France Says Russian State Hackers Breached Numerous Critical Networks

The Russian APT28 hacking group, also known as 'Strontium' or 'Fancy Bear,' has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. They have been exploiting vulnerabilities in WinRAR and Microsoft Outlook to compromise networks. The group uses brute-forcing and leaked credentials to breach accounts and routers, and they employ phishing campaigns to gather system information. They also use a range of VPN clients and legitimate cloud services for their command and control infrastructure. The hackers focus on data access and exfiltration, stealing sensitive emails and utilizing various tools for data collection. The French National Agency for the Security of Information Systems (ANSSI) recommends a comprehensive security approach with a focus on email security to defend against APT28 attacks.