Ukraine’s Computer Emergency Response Team has issued a new security warning after discovering a cyber attack campaign by the APT28 threat group, also known as Fancy Bear. This group is believed with a high degree of confidence to be affiliated with Russian military intelligence operations. Here’s what we know so far and what to look out for if you think you might be at risk of being targeted.

APT28 Fancy Bear Cyber ​​Attack Campaign Warning from CERT-UA

Ukrainian CERT warning, no CERT-UA#11689was published on October 25 and, courtesy of Google’s on-page language translation tools, detailed an ongoing investigation into a phishing campaign using emails containing a database table and a link that provides what appears to be a Google reCAPTCHA bot detection dialog.

ForbesNew Gmail security warning as hackers strike in 10 secondsOf Davey Winder

The frequency of these anti-bot CAPTCHA tools has decreased considerably for most users, largely due to the large number of browser extensions that help defeat them and others like iOS that use Apple’s server-based automated verification system to bypass the need to defeat them. fill them in yourself. However, it’s still not a completely unexpected event when one pops up, and something that the Fancy Bear threat group relies on, it’s certainly not something that would arouse suspicion in the user. In any case, it’s the opposite: using such an anti-bot defense tends to suggest a reliable result rather than a dangerous one.

In the case of this cyberattack campaign, CERT-UA said that checking the checkbox that asks for confirmation in response to the question “I’m not a robot” will initiate a malicious PowerShell command statement in the user’s clipboard.

Mitigating the risk of falling victim to CAPTCHA cyber attack

OK, so the most important thing to point out here is that the cyber attack campaign in question appears to be heavily targeting local government workers in Ukraine. That immediately eliminates a lot of the concerns that everyone else might have. However, importantly, that doesn’t mean the same techniques won’t be used by other threat actors now that the methodology is out there and apparently fooling some victims. Therefore, you need to be aware of the threat and how to mitigate it.

ForbesNSA tells iPhone and Android users: Restart your device nowOf Davey Winder

Which brings me to the second important point here: the cyberattack is initiated by clicking on a link (don’t do that), which causes the I’m not a robot dialog to appear in the first place. If you get to this stage of such an attack, then more interaction is required to execute the campaign’s payload: the PowerShell command triggers a script that instructs the user to take a series of additional steps.

These include: pressing a Win+R combination to open the command prompt, pressing a Win+V combination to paste the instructions to execute the malware payload, and finally having to press enter to actually execute it and to install the malware itself. There are a lot of steps, which require a lot of trust from the user. Don’t be so trustworthy. Period. Ask yourself, when have I ever been asked to do something like this before? I’d bet my house that the answer to that, for 99.9% of people is, uh, never. So why start now? With cyber attack campaigns, especially those involving AI-powered phishing techniquesit’s easy to forget that most still rely on old-fashioned trickery. Stay alert, don’t let work pressures or sudden reactions make you take unnecessary risks, and you can keep even state-sponsored hackers at bay.

ForbesGoogle adds nudity filter, scam blocker and more for 1 billion messaging usersOf Davey Winder