.

What vulnerabilities are being exploited?

The ‍hackers are exploiting vulnerabilities in widely used webmail software.

Why⁤ are outdated webmail servers a problem?

According to Eset researcher Matthieu Faou, many organizations are using outdated webmail servers. ​This poses a significant risk because ⁤malicious code can be⁣ executed merely by displaying an email in ‍the browser, without the recipient needing ⁣to click on anything.

What kind of​ data is being stolen?

Analysis of the⁤ attacks has revealed malware ⁤capable of extracting:

Access credentials

​ ​Intercepting emails

How are the hackers bypassing security measures?

The hackers are bypassing two-factor authentication (2FA), a common‍ security measure, ⁢by using submission passwords ⁣to gain persistent access to mailboxes.

What is “Operation Roundpress”?

“Operation Roundpress” is the name Eset researchers have given to this series ​of cyberattacks.

Has Fancy Bear been⁢ involved in previous cyberattacks?

Yes, Fancy Bear has been linked to⁣ numerous previous cyberattacks, demonstrating‍ a history of targeting significant entities.

What are some of Fancy Bear’s previous targets?

The German​ Bundestag in ​2015

U.S. politician Hillary‌ Clinton in 2016

The Social Democratic Party (SPD) headquarters in 2023

What ​is the broader⁣ strategy behind ⁢these cyberattacks?

Experts believe these attacks are⁣ part⁢ of a strategy by Russian intelligence services to use cyberattacks for political influence and destabilization. This involves:

⁣ Espionage

​‌ Targeted disinformation ‌campaigns aimed at‌ Western democracies

What are the key ‌takeaways from the Eset study?

The Eset study⁢ highlights the⁤ sophisticated and persistent nature of Russian cyberattacks, particularly their focus on disrupting critical ⁤supply chains and gathering intelligence. Hear’s a summary table:

Aspect details
Attacking Group Fancy ⁤Bear (APT28, Sednit)
Primary Targets Arms manufacturers in Bulgaria, Romania,​ Ukraine, and⁢ companies in South America and Africa
Attack Method exploiting webmail vulnerabilities⁣ via deceptive emails
Purpose Espionage, disinformation, and destabilization; part of a broader Russian strategy.
Data ⁤Stolen Access‌ credentials, intercepted emails.
, , , , , ,