According to the NKTsKI, a CERT-like arm of the FSB, an entity believed to have acted in the interest of a foreign state, attacked Rostelecom-Solar, the cybersecurity division of the telecom company Rostelecom. According to the report, the unnamed actors were able to collect confidential information from mail servers, document management servers, and various workstations. Once the attackers landed on the systems, the deployment of two attack tools called Mail-O and Webdav-O wer deployed. It could bypass Kaspersky AV and masquerade communications as Mail.ru’s Disk-O and Yandex’s Yandex.Disk applications. While this is no attribution as to who the attackers worked for or are from, this attack will likely garner attention as time goes on.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased