Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire

Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire

A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint.


The advanced persistent threat (APT) group – which Proofpoint tracks as TA473 and the Ukrainian CERT has named UAC-0114, while other private security researchers call it Winter Vivern – was first discovered by DomainTools' team and has been active since December 2020.


At the time, the criminals were targeting government agencies in Azerbaijan, Cyprus, India, Italy, Lithuania, Ukraine, and the Vatican. The DomainTools researchers dubbed the miscreants "Winter Vivern" because of the group's earlier command-and-control beacon URL string of the same name.

In more recent campaigns disclosed earlier this year, the gang focused its attention on government agencies and officials in Ukraine, Poland, Italy and India, as well as telecommunications organizations supporting Ukraine during the ongoing war. 

Those campaigns typically used phishing campaigns, with lures spoofing government agencies or disguised as or bogus antivirus software to trick targets into downloading malware-laden documents. The malware then allowed the crooks to steal credentials and establish persistence to spy on high-profile government networks.


"Winter Vivern APT falls into a category of scrappy threat actors, being quite resourceful and able to accomplish a lot with potentially limited resources while willing to be flexible and creative in their approach to problem-solving," SentinelOne senior threat researcher Tom Hegel wrote in his analysis.


The gro ..

Support the originator by clicking the read the rest link below.