New APT28-linked cyberespionage campaign hits Ukraine institutions

Hacking operation UAC-0063, which has been linked to Russian state-sponsored threat group APT28, was reported by Ukraine's Computer Emergency Response Team to be targeting the country's scientific and research organizations with attacks deploying the Cherryspy and Hatvibe payloads as part of a cyberespionage campaign that commenced earlier this month, according to The Record, a news site by cybersecurity firm Recorded Future.

Intrusions by UAC-0063 involved the initial compromise of an employee's email account to facilitate the delivery of the malware strains, with Cherryspy enabling Python code execution and Hatvibe allowing further compromise, said CERT-UA, which also noted the group's potential compromise of Armenia's defense ministry. Such a development comes a month after CERT-UA's discovery of widespread Hatvibe injections by exploiting an HTTP File Server vulnerability. Meanwhile, APT28, also known as BlueDelta and Fancy Bear, was previously reported to have launched a massive cyberespionage attack campaign against Poland's government agencies.