Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Engineering

Trojanized Advertisements: Russian Hackers' New Move

Michael Sikorski of Unit 42 on the New Frontiers in Cyberespionage
Michael Sikorski, CTO and vice president of engineering, Unit 42, Palo Alto Networks

Malicious actors often devise ingenuous ways to infiltrate networks. Michael Sikorski, CTO and vice president of engineering at Unit 42 at Palo Alto Networks, shed light on an unconventional tactic deployed by Russian hackers: the Trojanization of legitimate advertisements.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

The technique, Sikorski said, involves exploiting seemingly innocuous advertisements as vehicles for malware dissemination. Russian hackers intercepted an advertisement by a Polish diplomat who attempted to sell his BMW car amid the conflict with Ukraine. The hackers repurposed the advertisement with embedded malware. This tactic, Sikorski said, underscores Russia's strategy to establish covert hooks within foreign systems.

By compromising embassies and diplomatic missions, attackers can lay the groundwork for more sophisticated attacks, potentially influencing policy decisions. What sets this incident apart is the innovative use of a genuine document as the carrier for malware, signifying a concerning escalation in cyberespionage tactics.

"The same attack group that was responsible for SolarWinds - we tracked them as Cloaked Ursa - obtained that document and recirculated it to missions and embassies all around Ukraine," he said. "And when Russia got ahold of it, they even lowered the price and embedded malware in it and recirculated it. It shows how much access they have to networks there that they were able to get access to that."

In this video interview with Information Security Media Group at Black Hat USA 2023, Sikorski discussed:

  • AI's role in social engineering and business email compromise;
  • The future landscape of adversarial AI;
  • The use of telemetry data to help identify state activity.

Sikorski is an industry expert in reverse engineering. He has more than 20 years of experience working on high-profile incidents and leading R&D teams and previously worked at Mandiant and the NSA.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.