The NATO summit is set to take place in Vilnius, Lithuania, from July 11 to July 12, 2023.
The cybersecurity team at BlackBerry, known as the BlackBerry Threat Research and Intelligence team, has recently uncovered a new scheme in which a threat actor targets supporters of Ukraine and NATO using a remote access trojan called RomCom RAT.
Source: TrendMicro
As outlined in a blog post by BlackBerry, the team detected two malicious documents on July 4, 2023, originating from an IP address based in Hungary. These documents were titled:
- Letter_NATO_Summit_Vilnius_2023_ENG(1).docx
- Overview_of_UWCs_UkraineInNATO_campaign.docx
These documents were sent to the organization and individuals supporting Ukraine and invited to the NATO summit. The threat actor intends to deceive recipients by pretending to present papers related to lobbying for Ukraine’s potential NATO membership and its aspirations to become a member of the organization.
Source: Blackberry
According to BlackBerry researchers, “it is suspected that the threat actors aim to take advantage of this event by creating and distributing a malicious document that impersonates the Ukrainian World Congress website. The primary targets are individuals who support Ukraine.”
“The recipients of these documents are enticed to click on a link, which then redirects them to a fraudulent website. The attackers employ a technique known as typosquatting, wherein they imitate the legitimate website of the Ukrainian World Congress but with a slight alteration: instead of using the “.org” domain, they use “.info” at the end. This alteration is intended to increase the effectiveness of their spear-phishing campaign.”
What’s next?
Lithuania’s National Cyber Security Centre (NKSC) has reported two cyber incidents involving disinformation spread through a hacked music streaming service, disrupting the original playlist. The incidents, aimed at spreading false information about NATO and arms supplies to Ukraine, were swiftly detected and stopped.
Moreover, DDoS attacks targeted websites and a transportation app in Vilnius, impacting services crucial for the upcoming NATO summit. The NKSC is actively investigating the incidents, cooperating with authorities and foreign partners, and maintaining a high alert level to ensure cybersecurity during this critical period.
What must be NATO’s take: Hoping for the best
The idea of a NATO Cyber Command has raised discussions on the desired role and capabilities of NATO in cybersecurity. Experts suggest that NATO become more proactive as a collective defense bloc against cyber threats.
This involves
- openly sharing attack information,
- partnering with the private sector, and
- building resilient environments.
A more substantial role would demonstrate that cyber defense is about deterrence and potential collective defense. Additionally, experts propose more cyber diplomacy, including establishing a NATO Cyber Ambassador role to advocate for cybersecurity norms globally and negotiate cyber treaties. There is a consensus that NATO should enhance the security of critical industries through testing, training, and oversight.
Some suggested measures to improve cybersecurity posture include:
- national cybersecurity scorecards,
- stress testing,
- citizen training campaigns,
- innovation challenges, and
- International exchange programs for cybersecurity professionals.
Let’s put an end
It is emphasized that cybersecurity is vital for both national and international security, and protecting critical infrastructure from cyberattacks is equally crucial as a physical defense. Establishing a formal NATO Cyber Command could significantly contribute to the cybersecurity of NATO members.
PureVPN
July 11, 2023
2 years ago
