HQ/EMEAFind out how we can help your business
The Russian Federal Security Service (FSB)’s specially-created structural unit called the Trident Ursa APT had recently attempted to compromise a petroleum refining firm within a NATO member state, although it failed to do so.
Also known as Gamaredon, Primitive Bear, and Shuckworm, the Trident Ursa APT is tasked by the FSB to act as an intelligent group and perform subversive cyber activities against Ukraine. Most of the APT group’s attacks use HTML, and Word docs attached to phishing lures to target Ukrainian entities.
Additionally, researchers have observed the group mostly using the English language in its phishing campaigns to supposedly boost its intelligence collection and network intrusion against Ukraine and all NATO allies.
The failed attack attempt of Trident Ursa APT was discovered during a review of the group’s indicators of compromise (IoCs).
Researchers found the Russian APT’s attack attempt against a large petroleum refining company operating within a NATO member nation last August 30. However, this attack attempt failed. The researchers also did not disclose which company was involved in this failed attack incident.
In October, the prime minister of Norway announced a real and serious threat to their country’s oil and gas sector after reports of the Nord Stream I and II pipeline were suspected of being sabotaged. Russian gas imports have also been sanctioned, leaving Norway as Europe’s largest gas supplier.
Analysts also explained that most recent cyberattacks in Europe’s oil and gas sector seem financially motivated. Ransomware gangs were also blamed for the attacks, alongside their known partnership with the Russian FSB or other government agencies that support APT groups for intelligence gathering.
In a particular case, Maksim Yakubets, a Russian cybercriminal computer expert, had previously been charged for collecting classified information and relaying it to Russian government groups.
Researchers conclude that the Trident Ursa APT remains an agile and adaptive cybercriminal group, boasting its use of uncomplicated attack techniques. The gang had mostly utilised and relied on publicly available tools, scripts, phishing attempts, and immense obfuscation methods to execute their campaigns successfully.
While its failed attack attempt on the NATO-based petroleum refining firm is good news for all affected entities, experts still warn organisations and companies to be prepared against potential future attacks from the group.
