Russian Hackers Spy on Military Targets, Governments: Report

In 2017 and 2018, a Russian cyber-espionage group believed to be government-backed has engaged in covert attacks targeting military and government organizations in Europe and South America, Symantec warns. 

Tracked as APT28 but also referred to as Fancy Bear, Swallowtail, Strontium, Sofacy and Sednit, the group was accused of targetingthe Democratic National Committee (DNC) during the 2016 Presidential elections in the United States. 

Unlike the 2016 attacks, however, the campaigns the group has conducted this year and the last were low-key intelligence-gathering operations, a new Symantec report reveals. 

The assaults, the security firm says, hit a well-known international organization, as well as military targets and governments in Europe, a government of a South American country, and an embassy belonging to an Eastern European country.

According to Symantec, between 2007 and 2016, Fancy Bear had conducted intelligence-gathering operations, and the targeting of DNC marked a major change in the group's activity. Also in 2016, the group targeted the World Anti-Doping Agency (WADA)and leaked confidential drug testing information.

"After receiving an unprecedented amount of attention in 2016, APT28 has continued to mount operations during 2017 and 2018. However, the group's activities since the beginning of 2017 have again become more covert and appear to be mainly motivated by intelligence gathering," Symantec notes. 

Despite the recent change in tactics, the actor remains focused on expanding its tools portfolio. Last week, ESET revealed that Fancy Bear is the first threat actor to have used a Unified Extensible Firmware Interface (UEFI) rootkitin a malicious campaign. 

The hackers updated other tools as well over the past couple of years, including XTunnel(Trojan.Shunnael), which was specifically built to compromise the DNC network. The malicious tool was completely re-written in .NET. 

Some security researchers attribute the Zebrocy malwareto Fancy Bear, but Symantec claims that another group is responsible for this threat, namely Earworm (aka Zebrocy). 

Active since at least May 2016 and focused on military targets in Europe, Central Asia, and Eastern Asia, the group is apparently involved in operations that differ from those of Fancy Bear. Despite that, Symantec did notice command and control (C&C) overlaps between the two groups, which suggests a potential connection between them. 

"It is now clear that after being implicated in the U.S. presidential election attacks in late 2016, APT28 was undeterred by the resulting publicity and continues to mount further attacks using its existing tools. This ongoing activity and the fact that APT28 continues to refine its toolset means that the group will likely continue to pose a significant threat to nation state targets," Symantec concludes. 

Related: Russian Cyberspies Use UEFI Rootkit in Attacks

Related: Sofacy Attacks Overlap With Other State-Sponsored Operations

Copyright 2010 Respective Author at Infosec Island

via Infosec Island Latest Articles https://ift.tt/2C2p5Fj
RSS Feed

If New feed item from http://www.infosecisland.com/rss.html, then send m


Unsubscribe from these notifications or sign in to manage your Email Applets.

IFTTT

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more