"Russian Hackers Spotted Targeting US Military Weapons and Hardware Supplier"

A Russia-connected state-sponsored hacking group has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate US-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to TAG-53, a threat activity group also known as Blue Callisto, Callisto, COLDRIVER, SEABORGIUM, and TA446 in the cybersecurity community. Based on previous public reporting on overlapping TAG-53 campaigns, it is likely that this credential harvesting activity is enabled in part by phishing, according to a report by Recorded Future's Insikt Group. The cybersecurity firm discovered 38 domains, nine of which had references to UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability (CIJA), and the Russian Ministry of Internal Affairs. The themed domains are suspected to be an attempt by the adversary to masquerade as legitimate parties in social engineering campaigns. Furthermore, the threat actor has been linked to a spear-phishing operation targeting Ukraine's Ministry of Defense that coincided with the start of Russia's military invasion of the country earlier in March. This article continues to discuss Russian hackers targeting a US-based military weapons and hardware supplier.

THN reports "Russian Hackers Spotted Targeting US Military Weapons and Hardware Supplier"