A cyberespionage group known as XDSpy recently targeted Russian military-industrial enterprises, according to new research.
XDSpy is believed to be a state-controlled threat actor, active since 2011, that primarily attacks countries in Eastern Europe and the Balkans. In its latest campaign in November, hackers attempted to gain access to the systems of a Russian metallurgical enterprise and a research institute involved in the development and production of guided missile weapons, according to Russian cybersecurity firm F.A.C.C.T.
In a report published earlier this week, F.A.C.C.T. — an offshoot of Singapore-based cybersecurity firm Group IB — said that hackers sent phishing emails to their victims, masquerading as a research institute specializing in the design of nuclear weapons.
The group’s tactics mirrored their previous attack on Russian companies, including a well-known research institute in July. During that incident, the hackers posed as Russia’s Ministry of Emergency Situations, sending phishing letters containing malicious PDF attachments. Researchers didn’t disclose whether the hackers managed to penetrate the victims’ systems and steal data.
F.A.C.C.T. claimed that Russia is the primary target of XDSpy hackers. The group has previously targeted the country’s government, military, and financial institutions, along with energy, research, and mining companies, researchers said.
Although the group has been active for years, there is limited evidence of its attacks on Russia, especially since many foreign cybersecurity firms exited the country following its invasion of Ukraine.
Slovak-based cybersecurity firm ESET has monitored XDSpy’s activity since 2020 and researche ..
Support the originator by clicking the read the rest link below.
