Seen on The Hacker News:
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country.
The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain.
“Visiting the link will download a ZIP archive containing three JPG images (decoys) and a BAT file ‘weblinks.cmd’ to the victim’s computer,” CERT-UA said, attributing it to the Russian threat actor known as APT28 (aka BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE).
Read more on The Hacker News