Austria’s foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.
The ministry said the seriousness of the attack suggested it might have been carried out by a “state actor”. The hack started on Saturday night and experts warn it could continue for several days.
A Russian group called Fancy Bear was suspected to have been involved and was blamed for a similar attack on the German parliament in 2015.
The full story can be found here: https://www.bbc.co.uk/news/
It is true that despite the precautions taken and all the controls in place, a motivated attacker can always find a way through an organisation’s defences. Although we see an increase in politically motivated attacks over the past few years, we should remain vigilant in blaming certain threat actors or nation-states. As we also see that attribution remains difficult with cyber-attacks, past attacks learn that adversaries will attempt to make their attacks look like other actors in an attempt to avoid taking the blame or to provoke conflicting parties.
There\’s little information available at the moment as to the type and nature of cyber attack against the Austrian foreign ministry. However, Fancy bear, also known as Sofacy or APT28, has been operational for over a decade and typically targets political targets through phishing emails and credential harvesting through spoofed websites.
Once successful in its phishing attack, the group usually leverages droppers to install malware and maintain access.
The best defence against such attacks is to have an aware and engaged workforce that can identify and report any suspected phishing emails or spoofed sites which ask for credentials. Organisations can also implement measures such as multi factor authentication to prevent criminals from gaining access even if they have compromised the password.